Kontrola PC

Zpráva

Bragni · #1 Příspěvek od **Bragni** » 09 kvě 2013 18:16

Ahoj, rád bych si nechal zkontrolovat PC.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ondra at 2013-05-09 19:14:45
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 52 GB (17%) free of 305 GB
Total RAM: 3071 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:14:56, on 9.5.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Ondra\Desktop\pok\League of Legends\RADS\system\rads_user_kernel.exe
C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.149\deploy\LoLLauncher.exe
C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\LolClient.exe
C:\Program Files\Mumble\mumble.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ondra\Desktop\RSIT.exe
C:\Program Files\trend micro\Ondra.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=114026 ... ffa57c7298
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {62d40876-df18-411f-9d34-a9dd7a197bc5} - (no file)
R3 - URLSearchHook: (no name) - {027722dd-0f35-4d28-bfec-d3a657e925b3} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Automatické vypnutí počítače.lnk = ?
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files\LOLReplay\LOLRecorder.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AbSoftMgr4 - AB Studio - C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 8045 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?affID=114026 ... ffa57c7298"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=114026 ... 57c7298&q="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\IB Updater\Firefox

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.169 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@graphisoft.com/GDL Web Plug-in]
"Description"=
"Path"=C:\Program Files\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@raidcall.en/RCplugin]
"Description"=Raidcall plugin
"Path"=C:\Users\Ondra\AppData\Roaming\raidcall\plugins\nprcplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\extensions\
battlefieldheroespatcher@ea.com
battlefieldplay4free@ea.com
info@djzig.com

C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\searchplugins\
askcom.xml
conduit.xml
MyStart Search.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-04 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-04 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-31 4297136]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-14 2255360]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-10-25 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2012-11-21 3093624]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
LOLRecorder.lnk - C:\Program Files\LOLReplay\LOLRecorder.exe

C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Automatické vypnutí počítače.lnk - C:\Program Files\Automatické vypnutí počítače\avp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"VIDC.IV41"=ir41_32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-05-05 11:02:36 ----A---- C:\Windows\Keygen.exe
2013-04-24 11:06:56 ----A---- C:\Windows\system32\drivers\ntfs.sys
2013-04-20 15:57:08 ----D---- C:\Program Files\Team Composition Generator
2013-04-19 13:59:01 ----D---- C:\Program Files\Common Files\Java
2013-04-19 13:58:52 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-04-19 13:58:52 ----A---- C:\Windows\system32\javaw.exe
2013-04-19 13:58:52 ----A---- C:\Windows\system32\java.exe
2013-04-17 18:11:15 ----D---- C:\ProgramData\TERA
2013-04-17 18:11:05 ----D---- C:\Program Files\TERA
2013-04-11 15:35:24 ----A---- C:\Windows\system32\vbscript.dll
2013-04-11 15:35:24 ----A---- C:\Windows\system32\mshtmled.dll
2013-04-11 15:35:23 ----A---- C:\Windows\system32\jsproxy.dll
2013-04-11 15:35:22 ----A---- C:\Windows\system32\ieUnatt.exe
2013-04-11 15:35:22 ----A---- C:\Windows\system32\ieui.dll
2013-04-11 15:35:21 ----A---- C:\Windows\system32\msfeeds.dll
2013-04-11 15:35:20 ----A---- C:\Windows\system32\wininet.dll
2013-04-11 15:35:20 ----A---- C:\Windows\system32\jscript.dll
2013-04-11 15:35:19 ----A---- C:\Windows\system32\url.dll
2013-04-11 15:35:19 ----A---- C:\Windows\system32\jscript9.dll
2013-04-11 15:35:17 ----A---- C:\Windows\system32\iertutil.dll
2013-04-11 15:35:16 ----A---- C:\Windows\system32\urlmon.dll
2013-04-11 15:35:14 ----A---- C:\Windows\system32\mshtml.dll
2013-04-11 15:35:13 ----A---- C:\Windows\system32\ieframe.dll
2013-04-10 13:59:24 ----A---- C:\Windows\system32\win32k.sys
2013-04-10 13:59:22 ----A---- C:\Windows\system32\drivers\fvevol.sys
2013-04-10 13:59:16 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-04-10 13:59:16 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-04-10 13:59:14 ----A---- C:\Windows\system32\smss.exe
2013-04-10 13:59:13 ----A---- C:\Windows\system32\csrsrv.dll
2013-04-10 13:59:04 ----A---- C:\Windows\system32\mstscax.dll
2013-04-10 13:59:02 ----A---- C:\Windows\system32\tsgqec.dll
2013-04-10 13:59:02 ----A---- C:\Windows\system32\aaclient.dll

======List of files/folders modified in the last 1 month======

2013-05-09 19:14:49 ----D---- C:\Windows\Temp
2013-05-09 19:14:49 ----D---- C:\Program Files\trend micro
2013-05-09 19:04:41 ----D---- C:\Users\Ondra\AppData\Roaming\Mumble
2013-05-09 19:03:07 ----D---- C:\ProgramData\PMB Files
2013-05-09 15:35:40 ----D---- C:\Windows\system32\config
2013-05-09 15:26:23 ----D---- C:\Windows\System32
2013-05-09 15:26:23 ----D---- C:\Windows\inf
2013-05-09 15:26:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-09 15:22:55 ----D---- C:\Windows
2013-05-08 23:53:07 ----D---- C:\Users\Ondra\AppData\Roaming\TS3Client
2013-05-07 18:55:36 ----D---- C:\Users\Ondra\AppData\Roaming\uTorrent
2013-05-07 13:59:43 ----SHD---- C:\System Volume Information
2013-05-06 16:24:46 ----D---- C:\ProgramData\Adobe
2013-05-06 16:24:27 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-05-04 00:26:02 ----SHD---- C:\Windows\Installer
2013-05-04 00:21:38 ----RD---- C:\Program Files
2013-05-03 23:09:49 ----D---- C:\Windows\Prefetch
2013-05-02 15:33:13 ----D---- C:\Users\Ondra\AppData\Roaming\Skype
2013-05-02 02:06:08 ----N---- C:\Windows\system32\MpSigStub.exe
2013-04-29 20:54:06 ----D---- C:\Users\Ondra\AppData\Roaming\Abvent_Artlantis4
2013-04-28 11:35:54 ----D---- C:\ProgramData\Abvent
2013-04-27 16:33:10 ----D---- C:\Users\Ondra\AppData\Roaming\.minecraft
2013-04-26 18:29:29 ----D---- C:\Program Files\Steam
2013-04-26 18:29:21 ----D---- C:\Windows\debug
2013-04-25 03:18:26 ----D---- C:\Windows\winsxs
2013-04-25 03:16:21 ----D---- C:\Windows\system32\drivers
2013-04-24 11:05:57 ----D---- C:\Windows\system32\catroot2
2013-04-24 11:05:57 ----D---- C:\Windows\system32\catroot
2013-04-19 20:42:14 ----D---- C:\Program Files\RaidCall
2013-04-19 13:59:01 ----D---- C:\Program Files\Common Files
2013-04-19 13:58:52 ----D---- C:\Program Files\Java
2013-04-18 17:29:49 ----D---- C:\Program Files\Common Files\BioWare
2013-04-17 18:11:15 ----HD---- C:\ProgramData
2013-04-15 23:27:42 ----D---- C:\Users\Ondra\AppData\Roaming\Tunngle
2013-04-15 23:23:45 ----D---- C:\ProgramData\Tunngle
2013-04-12 00:51:16 ----D---- C:\Windows\system32\migration
2013-04-12 00:51:15 ----D---- C:\Program Files\Internet Explorer
2013-04-11 15:37:05 ----D---- C:\ProgramData\Microsoft Help
2013-04-11 15:30:17 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-12-29 466008]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-10-31 20624]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-10-15 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-31 738504]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-31 361032]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-31 54232]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-31 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-31 58680]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2012-11-30 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2012-11-30 25888]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2012-06-08 47640]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-10-18 3546664]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2012-06-08 10144]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\drivers\atikmdag.sys [2011-04-20 7772160]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-12-08 17480]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;Sony sa0102 ADB Interface; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-20 176128]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-31 44808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 1436160]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-11-21 75136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-04 135664]
S3 AbSoftMgr4;AbSoftMgr4; C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe [2010-05-18 630784]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-06 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-03-02 1045256]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-04 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2012-08-28 4204272]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2013-02-25 543144]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2012-11-26 745368]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-28 1343400]
S4 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 09 kvě 2013 21:55

Zdravim

Tohle C:\Windows\Keygen.exe je co prosim?

Bragni · #3 Příspěvek od **Bragni** » 09 kvě 2013 22:37

Netuším, smazáno.

#4 Příspěvek od **vyosek** » 10 kvě 2013 08:52

Netusite, proc to mazete kdyz nevite co to je? nebo vite a jen nechcete rici?

Bragni · #5 Příspěvek od **Bragni** » 10 kvě 2013 13:24

Tak podle názvu to byl keygen k nějaké hře, ale jak se tam dostal to netuším.

#6 Příspěvek od **vyosek** » 10 kvě 2013 13:45

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Bragni · #7 Příspěvek od **Bragni** » 10 kvě 2013 15:45

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.05.10.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ondra :: ONDRA-PC [administrátor]

10.5.2013 15:03:24
MBAM-log-2013-05-10 (16-45-26).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 418200
Uplynulý čas: 1 hodin, 41 minut, 42 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\$Recycle.Bin\S-1-5-21-2172719309-4291719321-445318152-1001\$RM7JMS8.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\Windows\Keygen.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.

(konec)

#8 Příspěvek od **vyosek** » 10 kvě 2013 20:59

Nalezy smazte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Bragni · #9 Příspěvek od **Bragni** » 10 kvě 2013 23:25

# AdwCleaner v2.300 - Logfile created 05/11/2013 at 00:23:48
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Ondra - ONDRA-PC
# Boot Mode : Normal
# Running from : C:\Users\Ondra\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\searchplugins\Askcom.xml
File Found : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\searchplugins\Conduit.xml
File Found : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\searchplugins\MyStart Search.xml
File Found : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\searchplugins\SweetIm.xml
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Ondra\AppData\Local\Conduit
Folder Found : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol
Folder Found : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfciicgihhbagcdjhgohimbklokcojf
Folder Found : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Found : C:\Users\Ondra\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Ondra\AppData\LocalLow\Conduit
Folder Found : C:\Users\Ondra\AppData\Roaming\Babylon
Folder Found : C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\Smartbar

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol
Key Found : HKCU\Software\Google\Chrome\Extensions\fcfciicgihhbagcdjhgohimbklokcojf
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3205709
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3246942
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fcfciicgihhbagcdjhgohimbklokcojf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\Software\Tarma Installer
Key Found : HKU\S-1-5-21-2172719309-4291719321-445318152-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2172719309-4291719321-445318152-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-2172719309-4291719321-445318152-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=HP_ss&mntrId=9c55a5bc00000000000000ffa57c7298

-\\ Mozilla Firefox v15.0.1 (cs)

File : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\prefs.js

Found : user_pref("CT3205709.1000082.isPlayDisplay", "true");
Found : user_pref("CT3205709.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3205709.129288498392725298.isToggled_item0_12", "true");
Found : user_pref("CT3205709.CT3205709ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%2238950%22%2C%22title%22%3A%[...]
Found : user_pref("CT3205709.CT3205709current_term", "");
Found : user_pref("CT3205709.CT3205709sdate", "23");
Found : user_pref("CT3205709.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3205709.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3205709.Facebook_Mode", "2");
Found : user_pref("CT3205709.Facebook_User_Locale", "en");
Found : user_pref("CT3205709.FirstTime", "true");
Found : user_pref("CT3205709.FirstTimeFF3", "true");
Found : user_pref("CT3205709.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
Found : user_pref("CT3205709.UserID", "UN16835879509412971");
Found : user_pref("CT3205709.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3205709.autoDisableScopes", -1);
Found : user_pref("CT3205709.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3205709.cbcountry_001", "CZ");
Found : user_pref("CT3205709.cbfirsttime", "Sun Sep 23 2012 15:31:13 GMT+0200 (Central Europe Daylight Time)[...]
Found : user_pref("CT3205709.defaultSearch", "true");
Found : user_pref("CT3205709.embeddedsData", "[{\"appId\":\"129780988072000786\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3205709.enableAlerts", "always");
Found : user_pref("CT3205709.enableSearchFromAddressBar", "true");
Found : user_pref("CT3205709.firstTimeDialogOpened", "true");
Found : user_pref("CT3205709.fixPageNotFoundError", "false");
Found : user_pref("CT3205709.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3205709.fixUrls", true);
Found : user_pref("CT3205709.hxxp___cdn_printitgreen_com.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll[...]
Found : user_pref("CT3205709.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscro[...]
Found : user_pref("CT3205709.installId", "nontest");
Found : user_pref("CT3205709.installType", "ConduitNSISIntegration");
Found : user_pref("CT3205709.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3205709.isNewTabEnabled", false);
Found : user_pref("CT3205709.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3205709.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3205709.keyword", true);
Found : user_pref("CT3205709.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Found : user_pref("CT3205709.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3205709.openThankYouPage", "false");
Found : user_pref("CT3205709.openUninstallPage", "true");
Found : user_pref("CT3205709.search.searchAppId", "129780988072000786");
Found : user_pref("CT3205709.search.searchCount", "0");
Found : user_pref("CT3205709.searchInNewTabEnabled", "false");
Found : user_pref("CT3205709.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3205709.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Found : user_pref("CT3205709.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3205709.sendUsageEnabled", "false");
Found : user_pref("CT3205709.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3205709.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3205709.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3205709.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348407067304");
Found : user_pref("CT3205709.serviceLayer_services_appsMetadata_lastUpdate", "1348407067011");
Found : user_pref("CT3205709.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348407067967");
Found : user_pref("CT3205709.serviceLayer_services_login_10.10.27.500_lastUpdate", "1348422013583");
Found : user_pref("CT3205709.serviceLayer_services_optimizer_lastUpdate", "1348407068764");
Found : user_pref("CT3205709.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348407068132");
Found : user_pref("CT3205709.serviceLayer_services_searchAPI_lastUpdate", "1348407063020");
Found : user_pref("CT3205709.serviceLayer_services_serviceMap_lastUpdate", "1348407062009");
Found : user_pref("CT3205709.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348407068070");
Found : user_pref("CT3205709.serviceLayer_services_toolbarSettings_lastUpdate", "1348424756414");
Found : user_pref("CT3205709.serviceLayer_services_translation_lastUpdate", "1348407067351");
Found : user_pref("CT3205709.settingsINI", true);
Found : user_pref("CT3205709.shouldFirstTimeDialog", "false");
Found : user_pref("CT3205709.smartbar.CTID", "CT3205709");
Found : user_pref("CT3205709.smartbar.Uninstall", "0");
Found : user_pref("CT3205709.smartbar.homepage", true);
Found : user_pref("CT3205709.smartbar.toolbarName", "BrotherSoft Extreme3 ");
Found : user_pref("CT3205709.toolbarBornServerTime", "23-9-2012");
Found : user_pref("CT3205709.toolbarCurrentServerTime", "23-9-2012");
Found : user_pref("CT3246942.1000082.isPlayDisplay", "true");
Found : user_pref("CT3246942.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3246942.CT3246942ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%2236681%22%2C%22title%22%3A%[...]
Found : user_pref("CT3246942.CT3246942current_term", "");
Found : user_pref("CT3246942.CT3246942sdate", "23");
Found : user_pref("CT3246942.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3246942.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3246942.FirstTime", "true");
Found : user_pref("CT3246942.FirstTimeFF3", "true");
Found : user_pref("CT3246942.SF_JUST_INSTALLED", "FALSE");
Found : user_pref("CT3246942.SF_STATUS", "ENABLED");
Found : user_pref("CT3246942.SF_USER_ID", "cid_2392012154771125553");
Found : user_pref("CT3246942.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Found : user_pref("CT3246942.UserID", "UN02604306179944449");
Found : user_pref("CT3246942.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3246942.autoDisableScopes", -1);
Found : user_pref("CT3246942.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3246942.cbfirsttime", "Sun Sep 23 2012 15:47:07 GMT+0200 (Central Europe Daylight Time)[...]
Found : user_pref("CT3246942.defaultSearch", "true");
Found : user_pref("CT3246942.embeddedsData", "[{\"appId\":\"129906360815260842\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3246942.enableAlerts", "always");
Found : user_pref("CT3246942.enableSearchFromAddressBar", "true");
Found : user_pref("CT3246942.firstTimeDialogOpened", "true");
Found : user_pref("CT3246942.fixPageNotFoundError", "true");
Found : user_pref("CT3246942.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3246942.fixUrls", true);
Found : user_pref("CT3246942.installId", "conduitinstaller.exe");
Found : user_pref("CT3246942.installType", "ConduitNSISIntegration");
Found : user_pref("CT3246942.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3246942.isNewTabEnabled", true);
Found : user_pref("CT3246942.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3246942.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3246942.keyword", true);
Found : user_pref("CT3246942.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Found : user_pref("CT3246942.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3246942.openThankYouPage", "false");
Found : user_pref("CT3246942.openUninstallPage", "true");
Found : user_pref("CT3246942.search.searchAppId", "129906360815260842");
Found : user_pref("CT3246942.search.searchCount", "0");
Found : user_pref("CT3246942.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3246942.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3246942.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3246942.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3246942.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3246942.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3246942.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3246942.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3246942.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3246942.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3246942.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348408023636");
Found : user_pref("CT3246942.serviceLayer_services_appsMetadata_lastUpdate", "1348408023729");
Found : user_pref("CT3246942.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348408025011");
Found : user_pref("CT3246942.serviceLayer_services_login_10.10.27.500_lastUpdate", "1348422426658");
Found : user_pref("CT3246942.serviceLayer_services_optimizer_lastUpdate", "1348408023840");
Found : user_pref("CT3246942.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348408025103");
Found : user_pref("CT3246942.serviceLayer_services_searchAPI_lastUpdate", "1348408020744");
Found : user_pref("CT3246942.serviceLayer_services_serviceMap_lastUpdate", "1348408018495");
Found : user_pref("CT3246942.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348408024682");
Found : user_pref("CT3246942.serviceLayer_services_toolbarSettings_lastUpdate", "1348424756614");
Found : user_pref("CT3246942.serviceLayer_services_translation_lastUpdate", "1348408023738");
Found : user_pref("CT3246942.settingsINI", true);
Found : user_pref("CT3246942.shouldFirstTimeDialog", "false");
Found : user_pref("CT3246942.smartbar.CTID", "CT3246942");
Found : user_pref("CT3246942.smartbar.Uninstall", "0");
Found : user_pref("CT3246942.smartbar.homepage", true);
Found : user_pref("CT3246942.smartbar.toolbarName", "BrotherSoft Extreme ESP1.2 ");
Found : user_pref("CT3246942.toolbarBornServerTime", "23-9-2012");
Found : user_pref("CT3246942.toolbarCurrentServerTime", "23-9-2012");
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3246942&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "BrotherSoft Extreme ESP1.2 Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3246942[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3246942");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=NT_ss&mntr[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=HP_s[...]
Found : user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('mystart.incredibar.com,premiumr[...]
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=114026&tt=4712_[...]
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10658");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "9c55a5bc00000000000000ffa57c7298");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15659");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8LlWZLqw&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6R8LlWZLqw");
Found : user_pref("extensions.incredibar_i.upn2n", "92825407512040192");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:19:24");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=KW_ss&mntrId=9c55[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.23] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Found [l.26] : keyword = "babylon.com",
Found [l.30] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=114026&tt=4712_4&babsrc=SP_ss&mntrId=9c55a5bc00000000000000ffa57c7298",
Found [l.705] : homepage = "hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=HP_ss&mntrId=9c55a5bc00000000000000ffa57c7298",
Found [l.867] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=HP_ss&mntrId=9c55a5bc00000000000000ffa57c7298" ]

-\\ Opera v12.15.1748.0

File : C:\Users\Ondra\AppData\Roaming\Opera\Opera\operaprefs.ini

Found : Home URL=hxxp://mystart.incredibar.com/mb128?a=6R8LlWZLqw&i=26

*************************

AdwCleaner[R1].txt - [21888 octets] - [11/05/2013 00:23:48]

########## EOF - C:\AdwCleaner[R1].txt - [21949 octets] ##########

#10 Příspěvek od **vyosek** » 10 kvě 2013 23:31

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Bragni · #11 Příspěvek od **Bragni** » 11 kvě 2013 09:13

# AdwCleaner v2.300 - Logfile created 05/11/2013 at 10:09:48
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Ondra - ONDRA-PC
# Boot Mode : Normal
# Running from : C:\Users\Ondra\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Ondra\AppData\Local\Conduit
Folder Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol
Folder Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfciicgihhbagcdjhgohimbklokcojf
Folder Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Ondra\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Ondra\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfciicgihhbagcdjhgohimbklokcojf
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3205709
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3246942
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fcfciicgihhbagcdjhgohimbklokcojf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=HP_ss&mntrId=9c55a5bc00000000000000ffa57c7298 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (cs)

File : C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\prefs.js

C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\user.js ... Deleted !

Deleted : user_pref("CT3205709.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3205709.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3205709.129288498392725298.isToggled_item0_12", "true");
Deleted : user_pref("CT3205709.CT3205709ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%2238950%22%2C%22title%22%3A%[...]
Deleted : user_pref("CT3205709.CT3205709current_term", "");
Deleted : user_pref("CT3205709.CT3205709sdate", "23");
Deleted : user_pref("CT3205709.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3205709.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3205709.Facebook_Mode", "2");
Deleted : user_pref("CT3205709.Facebook_User_Locale", "en");
Deleted : user_pref("CT3205709.FirstTime", "true");
Deleted : user_pref("CT3205709.FirstTimeFF3", "true");
Deleted : user_pref("CT3205709.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
Deleted : user_pref("CT3205709.UserID", "UN16835879509412971");
Deleted : user_pref("CT3205709.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3205709.autoDisableScopes", -1);
Deleted : user_pref("CT3205709.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3205709.cbcountry_001", "CZ");
Deleted : user_pref("CT3205709.cbfirsttime", "Sun Sep 23 2012 15:31:13 GMT+0200 (Central Europe Daylight Time)[...]
Deleted : user_pref("CT3205709.defaultSearch", "true");
Deleted : user_pref("CT3205709.embeddedsData", "[{\"appId\":\"129780988072000786\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3205709.enableAlerts", "always");
Deleted : user_pref("CT3205709.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3205709.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3205709.fixPageNotFoundError", "false");
Deleted : user_pref("CT3205709.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3205709.fixUrls", true);
Deleted : user_pref("CT3205709.hxxp___cdn_printitgreen_com.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll[...]
Deleted : user_pref("CT3205709.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscro[...]
Deleted : user_pref("CT3205709.installId", "nontest");
Deleted : user_pref("CT3205709.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3205709.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3205709.isNewTabEnabled", false);
Deleted : user_pref("CT3205709.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3205709.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3205709.keyword", true);
Deleted : user_pref("CT3205709.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3205709.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3205709.openThankYouPage", "false");
Deleted : user_pref("CT3205709.openUninstallPage", "true");
Deleted : user_pref("CT3205709.search.searchAppId", "129780988072000786");
Deleted : user_pref("CT3205709.search.searchCount", "0");
Deleted : user_pref("CT3205709.searchInNewTabEnabled", "false");
Deleted : user_pref("CT3205709.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3205709.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Deleted : user_pref("CT3205709.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3205709.sendUsageEnabled", "false");
Deleted : user_pref("CT3205709.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3205709.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3205709.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3205709.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3205709.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348407067304");
Deleted : user_pref("CT3205709.serviceLayer_services_appsMetadata_lastUpdate", "1348407067011");
Deleted : user_pref("CT3205709.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348407067967");
Deleted : user_pref("CT3205709.serviceLayer_services_login_10.10.27.500_lastUpdate", "1348422013583");
Deleted : user_pref("CT3205709.serviceLayer_services_optimizer_lastUpdate", "1348407068764");
Deleted : user_pref("CT3205709.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348407068132");
Deleted : user_pref("CT3205709.serviceLayer_services_searchAPI_lastUpdate", "1348407063020");
Deleted : user_pref("CT3205709.serviceLayer_services_serviceMap_lastUpdate", "1348407062009");
Deleted : user_pref("CT3205709.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348407068070");
Deleted : user_pref("CT3205709.serviceLayer_services_toolbarSettings_lastUpdate", "1348424756414");
Deleted : user_pref("CT3205709.serviceLayer_services_translation_lastUpdate", "1348407067351");
Deleted : user_pref("CT3205709.settingsINI", true);
Deleted : user_pref("CT3205709.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3205709.smartbar.CTID", "CT3205709");
Deleted : user_pref("CT3205709.smartbar.Uninstall", "0");
Deleted : user_pref("CT3205709.smartbar.homepage", true);
Deleted : user_pref("CT3205709.smartbar.toolbarName", "BrotherSoft Extreme3 ");
Deleted : user_pref("CT3205709.toolbarBornServerTime", "23-9-2012");
Deleted : user_pref("CT3205709.toolbarCurrentServerTime", "23-9-2012");
Deleted : user_pref("CT3246942.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3246942.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3246942.CT3246942ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%2236681%22%2C%22title%22%3A%[...]
Deleted : user_pref("CT3246942.CT3246942current_term", "");
Deleted : user_pref("CT3246942.CT3246942sdate", "23");
Deleted : user_pref("CT3246942.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3246942.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3246942.FirstTime", "true");
Deleted : user_pref("CT3246942.FirstTimeFF3", "true");
Deleted : user_pref("CT3246942.SF_JUST_INSTALLED", "FALSE");
Deleted : user_pref("CT3246942.SF_STATUS", "ENABLED");
Deleted : user_pref("CT3246942.SF_USER_ID", "cid_2392012154771125553");
Deleted : user_pref("CT3246942.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Deleted : user_pref("CT3246942.UserID", "UN02604306179944449");
Deleted : user_pref("CT3246942.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3246942.autoDisableScopes", -1);
Deleted : user_pref("CT3246942.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3246942.cbfirsttime", "Sun Sep 23 2012 15:47:07 GMT+0200 (Central Europe Daylight Time)[...]
Deleted : user_pref("CT3246942.defaultSearch", "true");
Deleted : user_pref("CT3246942.embeddedsData", "[{\"appId\":\"129906360815260842\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3246942.enableAlerts", "always");
Deleted : user_pref("CT3246942.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3246942.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3246942.fixPageNotFoundError", "true");
Deleted : user_pref("CT3246942.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3246942.fixUrls", true);
Deleted : user_pref("CT3246942.installId", "conduitinstaller.exe");
Deleted : user_pref("CT3246942.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3246942.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3246942.isNewTabEnabled", true);
Deleted : user_pref("CT3246942.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3246942.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3246942.keyword", true);
Deleted : user_pref("CT3246942.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3246942.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3246942.openThankYouPage", "false");
Deleted : user_pref("CT3246942.openUninstallPage", "true");
Deleted : user_pref("CT3246942.search.searchAppId", "129906360815260842");
Deleted : user_pref("CT3246942.search.searchCount", "0");
Deleted : user_pref("CT3246942.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3246942.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3246942.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3246942.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3246942.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3246942.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3246942.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3246942.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3246942.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3246942.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3246942.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348408023636");
Deleted : user_pref("CT3246942.serviceLayer_services_appsMetadata_lastUpdate", "1348408023729");
Deleted : user_pref("CT3246942.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348408025011");
Deleted : user_pref("CT3246942.serviceLayer_services_login_10.10.27.500_lastUpdate", "1348422426658");
Deleted : user_pref("CT3246942.serviceLayer_services_optimizer_lastUpdate", "1348408023840");
Deleted : user_pref("CT3246942.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348408025103");
Deleted : user_pref("CT3246942.serviceLayer_services_searchAPI_lastUpdate", "1348408020744");
Deleted : user_pref("CT3246942.serviceLayer_services_serviceMap_lastUpdate", "1348408018495");
Deleted : user_pref("CT3246942.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348408024682");
Deleted : user_pref("CT3246942.serviceLayer_services_toolbarSettings_lastUpdate", "1348424756614");
Deleted : user_pref("CT3246942.serviceLayer_services_translation_lastUpdate", "1348408023738");
Deleted : user_pref("CT3246942.settingsINI", true);
Deleted : user_pref("CT3246942.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3246942.smartbar.CTID", "CT3246942");
Deleted : user_pref("CT3246942.smartbar.Uninstall", "0");
Deleted : user_pref("CT3246942.smartbar.homepage", true);
Deleted : user_pref("CT3246942.smartbar.toolbarName", "BrotherSoft Extreme ESP1.2 ");
Deleted : user_pref("CT3246942.toolbarBornServerTime", "23-9-2012");
Deleted : user_pref("CT3246942.toolbarCurrentServerTime", "23-9-2012");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3246942&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "BrotherSoft Extreme ESP1.2 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3246942[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3246942");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=NT_ss&mntr[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=HP_s[...]
Deleted : user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('mystart.incredibar.com,premiumr[...]
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=114026&tt=4712_[...]
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10658");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "9c55a5bc00000000000000ffa57c7298");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15659");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8LlWZLqw&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8LlWZLqw");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92825407512040192");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:19:24");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=KW_ss&mntrId=9c55[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.23] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.26] : keyword = "babylon.com",
Deleted [l.30] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=114026&tt=4712_4&babsrc=SP_ss&[...]
Deleted [l.705] : homepage = "hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=HP_ss&mntrId=9c55a5bc000000[...]
Deleted [l.867] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=114026&tt=4712_4&babsrc=HP_s[...]

-\\ Opera v12.15.1748.0

File : C:\Users\Ondra\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : Home URL=hxxp://mystart.incredibar.com/mb128?a=6R8LlWZLqw&i=26

*************************

AdwCleaner[R1].txt - [22019 octets] - [11/05/2013 00:23:48]
AdwCleaner[S1].txt - [21957 octets] - [11/05/2013 10:09:48]

########## EOF - C:\AdwCleaner[S1].txt - [22018 octets] ##########

#12 Příspěvek od **vyosek** » 11 kvě 2013 12:00

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Bragni · #13 Příspěvek od **Bragni** » 11 kvě 2013 13:48

OTL logfile created on: 5/11/2013 1:58:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ondra\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

3.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.29% Memory free
6.00 Gb Paging File | 4.42 Gb Available in Paging File | 73.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 115.45 Gb Free Space | 38.73% Space Free | Partition Type: NTFS

Computer Name: ONDRA-PC | User Name: Ondra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013/05/11 13:57:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ondra\Desktop\OTL.exe
PRC - [2013/04/06 19:27:57 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/29 11:46:02 | 001,300,376 | ---- | M] () -- C:\Users\Ondra\Desktop\pok\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2012/05/29 11:45:42 | 002,693,008 | ---- | M] () -- C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.149\deploy\LoLLauncher.exe
PRC - [2012/02/16 14:44:40 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\LolClient.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/06 16:24:26 | 016,032,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013/04/13 13:56:38 | 000,036,864 | ---- | M] () -- C:\Users\Ondra\AppData\Local\Temp\CmdLineExt02.dll
MOD - [2013/04/06 19:28:13 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013/04/06 19:28:13 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013/04/06 19:28:13 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013/04/06 19:28:13 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013/04/06 19:28:12 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013/04/06 19:28:12 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013/04/06 19:28:12 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013/04/06 19:28:11 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013/04/06 19:28:11 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013/04/06 19:28:10 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2013/04/06 19:28:10 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013/04/06 19:28:10 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012/05/29 11:46:02 | 001,300,376 | ---- | M] () -- C:\Users\Ondra\Desktop\pok\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2012/05/29 11:45:42 | 002,693,008 | ---- | M] () -- C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.149\deploy\LoLLauncher.exe
MOD - [2011/05/28 23:04:58 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/05/06 16:24:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/13 13:47:59 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/28 01:40:00 | 004,204,272 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/03/02 23:59:58 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/11/28 00:00:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/05/18 16:57:34 | 000,630,784 | ---- | M] (AB Studio) [On_Demand | Stopped] -- C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe -- (AbSoftMgr4)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/29 14:46:28 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/11/30 13:51:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012/11/30 13:51:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012/10/31 00:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/31 00:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/31 00:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/31 00:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/31 00:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/31 00:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/10/15 18:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/05 18:10:02 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/06/11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/12/08 21:41:35 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..\URLSearchHook: {027722dd-0f35-4d28-bfec-d3a657e925b3} - No CLSID value found
IE - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..\URLSearchHook: {62d40876-df18-411f-9d34-a9dd7a197bc5} - No CLSID value found
IE - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..\SearchScopes\{399a1442-7377-49e7-8d77-6dc9ed5968c1}: "URL" = http://www.zbozi.cz/?q={searchTerms}&so ... earch_6826
IE - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..\SearchScopes\{5cf5d387-d87c-4408-9a6b-301b0713d62a}: "URL" = http://www.mapy.cz/?query={searchTerms} ... earch_6826
IE - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..\SearchScopes\{8172f457-818d-46db-941f-2bbe53e156af}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..\SearchScopes\{eb97f7df-1773-4916-aae6-5af74da8c69d}: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.127.0
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.66.2
FF - prefs.js..extensions.enabledAddons: info@djzig.com:2.0.8
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@graphisoft.com/GDL Web Plug-in: C:\Program Files\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Ondra\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/19 16:36:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 19:29:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/09 21:15:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/09 21:15:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/09 21:15:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/09 21:15:36 | 000,000,000 | ---D | M]

[2011/11/27 23:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ondra\AppData\Roaming\Mozilla\Extensions
[2013/02/16 20:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\extensions
[2011/12/27 18:54:05 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\extensions\battlefieldheroespatcher@ea.com
[2011/12/26 02:04:46 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\extensions\battlefieldplay4free@ea.com
[2013/02/16 20:55:51 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\extensions\info@djzig.com
[2012/03/19 09:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/13 13:47:59 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/28 13:44:12 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012/06/28 13:44:12 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012/06/28 13:44:12 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012/06/28 13:44:12 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012/06/28 13:44:12 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Search = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: avast! WebRep = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Search = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: avast! WebRep = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/08/12 11:49:51 | 000,000,795 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..\Toolbar\WebBrowser: (no name) - {62D40876-DF18-411F-9D34-A9DD7A197BC5} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Automatické vypnutí počítače.lnk = C:\Program Files\Automatické vypnutí počítače\avp.exe (Martin Pospíšil)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2172719309-4291719321-445318152-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03A53A00-B13F-4FCE-8E15-B8974104AC30}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{af6df8c0-2f4e-11e1-8f58-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{af6df8c0-2f4e-11e1-8f58-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Torchlight_Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013/05/11 13:57:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ondra\Desktop\OTL.exe
[2013/05/10 15:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/10 15:02:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/10 15:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/10 15:00:44 | 010,284,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ondra\Desktop\mbam-setup.exe
[2013/05/09 19:49:32 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013/05/11 14:01:26 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/05/11 14:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/11 13:57:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ondra\Desktop\OTL.exe
[2013/05/11 13:26:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/11 10:19:47 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/11 10:19:47 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/11 10:18:41 | 000,660,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/11 10:18:41 | 000,124,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/11 10:13:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/11 10:12:51 | 000,077,824 | ---- | M] () -- C:\Windows\Keygen.exe
[2013/05/11 10:12:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/11 10:12:20 | 2415,419,392 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/11 00:23:19 | 000,628,743 | ---- | M] () -- C:\Users\Ondra\Desktop\adwcleaner.exe
[2013/05/10 15:02:35 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/10 15:01:42 | 010,284,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ondra\Desktop\mbam-setup.exe
[2013/05/10 14:54:37 | 000,072,253 | ---- | M] () -- C:\Users\Ondra\Desktop\mbam-setup-1.75.0.1300.exe
[2013/05/09 19:38:28 | 000,003,976 | ---- | M] () -- C:\Users\Ondra\Documents\cc_20130509_193825.reg
[2013/05/06 16:24:27 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/06 16:24:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/11 14:01:26 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/05/11 09:52:44 | 000,077,824 | ---- | C] () -- C:\Windows\Keygen.exe
[2013/05/11 00:23:19 | 000,628,743 | ---- | C] () -- C:\Users\Ondra\Desktop\adwcleaner.exe
[2013/05/10 15:02:35 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/10 14:54:36 | 000,072,253 | ---- | C] () -- C:\Users\Ondra\Desktop\mbam-setup-1.75.0.1300.exe
[2013/05/09 19:38:27 | 000,003,976 | ---- | C] () -- C:\Users\Ondra\Documents\cc_20130509_193825.reg
[2013/04/07 16:05:28 | 000,052,265 | ---- | C] () -- C:\Windows\War3Unin.dat
[2013/04/03 14:38:17 | 001,559,120 | ---- | C] () -- C:\Users\Ondra\ts3_recording_13_04_03_14_38_12.wav
[2012/11/30 13:51:14 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012/11/30 13:51:13 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012/11/14 19:42:18 | 000,139,832 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/11/14 19:42:12 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/11/14 19:42:04 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/11/13 20:54:20 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2012/09/23 13:24:33 | 000,045,270 | ---- | C] () -- C:\Users\Ondra\AppData\Roaming\room_v3.dat
[2012/07/20 00:34:33 | 000,000,030 | ---- | C] () -- C:\Windows\avp.ini
[2012/06/23 10:27:28 | 003,123,272 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/01/15 21:45:52 | 000,034,816 | ---- | C] () -- C:\Users\Ondra\murmur.sqlite
[2011/12/28 14:38:24 | 002,484,592 | ---- | C] () -- C:\Windows\System32\pbsvc_p4f.exe
[2011/12/27 12:28:07 | 000,000,093 | ---- | C] () -- C:\Users\Ondra\AppData\Local\fusioncache.dat
[2011/12/26 18:47:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011/12/26 03:19:17 | 000,022,328 | ---- | C] () -- C:\Users\Ondra\AppData\Roaming\PnkBstrK.sys
[2011/11/28 06:38:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/28 00:53:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/11/28 00:27:57 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/27 16:33:10 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\.minecraft
[2012/03/08 18:31:52 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\AB Studio
[2013/04/09 20:49:18 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Abvent
[2013/04/29 20:54:06 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Abvent_Artlantis4
[2012/03/03 00:16:46 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Autodesk
[2013/02/16 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Carbon
[2013/01/06 14:03:10 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\DAEMON Tools Lite
[2012/01/06 21:14:23 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\DAEMON Tools Pro
[2012/10/16 21:16:33 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\digipen
[2012/06/15 17:23:46 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\fizzy
[2013/02/10 17:31:10 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\ftblauncher
[2011/12/08 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\GetRightToGo
[2012/12/17 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Graphisoft
[2012/12/17 20:07:38 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Install.GS
[2012/07/19 10:32:47 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\LEGO Media
[2011/11/28 20:08:24 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\LolClient
[2012/05/24 16:13:17 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\LolClient2
[2012/05/08 00:57:54 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Mirillis
[2013/05/11 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Mumble
[2011/12/17 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Need for Speed World
[2012/11/21 00:34:51 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Nokia
[2012/09/25 13:53:43 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Opera
[2012/05/20 16:41:35 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Origin
[2011/12/14 21:04:09 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\PC Suite
[2011/11/28 18:49:41 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\PunkBuster
[2013/03/06 15:24:53 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\raidcall
[2011/12/31 22:38:22 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\runic games
[2012/11/21 19:28:25 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\SystemRequirementsLab
[2012/11/21 16:26:54 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Theta
[2012/04/06 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Trine2
[2013/05/11 12:46:50 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\TS3Client
[2012/08/12 11:25:04 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\TuneUp Software
[2013/04/15 23:27:42 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Tunngle
[2012/11/30 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Ubisoft
[2012/01/30 00:26:07 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Unity
[2013/05/09 19:37:04 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\uTorrent
[2012/08/11 01:59:07 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\wargaming.net
[2012/12/12 16:03:40 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Warner Bros. Interactive Entertainment
[2012/04/24 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Yandex

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009/07/14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/09/14 13:11:46 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 13:11:47 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/10/19 14:25:00 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2008/04/14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/09/29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2012/08/22 19:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013/01/03 07:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2013/01/04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2012/03/30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/09/29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011/09/29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013/01/03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\System32\drivers\tcpip.sys
[2013/01/03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012/03/30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012/08/22 19:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2013/01/04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2012/10/03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2012/10/03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012/03/30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[28 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013/04/27 16:33:10 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\.minecraft
[2012/03/08 18:31:52 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\AB Studio
[2013/04/09 20:49:18 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Abvent
[2013/04/29 20:54:06 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Abvent_Artlantis4
[2013/03/10 18:02:30 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Adobe
[2012/11/06 15:01:09 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Apple Computer
[2012/03/03 00:16:46 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Autodesk
[2013/02/16 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Carbon
[2013/01/06 14:03:10 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\DAEMON Tools Lite
[2012/01/06 21:14:23 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\DAEMON Tools Pro
[2012/10/16 21:16:33 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\digipen
[2012/02/09 00:55:36 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\DivX
[2012/06/15 17:23:46 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\fizzy
[2013/02/10 17:31:10 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\ftblauncher
[2011/12/08 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\GetRightToGo
[2012/12/17 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Graphisoft
[2013/03/09 17:52:21 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Hamachi
[2011/11/27 21:57:48 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Identities
[2012/12/17 20:07:38 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Install.GS
[2012/07/19 10:32:47 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\LEGO Media
[2011/11/28 20:08:24 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\LolClient
[2012/05/24 16:13:17 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\LolClient2
[2011/11/27 23:22:29 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Macromedia
[2012/04/07 10:06:56 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Malwarebytes
[2009/07/14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Media Center Programs
[2013/02/28 19:38:12 | 000,000,000 | --SD | M] -- C:\Users\Ondra\AppData\Roaming\Microsoft
[2012/07/22 10:03:37 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Microsoft Games
[2012/05/08 00:57:54 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Mirillis
[2011/12/27 14:50:20 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Mozilla
[2013/05/11 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Mumble
[2011/12/17 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Need for Speed World
[2012/11/21 00:34:51 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Nokia
[2012/09/25 13:53:43 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Opera
[2012/05/20 16:41:35 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Origin
[2011/12/14 21:04:09 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\PC Suite
[2011/11/28 18:49:41 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\PunkBuster
[2013/03/06 15:24:53 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\raidcall
[2011/12/31 22:38:22 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\runic games
[2012/08/14 17:26:48 | 000,000,000 | RH-D | M] -- C:\Users\Ondra\AppData\Roaming\SecuROM
[2013/05/02 15:33:13 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Skype
[2012/11/21 19:28:25 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\SystemRequirementsLab
[2012/11/21 16:26:54 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Theta
[2012/04/06 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Trine2
[2013/05/11 12:46:50 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\TS3Client
[2012/08/12 11:25:04 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\TuneUp Software
[2013/04/15 23:27:42 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Tunngle
[2012/11/30 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Ubisoft
[2012/01/30 00:26:07 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Unity
[2013/05/09 19:37:04 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\uTorrent
[2012/08/11 01:59:07 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\wargaming.net
[2012/12/12 16:03:40 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Warner Bros. Interactive Entertainment
[2011/12/01 23:43:00 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\WinRAR
[2012/04/24 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\Ondra\AppData\Roaming\Yandex

< %APPDATA%\*.exe /s >
[2013/03/10 18:02:08 | 000,054,776 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Ondra\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012/05/08 00:57:52 | 000,087,182 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_1E02B3D8732010A792DC8B.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_21F3885A18D238E15AAE81.exe
[2012/05/08 00:57:52 | 000,009,662 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_246B7FAFA01C01007FB902.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_415493353D745EEA216D94.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_6FEFF9B68218417F98F549.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_806048DC66200FE6D24FF3.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_85972F4A73DF7EADFBAFC2.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_934312A2105DE40686D86A.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_A753214149FB4F8721C1CB.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_A7A1F24988209FFD6FF84A.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_C7EFEC170C2E3BE8B9D183.exe
[2012/05/08 00:57:52 | 000,087,182 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_CD4379F87D44764E06955C.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_CF15DB293FB3ABD44856FB.exe
[2012/05/08 00:57:52 | 000,087,182 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_D4C7A5EF0F1F16C57632A3.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_D707CE1C009F1381803C2C.exe
[2012/05/08 00:57:52 | 000,087,182 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_D85B0F2A1AA7F32C8CDCDF.exe
[2012/05/08 00:57:52 | 000,287,934 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}\_FD8B6BA922FF5C34868F02.exe
[2013/03/15 20:37:35 | 000,119,808 | R--- | M] () -- C:\Users\Ondra\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
[2011/09/23 14:04:06 | 001,341,376 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\extensions\battlefieldheroespatcher@ea.com\plugins\BFHUpdater.exe
[2011/09/23 14:07:18 | 001,005,512 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\tud1p9zo.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe
[2011/11/23 19:38:29 | 003,123,272 | ---- | M] () -- C:\Users\Ondra\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2013/05/11 14:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/05/11 10:13:02 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/05/11 14:26:06 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

Bragni · #14 Příspěvek od **Bragni** » 11 kvě 2013 13:49

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013/05/11 10:19:47 | 000,014,976 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/11 10:19:47 | 000,014,976 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/11 10:18:41 | 000,124,896 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2013/05/11 10:18:41 | 000,660,706 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2013/05/11 10:18:41 | 000,792,118 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012/09/13 13:47:59 | 000,917,984 | ---- | M] (Mozilla Corporation) MD5=9C376F42BDE37F18D0A39AF7415D9BE6 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013/02/22 06:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2013/04/06 19:27:57 | 000,879,456 | ---- | M] (Opera Software) MD5=C5520FEB7AD5F6E3692B6DE41F6A1A27 -- C:\Program Files\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) MD5=4E9592BB2C100E571F82640E59E9ECD5 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013/05/11 14:01:26 | 000,000,512 | ---- | M] () MD5=9B9A7309D5E470CCC79D428AE32CB41E -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012/11/30 14:00:30 | 014,658,048 | ---- | M] () -- \Program Files\Ubisoft\Related Designs\ANNO 1404\Anno-1404-Crack.exe
[2013/04/07 00:06:29 | 000,074,742 | ---- | M] () -- \Program Files\Warcraft3_Frozen throne CRACK\Crack_remove.exe
[2013/04/07 00:06:29 | 000,001,186 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\W3_Frozen throne crack\Uninstall W3_Frozen throne crack.lnk
[2013/04/07 00:06:29 | 000,001,186 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\W3_Frozen throne crack\Uninstall W3_Frozen throne crack.lnk
[2013/02/10 17:27:35 | 000,001,062 | ---- | M] () -- \Users\Ondra\AppData\Roaming\ftblauncher\ModPacks\MindCrack\logo_minecrack.png
[2013/02/10 17:27:35 | 000,008,681 | ---- | M] () -- \Users\Ondra\AppData\Roaming\ftblauncher\ModPacks\MindCrack\mindcrack_splash.png

< *keygen* /s >
[2013/05/11 10:12:51 | 000,077,824 | ---- | M] () -- \Windows\Keygen.exe
[3 \Windows\*.tmp files -> \Windows\*.tmp -> ]

< *loader* /s >
[2011/10/12 15:04:18 | 000,006,643 | ---- | M] () -- \_OTM\MovedFiles\08192012_212809\C_Program Files\Microsoft\BingBar\7.1.391.0\apps\chat\7.1.391\js\downloader.js
[2011/10/12 15:04:18 | 000,006,643 | ---- | M] () -- \_OTM\MovedFiles\08192012_212809\C_Program Files\Microsoft\BingBar\7.1.391.0\apps\facebook\7.1.391\js\downloader.js
[2011/10/12 15:04:18 | 000,006,643 | ---- | M] () -- \_OTM\MovedFiles\08192012_212809\C_Program Files\Microsoft\BingBar\7.1.391.0\apps\facebooklike\7.1.391\js\downloader.js
[2011/10/12 15:04:18 | 000,006,643 | ---- | M] () -- \_OTM\MovedFiles\08192012_212809\C_Program Files\Microsoft\BingBar\7.1.391.0\apps\fbsharedservices\7.1.391\js\downloader.js
[2011/10/12 15:04:18 | 000,006,643 | ---- | M] () -- \_OTM\MovedFiles\08192012_212809\C_Program Files\Microsoft\BingBar\7.1.391.0\apps\featured\7.1.391\js\downloader.js
[2011/10/12 15:04:18 | 000,006,643 | ---- | M] () -- \_OTM\MovedFiles\08192012_212809\C_Program Files\Microsoft\BingBar\7.1.391.0\apps\games\7.1.391\js\shared\downloader.js
[2011/10/12 15:04:18 | 000,006,643 | ---- | M] () -- \_OTM\MovedFiles\08192012_212809\C_Program Files\Microsoft\BingBar\7.1.391.0\scripts\io\downloader.js
[2009/07/14 11:26:40 | 000,223,744 | ---- | M] () -- \Documents%20and%20Settings\Lynx\Plocha\Windows 7 Professional (x86) - DVD (English)\sources\upgloader.dll
[2009/07/14 11:26:40 | 000,022,528 | ---- | M] () -- \Documents%20and%20Settings\Lynx\Plocha\Windows 7 Professional (x86) - DVD (English)\sources\en-us\upgloader.dll.mui
[2011/10/19 17:46:54 | 003,375,104 | ---- | M] () -- \Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader.exe
[2011/10/19 17:46:54 | 001,064,960 | ---- | M] () -- \Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
[2012/09/14 16:00:00 | 000,000,459 | ---- | M] () -- \Program Files\Archi\Doplnky ArchiCADu\Speciality\AYC_html\dynamicloader.css
[2012/09/14 16:00:00 | 000,000,971 | ---- | M] () -- \Program Files\Archi\Doplnky ArchiCADu\Speciality\AYC_html\dynamicloader.html
[2012/09/14 16:00:00 | 000,002,456 | ---- | M] () -- \Program Files\Archi\Doplnky ArchiCADu\Speciality\AYC_html\dynamicloader.js
[2012/10/11 21:56:32 | 000,008,827 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2012/04/03 14:46:07 | 000,000,195 | ---- | M] () -- \Program Files\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2010/10/07 05:36:40 | 000,265,552 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2010/10/07 05:36:40 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2012/06/26 12:36:20 | 000,002,560 | ---- | M] () -- \Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2011/10/17 14:10:26 | 000,071,528 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2011/11/06 11:09:52 | 000,083,816 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013/03/06 15:26:58 | 000,470,820 | ---- | M] () -- \Program Files\RaidCall\flash\XOverlayMainLoader.swf
[2012/11/21 15:40:29 | 000,329,056 | ---- | M] () -- \Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2_loader.dll
[2012/11/21 15:40:29 | 000,293,376 | ---- | M] () -- \Program Files\Ubisoft\Ubisoft Game Launcher\uplay_r1_loader.dll
[2012/12/04 18:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012/12/04 18:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012/12/04 18:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2012/10/01 13:36:00 | 000,387,800 | ---- | M] () -- \ProgramData\TERA\launcher\live\downloader.bundle
[2012/07/10 00:11:00 | 000,693,704 | ---- | M] () -- \ProgramData\TERA\launcher\live\downloader.dll
[2010/11/02 12:36:12 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.217\deploy\assets\storeImages\layout\small_loader.gif
[2012/10/18 18:59:44 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.217\deploy\assets\storeImages\layout\OldImages\small_loader.gif
[2010/09/07 17:50:54 | 000,002,001 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.93\deploy\assets\images\SpinLoader.png
[2010/11/02 12:36:12 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.93\deploy\assets\storeImages\layout\small_loader.gif
[2012/12/04 18:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012/12/04 18:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012/12/04 18:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2012/10/01 13:36:00 | 000,387,800 | ---- | M] () -- \Users\All Users\TERA\launcher\live\downloader.bundle
[2012/07/10 00:11:00 | 000,693,704 | ---- | M] () -- \Users\All Users\TERA\launcher\live\downloader.dll
[2012/01/25 23:20:42 | 1036,490,752 | ---- | M] () -- \Users\Ondra\Desktop\filmy\Valka.svetu.2005.DVDRip.CZ.by.Colly.of.PowerUploaders.avi
[2012/01/17 07:29:37 | 000,003,026 | ---- | M] () -- \Users\Ondra\Desktop\games\wotlk\Data\enUS\Documentation\Troubleshooting\(Mac)BlizzardDownloaderProblems.html
[2012/01/17 07:29:37 | 000,004,261 | ---- | M] () -- \Users\Ondra\Desktop\games\wotlk\Data\enUS\Documentation\Troubleshooting\(PC)BlizzardDownloaderProblems.html
[2012/02/16 14:44:38 | 000,000,404 | ---- | M] () -- \Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\assets\storeImages\layout\small_loader.gif
[2012/10/18 19:37:36 | 000,000,404 | ---- | M] () -- \Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\assets\storeImages\layout\OldImages\small_loader.gif
[2010/03/24 21:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2010/03/24 21:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2012/11/30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[1 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2011/12/30 13:17:50 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2011/12/30 13:17:50 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2011/12/30 13:17:50 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010/11/20 06:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/18 13:09:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:43:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 19:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 19:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 19:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

Bragni · #15 Příspěvek od **Bragni** » 11 kvě 2013 13:50

OTL Extras logfile created on: 5/11/2013 1:58:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ondra\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

3.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.29% Memory free
6.00 Gb Paging File | 4.42 Gb Available in Paging File | 73.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 115.45 Gb Free Space | 38.73% Space Free | Partition Type: NTFS

Computer Name: ONDRA-PC | User Name: Ondra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2172719309-4291719321-445318152-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0662386C-9977-49D2-80C0-814F86A2060D}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{18C85565-0E54-4C52-A62B-2C49FFD72E9F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C728795-C058-4BB7-A9B1-8F5103FA7A37}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{202E6E19-1EC5-43BB-B5EB-29B6D2E5C61D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{23EF1F48-F47F-49E9-90F4-63AE6BDE6EF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{28D298B1-2E7D-4CCF-A4E8-CB4CCA2F664E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3423735A-A254-43C4-8748-872CBBACE811}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DA04D92-5A8F-4564-8BD4-859AAB9BEC66}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{40ACF08D-66B2-4C74-A91C-71336FA197F7}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{4247E37A-2485-4066-A10A-787962802BEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4478BD38-7AC0-485A-9AAB-15BCCE5FC7C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{48763A4D-03BD-4412-A52F-C51EE2B3C988}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B401ACC-8936-4283-BB6D-15626E50BDF5}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B742E59-2AF5-494B-8110-41B7C64950D6}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{4CAA4BD3-F128-4ABC-9C1C-122068D2783E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{563D0C75-9593-4A2B-9D68-EE1BAA55037D}" = lport=137 | protocol=17 | dir=in | app=system |
"{5CBC1BB0-E9B8-492D-9126-D537B0A1BB39}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6E62ACE1-86AE-4A8F-95F7-3C54E4EF2F7F}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{6EB1BBD0-1C0A-41E2-9637-02BEDF272CE6}" = rport=139 | protocol=6 | dir=out | app=system |
"{6FECCC56-AAD4-4C4A-B502-07ED5F4F0587}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C94269B-7311-4D5E-A6D4-32011CA80CCF}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{9211466B-B4FC-4BA8-99BF-1CDDB8482D6C}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{99E806F1-0D27-4FDE-85CB-1B8650E8A7A2}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{A3FFC896-8091-4F0D-8C94-FE4BC5EE63A5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A9B807CE-F28E-48B9-BD4D-9A120C4ABDC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF01F787-569D-4485-8348-6F313A546160}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2E0A1CE-9260-47E8-A1E5-6B740EFB17AE}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{B981A0E4-C77B-4BBE-95B4-5AC1FA507C2E}" = lport=445 | protocol=6 | dir=in | app=system |
"{BF0DB50E-30AA-4616-B0B0-5D737A4EE16D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C796EB71-9FB1-4BA2-ADEB-5989B7274B91}" = rport=138 | protocol=17 | dir=out | app=system |
"{E18F5136-0261-4193-9C00-8E0FBCEAAE2F}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{E35D85CD-58B5-452C-AB22-749808064CB8}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF56CB75-F42D-47C2-B5C6-339B4DDA2E0B}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03335F71-B6BB-47D4-AAE8-300F079949C4}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{037D55D3-C510-42F7-A719-B72C978B194E}" = protocol=6 | dir=in | app=c:\program files\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe |
"{06D9E791-55C8-4860-8913-6CE464F2D656}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{19C332B3-FEAD-4FD9-8CB1-7CB37DAD34B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1F139B92-0BF5-4B49-9645-21736C3D787C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{22352453-2313-4792-89DD-4B2C5A8FE516}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{26AA9563-4DFE-463E-B45F-BEAF654E6CEC}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{316CBDFC-5FD8-4C61-B255-8625F27B080D}" = protocol=17 | dir=in | app=c:\program files\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe |
"{34341BB5-8C9C-4E6C-94CF-8D527F9EC77C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{412A5DE0-FCC4-44AD-B065-56DF0A395521}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4421507E-5634-478D-9244-A8F3377B2CE6}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{46BFA63E-F435-4563-868E-7E04AEB04F1B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{5437AAF7-7082-4A48-8608-8BF6330C2FC0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{555B66B8-8BB0-4AD2-A641-70BF57700DFB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5C567C47-4555-4D48-B557-75EF1FF16D04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{64FAA8E7-5E74-4FC4-BC81-B7D2EE07078F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{76923DA9-AC15-4575-9069-3B054B881C68}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{80AD7AD8-0A01-4F0F-B8BF-12F1525A9C52}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013_100.exe |
"{84C53818-4245-4602-A0F4-73D36779C008}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9305B509-CD55-49CF-8251-179C3378A9DD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{963B8B72-0C44-4323-8C4A-0C41C161ACC7}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe |
"{A153348B-EC13-4B80-80B3-C1DEA375CD43}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{A20F80B4-B850-4AF2-9DFC-CF11FA428E52}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe |
"{A39132E1-BE09-4F6B-9252-98263006436D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AC64B8A1-0023-4DB1-8255-DCA615B4469C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADBE77DF-D869-4FEF-B9E7-04C6058D3889}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AECB283E-A479-4307-A00D-30938C5AD0F0}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{BBD0B6A7-AED8-45AD-BA39-12E356E5E717}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013_100.exe |
"{C19B7389-EDF7-4DF4-97E6-7090FBB590A5}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{C4A4C018-B602-4CCE-8102-8C04CFFF39C8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{C4E2E527-6672-4E40-875E-52E5B2B68597}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C57882A9-018B-40A0-80E4-348325CF909C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDECF0D7-2C11-46E0-ADFF-0049CA76277B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DF9AACE7-58FB-4BD1-93F5-1D5BD742686B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E7213F8A-0A38-4554-AD2C-BE6BE6C002C6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F395E9A2-B989-4F55-810F-509B88ED3441}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{FA0DE28F-231C-4460-8914-A54AB346CEC6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FAA9D305-C51C-4F97-93D9-D988E4192605}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0543E131-FECD-411D-98C9-2657E17E09FF}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{0B3635FF-D2F4-413D-8BD3-A65C28ADB49F}C:\Program Files\Archi\ArchiCAD.exe" = protocol=6 | dir=in | app=c:\program files\archi\archicad.exe |
"TCP Query User{0FECDC48-E7DC-4FF4-9CFC-035F1F5FB226}C:\users\ondra\desktop\games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\ondra\desktop\games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{1E26B846-A001-40E1-87FF-245B5B8B6B7F}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{203FD273-7E06-423B-9595-4CA2E0014D83}C:\program files\artlantis studio 4\qtsocketserver.exe" = protocol=6 | dir=in | app=c:\program files\artlantis studio 4\qtsocketserver.exe |
"TCP Query User{29F4C1B3-25DB-4A37-B855-EA9F2CCDD4F3}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"TCP Query User{2CD65354-1F52-46EB-AB69-01A23E6A933E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{4162E530-FBA4-4D4E-8267-94909C301E48}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{418789FA-E667-43D4-9577-B0F8D62E16F2}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{44F950DB-C708-4E85-9D3B-F7BE67A94544}C:\users\ondra\appdata\local\apps\2.0\lq2kjmhq.vjj\5gynlxyg.1th\laun...app_59711684aa47878d_0001.001b_a09983b3c069acd0\launcher.exe" = protocol=6 | dir=in | app=c:\users\ondra\appdata\local\apps\2.0\lq2kjmhq.vjj\5gynlxyg.1th\laun...app_59711684aa47878d_0001.001b_a09983b3c069acd0\launcher.exe |
"TCP Query User{53CAFCD1-E5B6-4A04-B14A-80D8753CF2B7}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{616D1748-0A31-4A3B-99E0-2A5B092642B5}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{63D2F60F-25D3-4EFE-9B14-AADEB46B527F}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"TCP Query User{758D98DC-9F34-491D-BCEA-2F7ACA113D2C}C:\users\ondra\appdata\local\apps\2.0\lq2kjmhq.vjj\5gynlxyg.1th\laun...app_59711684aa47878d_0001.001b_bcc4041724b93450\launcher.exe" = protocol=6 | dir=in | app=c:\users\ondra\appdata\local\apps\2.0\lq2kjmhq.vjj\5gynlxyg.1th\laun...app_59711684aa47878d_0001.001b_bcc4041724b93450\launcher.exe |
"TCP Query User{7B2E7E84-53A1-4A3B-ABCF-8DE2F865D7AC}C:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=c:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe |
"TCP Query User{7B99014A-511E-4B2F-A0B4-00CB8ABE9D1B}C:\program files\archi\licensefilegenerator.exe" = protocol=6 | dir=in | app=c:\program files\archi\licensefilegenerator.exe |
"TCP Query User{7EADD855-4651-479E-9183-9D3C677774F0}C:\windows\keygen.exe" = protocol=6 | dir=in | app=c:\windows\keygen.exe |
"TCP Query User{B70DCA58-9CDF-454B-8CF0-589DD8D6A0EA}C:\Program Files\Archi\gsquicktimeserver\gsqtserver.exe" = protocol=6 | dir=in | app=c:\program files\archi\gsquicktimeserver\gsqtserver.exe |
"TCP Query User{F1724249-BED5-4A46-B8A2-29D2D85FC89C}C:\program files\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{F54529FB-711E-409D-83D6-6BDAF1DDB3DD}C:\users\ondra\desktop\games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\ondra\desktop\games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{0C5320A7-4524-4706-80BD-1B6BDB27978F}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{0E25D554-A105-452A-8FCB-3BBDE3D803A5}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{0ED2E81E-AAE2-43C3-B40C-F6870425971B}C:\program files\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files\trendy entertainment\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{2AEE6839-9E28-480E-B48C-856B7B5E1DA1}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{3EB339A9-B4A4-438F-9DCD-D5AC9DBDA249}C:\Program Files\Archi\ArchiCAD.exe" = protocol=17 | dir=in | app=c:\program files\archi\archicad.exe |
"UDP Query User{417AFE38-8DDA-48FE-91DB-4B4CD8220F69}C:\program files\archi\licensefilegenerator.exe" = protocol=17 | dir=in | app=c:\program files\archi\licensefilegenerator.exe |
"UDP Query User{4660F0B6-8D8E-4ABC-9D6D-A5CE30C799E2}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{6BF15C7B-9890-4E6F-8326-E71743E30CED}C:\windows\keygen.exe" = protocol=17 | dir=in | app=c:\windows\keygen.exe |
"UDP Query User{83B82448-598A-4075-9C80-2472691B3740}C:\users\ondra\desktop\games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\ondra\desktop\games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{95318510-338F-4CB8-859E-83358BB5D424}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{95B3200E-E332-4964-87A8-58056FF5C0DA}C:\users\ondra\appdata\local\apps\2.0\lq2kjmhq.vjj\5gynlxyg.1th\laun...app_59711684aa47878d_0001.001b_a09983b3c069acd0\launcher.exe" = protocol=17 | dir=in | app=c:\users\ondra\appdata\local\apps\2.0\lq2kjmhq.vjj\5gynlxyg.1th\laun...app_59711684aa47878d_0001.001b_a09983b3c069acd0\launcher.exe |
"UDP Query User{A6553716-D632-46C3-B886-82C2573F1185}C:\program files\artlantis studio 4\qtsocketserver.exe" = protocol=17 | dir=in | app=c:\program files\artlantis studio 4\qtsocketserver.exe |
"UDP Query User{AF727AB8-704B-43AB-BFE0-28FFCD2FEE1B}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{BDDBA8B2-382D-4EC8-99C4-B26EAAB992FC}C:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=c:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe |
"UDP Query User{C5E3DB52-D647-46B7-807D-9656B0A0590B}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{D0EAD331-D75A-43C2-BB16-88A5CAB16743}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"UDP Query User{D94B4048-7B1A-4B45-9899-7BF51E80F307}C:\users\ondra\appdata\local\apps\2.0\lq2kjmhq.vjj\5gynlxyg.1th\laun...app_59711684aa47878d_0001.001b_bcc4041724b93450\launcher.exe" = protocol=17 | dir=in | app=c:\users\ondra\appdata\local\apps\2.0\lq2kjmhq.vjj\5gynlxyg.1th\laun...app_59711684aa47878d_0001.001b_bcc4041724b93450\launcher.exe |
"UDP Query User{E34F8547-D037-4936-930F-27FE99FEC765}C:\users\ondra\desktop\games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\ondra\desktop\games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{F637A26F-EF46-46E3-B4BE-47846F24F2FC}C:\Program Files\Archi\gsquicktimeserver\gsqtserver.exe" = protocol=17 | dir=in | app=c:\program files\archi\gsquicktimeserver\gsqtserver.exe |
"UDP Query User{FC015BCD-8A73-4940-893F-BC614F8930CC}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}" = Splash Lite
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{62C68336-B969-4097-B0BD-A3A0FBFD59C1}" = Mumble 1.2.3
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C4142F1-8C82-4E7D-B540-3E783B2B7F9A}" = AB Softlock 4
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0015-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{2304F942-79D2-46F7-A512-269A7F5B7EFC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{A162C5E6-7778-4D5B-9F0A-38F0122DD859}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-002C-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{8148DB19-71B1-4415-8B26-DF5B9E873FC3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{EEF3E2C0-135B-44DC-BEDD-7F01CFBEFF46}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Czech
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"001FFF1FFF16FF00FF1101F01F02F000-R1" = ArchiCAD 16 CZE
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Artlantis Studio 4" = Artlantis Studio 4.1.8
"Automatické vypnutí počítače (AVP)_is1" = Automatické vypnutí počítače 1.0
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup" = DivX Setup
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"F058B88E-7747-455E-9751-6E906EE1F226" = MiniGolf
"Google Chrome" = Google Chrome
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 15.0.1 (x86 cs)" = Mozilla Firefox 15.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"Steam App 570" = Dota 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"Uplay" = Uplay
"uTorrent" = µTorrent
"W3_Frozen throne crack" = W3_Frozen throne crack
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"World of Warcraft" = World of Warcraft
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2172719309-4291719321-445318152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Team Composition Generator 1.0.2" = Team Composition Generator 1.0.2
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2013 7:36:16 PM | Computer Name = Ondra-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.6.0.5920, time
stamp: 0x510610d1 Exception code: 0xc0000005 Fault offset: 0x001cf816 Faulting process
id: 0x580 Faulting application start time: 0x01ce21d3cea9b6c0 Faulting application
path: C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: 20b27f40-8dc9-11e2-869b-0021856d0735

Error - 3/15/2013 8:22:20 PM | Computer Name = Ondra-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.6.0.5920, time
stamp: 0x510610d1 Exception code: 0xc0000005 Fault offset: 0x001cf816 Faulting process
id: 0x150c Faulting application start time: 0x01ce21d5eaee1fe0 Faulting application
path: C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: 9079b450-8dcf-11e2-869b-0021856d0735

Error - 3/15/2013 9:08:31 PM | Computer Name = Ondra-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/16/2013 6:41:14 AM | Computer Name = Ondra-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.6.0.5920, time
stamp: 0x510610d1 Exception code: 0xc0000005 Fault offset: 0x001cf816 Faulting process
id: 0x28c Faulting application start time: 0x01ce222cae5a54c0 Faulting application
path: C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: 05e55810-8e26-11e2-9548-0021856d0735

Error - 3/16/2013 9:10:09 AM | Computer Name = Ondra-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Air.dll, version: 0.0.0.0, time stamp: 0x511c7eb4
Exception
code: 0xc0000417 Fault offset: 0x0000f66b Faulting process id: 0xb1c Faulting application
start time: 0x01ce2239eb782578 Faulting application path: C:\Users\Ondra\Desktop\pok\League
of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: C:\Program Files\LOLReplay\Air.dll Report Id: d3e231c0-8e3a-11e2-9548-0021856d0735

Error - 3/16/2013 2:19:32 PM | Computer Name = Ondra-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Air.dll, version: 0.0.0.0, time stamp: 0x511c7eb4
Exception
code: 0xc0000005 Fault offset: 0x00002e72 Faulting process id: 0x1084 Faulting application
start time: 0x01ce2250ebb4b620 Faulting application path: C:\Users\Ondra\Desktop\pok\League
of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: C:\Program Files\LOLReplay\Air.dll Report Id: 0bdf7b20-8e66-11e2-9548-0021856d0735

Error - 3/17/2013 4:04:01 PM | Computer Name = Ondra-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Air.dll, version: 0.0.0.0, time stamp: 0x511c7eb4
Exception
code: 0xc0000005 Fault offset: 0x00002e72 Faulting process id: 0xf84 Faulting application
start time: 0x01ce234a2ab16540 Faulting application path: C:\Users\Ondra\Desktop\pok\League
of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: C:\Program Files\LOLReplay\Air.dll Report Id: cf54c380-8f3d-11e2-b4e5-0021856d0735

Error - 3/17/2013 7:57:52 PM | Computer Name = Ondra-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.6.0.5920, time
stamp: 0x510610d1 Exception code: 0xc0000005 Fault offset: 0x001cf816 Faulting process
id: 0xb90 Faulting application start time: 0x01ce234f99415fb0 Faulting application
path: C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: 7a6148f0-8f5e-11e2-b282-0021856d0735

Error - 3/18/2013 5:48:50 PM | Computer Name = Ondra-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Air.dll, version: 0.0.0.0, time stamp: 0x511c7eb4
Exception
code: 0xc0000417 Fault offset: 0x0000f66b Faulting process id: 0xc54 Faulting application
start time: 0x01ce23edbbab92c0 Faulting application path: C:\Users\Ondra\Desktop\pok\League
of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: C:\Program Files\LOLReplay\Air.dll Report Id: 9e231b30-9015-11e2-9bc6-0021856d0735

Error - 3/18/2013 6:57:12 PM | Computer Name = Ondra-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Air.dll, version: 0.0.0.0, time stamp: 0x511c7eb4
Exception
code: 0xc0000417 Fault offset: 0x0000f66b Faulting process id: 0x186c Faulting application
start time: 0x01ce24226fce4480 Faulting application path: C:\Users\Ondra\Desktop\pok\League
of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: C:\Program Files\LOLReplay\Air.dll Report Id: 2b083400-901f-11e2-9bc6-0021856d0735

Error - 3/18/2013 7:59:38 PM | Computer Name = Ondra-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.6.0.5920, time
stamp: 0x510610d1 Exception code: 0xc0000005 Fault offset: 0x001cf816 Faulting process
id: 0x10e8 Faulting application start time: 0x01ce242c0374cbb0 Faulting application
path: C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: C:\Users\Ondra\Desktop\pok\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: e40c93d0-9027-11e2-9bc6-0021856d0735

[ Media Center Events ]
Error - 12/25/2011 2:27:46 AM | Computer Name = Ondra-PC | Source = MCUpdate | ID = 0
Description = 7:27:41 - Error connecting to the internet. 7:27:41 - Unable to
contact server..

Error - 12/25/2011 3:31:18 AM | Computer Name = Ondra-PC | Source = MCUpdate | ID = 0
Description = 8:31:18 - Error connecting to the internet. 8:31:18 - Unable to
contact server..

Error - 12/25/2011 3:31:48 AM | Computer Name = Ondra-PC | Source = MCUpdate | ID = 0
Description = 8:31:47 - Error connecting to the internet. 8:31:47 - Unable to
contact server..

Error - 3/9/2012 2:13:31 AM | Computer Name = Ondra-PC | Source = MCUpdate | ID = 0
Description = 7:13:30 - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 3/9/2012 2:15:51 AM | Computer Name = Ondra-PC | Source = MCUpdate | ID = 0
Description = 7:15:30 - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)

Error - 3/9/2012 2:16:33 AM | Computer Name = Ondra-PC | Source = MCUpdate | ID = 0
Description = 7:16:12 - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 3/9/2012 2:17:03 AM | Computer Name = Ondra-PC | Source = MCUpdate | ID = 0
Description = 7:16:54 - Failed to retrieve Broadband (Error: Unable to connect to
the remote server)

Error - 4/6/2012 2:27:23 AM | Computer Name = Ondra-PC | Source = MCUpdate | ID = 0
Description = 8:27:23 - Failed to retrieve Directory (Error: Unable to connect to
the remote server)

Error - 2/20/2013 11:31:01 AM | Computer Name = Ondra-PC | Source = MCUpdate | ID = 0
Description = 16:31:01 - Error connecting to the internet. 16:31:01 - Unable
to contact server..

Error - 2/20/2013 11:31:14 AM | Computer Name = Ondra-PC | Source = MCUpdate | ID = 0
Description = 16:31:06 - Error connecting to the internet. 16:31:06 - Unable
to contact server..

[ System Events ]
Error - 5/10/2013 11:49:26 AM | Computer Name = Ondra-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 5/10/2013 12:34:07 PM | Computer Name = Ondra-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 5/10/2013 12:34:28 PM | Computer Name = Ondra-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 5/10/2013 12:34:49 PM | Computer Name = Ondra-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 5/10/2013 12:35:10 PM | Computer Name = Ondra-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 5/10/2013 12:35:30 PM | Computer Name = Ondra-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 5/10/2013 7:50:56 PM | Computer Name = Ondra-PC | Source = DCOM | ID = 10010
Description =

Error - 5/11/2013 3:52:25 AM | Computer Name = Ondra-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 5/11/2013 4:11:30 AM | Computer Name = Ondra-PC | Source = DCOM | ID = 10010
Description =

Error - 5/11/2013 4:12:32 AM | Computer Name = Ondra-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

< End of report >

VIRY.CZ

Kontrola PC

Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC

Re: Kontrola PC