Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-01-2014 02
Ran by Ihor at 2014-01-14 16:04:03 Run:2
Running from C:\Users\Ihor\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [TMP3E3~1] - "C:\Users\Ihor\AppData\Local\Temp\TMP3E3~1.VBS" <===== ATTENTION
HKLM-x32\...\Run: [] - [x]
HKCU\...\Run: [ăíßŃćČĎÇĘí.b] - [x]
HKCU\...\Run: [mvpjbscryh] - C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [nxyjekzaeo] - C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tdnkeeuwjq] - C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tmp4106] - C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs [542852 2014-01-03] () <===== ATTENTION
HKCU\...\Run: [tmp50DF] - C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmpA025] - C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp791A] - C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp6D47] - C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [vdcwwdxbwo] - C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs [14264 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp97EB] - C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs [14276 2013-12-31] () <===== ATTENTION
HKCU\...\Run: [TMP6D4~1] - C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP791~1] - C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP50D~1] - C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMPA02~1] - C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B8D6B2AC-226A-402F-883E-D1F3D529C592} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=6F44F2EB-C8A3-40C6-901D-2299CC053965&apn_sauid=ECFB09E9-B264-4153-9235-F524D3965BD1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask.com
CHR DefaultNewTabURL:
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Extension: (wxDfast) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd\1.0_0 [2012-08-25]
CHR HKLM-x32\...\Chrome\Extension: [epohjfbhajfojachcgdhgegmaadodlcd] - C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx [2012-11-07]
S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [x]
C:\Program Files\Protector by IB
2014-01-13 23:03 - 2014-01-13 23:03 - 00000000 ____D C:\ProgramData\Symantec
2014-01-13 21:48 - 2014-01-13 21:48 - 00004582 _____ C:\Users\Ihor\Desktop\Rkill.txt
2014-01-13 21:47 - 2014-01-13 21:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ihor\Desktop\rkill.exe
2014-01-13 22:14 - 2014-01-13 22:13 - 05166068 ____R (Swearware) C:\Users\Ihor\Desktop\ComboFix11.exe
2014-01-14 13:54 - 2014-01-14 13:48 - 01236282 _____ C:\Users\Ihor\Desktop\adwcleaner.exe
2014-01-14 00:08 - 2014-01-14 00:08 - 00001204 _____ C:\CF-Submit.htm
2014-01-13 19:15 - 2014-01-13 23:09 - 00000008 _____ C:\Windows\windows.exe.tmp
2014-01-13 14:45 - 2014-01-13 20:28 - 00000059 ____N C:\Windows\Trojan.exe.tmp
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 ____N (Microsoft Corporation) C:\Windows\server.exe
2014-01-01 18:37 - 2014-01-13 20:28 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 ____N C:\Windows\windows.exe
C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs
C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs
C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS
C:\Users\Ihor\AppData\Local\Temp\Quarantine.exe
C:\Program Files (x86)\Iminent
C:\Program Files (x86)\Optimizer Pro
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe" /f
Hosts:
CMD: shutdown /r /f /t 2
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TMP3E3~1 => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ăíßŃćČĎÇĘí.b => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\mvpjbscryh => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\nxyjekzaeo => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tdnkeeuwjq => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp4106 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp50DF => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmpA025 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp791A => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp6D47 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\vdcwwdxbwo => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp97EB => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMP6D4~1 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMP791~1 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMP50D~1 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMPA02~1 => Value deleted successfully.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value not found.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8D6B2AC-226A-402F-883E-D1F3D529C592} => Key not found.
HKCR\CLSID\{B8D6B2AC-226A-402F-883E-D1F3D529C592} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key not found.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
CHR DefaultSearchKeyword: askws ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Ask.com ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll not found.
C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\epohjfbhajfojachcgdhgegmaadodlcd => Key not found.
"C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx" => File/Directory not found.
Protector by IB Updater => Service not found.
"C:\Program Files\Protector by IB" => File/Directory not found.
C:\ProgramData\Symantec => Moved successfully.
"C:\Users\Ihor\Desktop\Rkill.txt" => File/Directory not found.
"C:\Users\Ihor\Desktop\rkill.exe" => File/Directory not found.
"C:\Users\Ihor\Desktop\ComboFix11.exe" => File/Directory not found.
"C:\Users\Ihor\Desktop\adwcleaner.exe" => File/Directory not found.
"C:\CF-Submit.htm" => File/Directory not found.
"C:\Windows\windows.exe.tmp" => File/Directory not found.
"C:\Windows\Trojan.exe.tmp" => File/Directory not found.
"C:\Users\Ihor\Documents\Server1.exe" => File/Directory not found.
"C:\Windows\server.exe" => File/Directory not found.
"C:\Windows\system32\.tmp" => File/Directory not found.
"C:\Windows\windows.exe" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs" => File/Directory not found.
Could not move "C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" => Scheduled to move on reboot.
"C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs" => File/Directory not found.
C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs => Moved successfully.
"C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs" => File/Directory not found.
Could not move "C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" => Scheduled to move on reboot.
"C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS" => File/Directory not found.
C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS => Moved successfully.
"C:\Users\Ihor\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Program Files (x86)\Iminent" => File/Directory not found.
"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe" /f =========
Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= shutdown /r /f /t 2 =========
========= End of CMD: =========
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-14 16:06:54)<=
C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs => Is moved successfully.
C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs => Is moved successfully.
==== End of Fixlog ====
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Win 7 naběhne ale je extremě pomalé
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Re: Win 7 naběhne ale je extremě pomalé
tady je ten spravny log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-01-2014 02
Ran by Ihor at 2014-01-14 15:43:21 Run:1
Running from C:\Users\Ihor\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [TMP3E3~1] - "C:\Users\Ihor\AppData\Local\Temp\TMP3E3~1.VBS" <===== ATTENTION
HKLM-x32\...\Run: [] - [x]
HKCU\...\Run: [ăíßŃćČĎÇĘí.b] - [x]
HKCU\...\Run: [mvpjbscryh] - C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [nxyjekzaeo] - C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tdnkeeuwjq] - C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tmp4106] - C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs [542852 2014-01-03] () <===== ATTENTION
HKCU\...\Run: [tmp50DF] - C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmpA025] - C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp791A] - C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp6D47] - C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [vdcwwdxbwo] - C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs [14264 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp97EB] - C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs [14276 2013-12-31] () <===== ATTENTION
HKCU\...\Run: [TMP6D4~1] - C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP791~1] - C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP50D~1] - C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMPA02~1] - C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B8D6B2AC-226A-402F-883E-D1F3D529C592} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=6F44F2EB-C8A3-40C6-901D-2299CC053965&apn_sauid=ECFB09E9-B264-4153-9235-F524D3965BD1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask.com
CHR DefaultNewTabURL:
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Extension: (wxDfast) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd\1.0_0 [2012-08-25]
CHR HKLM-x32\...\Chrome\Extension: [epohjfbhajfojachcgdhgegmaadodlcd] - C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx [2012-11-07]
S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [x]
C:\Program Files\Protector by IB
2014-01-13 23:03 - 2014-01-13 23:03 - 00000000 ____D C:\ProgramData\Symantec
2014-01-13 21:48 - 2014-01-13 21:48 - 00004582 _____ C:\Users\Ihor\Desktop\Rkill.txt
2014-01-13 21:47 - 2014-01-13 21:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ihor\Desktop\rkill.exe
2014-01-13 22:14 - 2014-01-13 22:13 - 05166068 ____R (Swearware) C:\Users\Ihor\Desktop\ComboFix11.exe
2014-01-14 13:54 - 2014-01-14 13:48 - 01236282 _____ C:\Users\Ihor\Desktop\adwcleaner.exe
2014-01-14 00:08 - 2014-01-14 00:08 - 00001204 _____ C:\CF-Submit.htm
2014-01-13 19:15 - 2014-01-13 23:09 - 00000008 _____ C:\Windows\windows.exe.tmp
2014-01-13 14:45 - 2014-01-13 20:28 - 00000059 ____N C:\Windows\Trojan.exe.tmp
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 ____N (Microsoft Corporation) C:\Windows\server.exe
2014-01-01 18:37 - 2014-01-13 20:28 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 ____N C:\Windows\windows.exe
C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs
C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs
C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS
C:\Users\Ihor\AppData\Local\Temp\Quarantine.exe
C:\Program Files (x86)\Iminent
C:\Program Files (x86)\Optimizer Pro
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe" /f
Hosts:
CMD: shutdown /r /f /t 2
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TMP3E3~1 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ăíßŃćČĎÇĘí.b => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\mvpjbscryh => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\nxyjekzaeo => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tdnkeeuwjq => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp4106 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp50DF => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmpA025 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp791A => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp6D47 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\vdcwwdxbwo => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp97EB => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMP6D4~1 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMP791~1 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMP50D~1 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMPA02~1 => Value deleted successfully.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8D6B2AC-226A-402F-883E-D1F3D529C592} => Key deleted successfully.
HKCR\CLSID\{B8D6B2AC-226A-402F-883E-D1F3D529C592} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
CHR DefaultSearchKeyword: askws ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Ask.com ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll not found.
C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\epohjfbhajfojachcgdhgegmaadodlcd => Key deleted successfully.
"C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx" => File/Directory not found.
Protector by IB Updater => Service deleted successfully.
"C:\Program Files\Protector by IB" => File/Directory not found.
C:\ProgramData\Symantec => Moved successfully.
C:\Users\Ihor\Desktop\Rkill.txt => Moved successfully.
C:\Users\Ihor\Desktop\rkill.exe => Moved successfully.
C:\Users\Ihor\Desktop\ComboFix11.exe => Moved successfully.
C:\Users\Ihor\Desktop\adwcleaner.exe => Moved successfully.
C:\CF-Submit.htm => Moved successfully.
C:\Windows\windows.exe.tmp => Moved successfully.
"C:\Windows\Trojan.exe.tmp" => File/Directory not found.
C:\Users\Ihor\Documents\Server1.exe => Moved successfully.
C:\Windows\server.exe => Moved successfully.
C:\Windows\system32\.tmp => Moved successfully.
C:\Windows\windows.exe => Moved successfully.
C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs => Moved successfully.
Could not move "C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs" => Scheduled to move on reboot.
Could not move "C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs" => Scheduled to move on reboot.
Could not move "C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" => Scheduled to move on reboot.
C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs => Moved successfully.
Could not move "C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs" => Scheduled to move on reboot.
Could not move "C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" => Scheduled to move on reboot.
"C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS" => File/Directory not found.
C:\Users\Ihor\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Program Files (x86)\Iminent" => File/Directory not found.
"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= shutdown /r /f /t 2 =========
========= End of CMD: =========
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-14 15:48:23)<=
C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs => Is moved successfully.
C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs => Is moved successfully.
"C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" => File could not move.
C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs => Is moved successfully.
"C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" => File could not move.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-01-2014 02
Ran by Ihor at 2014-01-14 15:43:21 Run:1
Running from C:\Users\Ihor\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [TMP3E3~1] - "C:\Users\Ihor\AppData\Local\Temp\TMP3E3~1.VBS" <===== ATTENTION
HKLM-x32\...\Run: [] - [x]
HKCU\...\Run: [ăíßŃćČĎÇĘí.b] - [x]
HKCU\...\Run: [mvpjbscryh] - C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [nxyjekzaeo] - C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tdnkeeuwjq] - C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tmp4106] - C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs [542852 2014-01-03] () <===== ATTENTION
HKCU\...\Run: [tmp50DF] - C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmpA025] - C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp791A] - C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp6D47] - C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [vdcwwdxbwo] - C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs [14264 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp97EB] - C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs [14276 2013-12-31] () <===== ATTENTION
HKCU\...\Run: [TMP6D4~1] - C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP791~1] - C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP50D~1] - C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMPA02~1] - C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B8D6B2AC-226A-402F-883E-D1F3D529C592} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=6F44F2EB-C8A3-40C6-901D-2299CC053965&apn_sauid=ECFB09E9-B264-4153-9235-F524D3965BD1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask.com
CHR DefaultNewTabURL:
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Extension: (wxDfast) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd\1.0_0 [2012-08-25]
CHR HKLM-x32\...\Chrome\Extension: [epohjfbhajfojachcgdhgegmaadodlcd] - C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx [2012-11-07]
S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [x]
C:\Program Files\Protector by IB
2014-01-13 23:03 - 2014-01-13 23:03 - 00000000 ____D C:\ProgramData\Symantec
2014-01-13 21:48 - 2014-01-13 21:48 - 00004582 _____ C:\Users\Ihor\Desktop\Rkill.txt
2014-01-13 21:47 - 2014-01-13 21:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ihor\Desktop\rkill.exe
2014-01-13 22:14 - 2014-01-13 22:13 - 05166068 ____R (Swearware) C:\Users\Ihor\Desktop\ComboFix11.exe
2014-01-14 13:54 - 2014-01-14 13:48 - 01236282 _____ C:\Users\Ihor\Desktop\adwcleaner.exe
2014-01-14 00:08 - 2014-01-14 00:08 - 00001204 _____ C:\CF-Submit.htm
2014-01-13 19:15 - 2014-01-13 23:09 - 00000008 _____ C:\Windows\windows.exe.tmp
2014-01-13 14:45 - 2014-01-13 20:28 - 00000059 ____N C:\Windows\Trojan.exe.tmp
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 ____N (Microsoft Corporation) C:\Windows\server.exe
2014-01-01 18:37 - 2014-01-13 20:28 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 ____N C:\Windows\windows.exe
C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs
C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs
C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS
C:\Users\Ihor\AppData\Local\Temp\Quarantine.exe
C:\Program Files (x86)\Iminent
C:\Program Files (x86)\Optimizer Pro
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe" /f
Hosts:
CMD: shutdown /r /f /t 2
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TMP3E3~1 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ăíßŃćČĎÇĘí.b => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\mvpjbscryh => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\nxyjekzaeo => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tdnkeeuwjq => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp4106 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp50DF => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmpA025 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp791A => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp6D47 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\vdcwwdxbwo => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp97EB => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMP6D4~1 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMP791~1 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMP50D~1 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TMPA02~1 => Value deleted successfully.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value not found.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs => Moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8D6B2AC-226A-402F-883E-D1F3D529C592} => Key deleted successfully.
HKCR\CLSID\{B8D6B2AC-226A-402F-883E-D1F3D529C592} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
CHR DefaultSearchKeyword: askws ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Ask.com ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll not found.
C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\epohjfbhajfojachcgdhgegmaadodlcd => Key deleted successfully.
"C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx" => File/Directory not found.
Protector by IB Updater => Service deleted successfully.
"C:\Program Files\Protector by IB" => File/Directory not found.
C:\ProgramData\Symantec => Moved successfully.
C:\Users\Ihor\Desktop\Rkill.txt => Moved successfully.
C:\Users\Ihor\Desktop\rkill.exe => Moved successfully.
C:\Users\Ihor\Desktop\ComboFix11.exe => Moved successfully.
C:\Users\Ihor\Desktop\adwcleaner.exe => Moved successfully.
C:\CF-Submit.htm => Moved successfully.
C:\Windows\windows.exe.tmp => Moved successfully.
"C:\Windows\Trojan.exe.tmp" => File/Directory not found.
C:\Users\Ihor\Documents\Server1.exe => Moved successfully.
C:\Windows\server.exe => Moved successfully.
C:\Windows\system32\.tmp => Moved successfully.
C:\Windows\windows.exe => Moved successfully.
C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs => Moved successfully.
Could not move "C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs" => Scheduled to move on reboot.
Could not move "C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs" => Scheduled to move on reboot.
Could not move "C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" => Scheduled to move on reboot.
C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs => Moved successfully.
C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs => Moved successfully.
Could not move "C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs" => Scheduled to move on reboot.
Could not move "C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" => Scheduled to move on reboot.
"C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS" => File/Directory not found.
"C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS" => File/Directory not found.
C:\Users\Ihor\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Program Files (x86)\Iminent" => File/Directory not found.
"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= shutdown /r /f /t 2 =========
========= End of CMD: =========
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-14 15:48:23)<=
C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs => Is moved successfully.
C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs => Is moved successfully.
"C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" => File could not move.
C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs => Is moved successfully.
"C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" => File could not move.
==== End of Fixlog ====
Re: Win 7 naběhne ale je extremě pomalé
Ja si rikal ze ten prvni log je pod druhem spusteni, no nevadi, jistota je kulomet 
Jak je na tom PC, uz se mu dycha lepe??"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Win 7 naběhne ale je extremě pomalé
pocitac je jak novy oproti vcerejsku 
Re: Win 7 naběhne ale je extremě pomalé
Ja bych tam s dovolenim pusil jeste jeden sken, ono preci jen to bylo zapraskane az moc 
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
CREATERESTOREPOINT netsvcs drivers32 savembr:0 %systemroot%*.* /U /s %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 %SYSTEMDRIVE%\*.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 %PROGRAMFILES%\Opera\opera.exe /md5 %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 %SystemDrive%\PhysicalMBR.bin /md5- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
- Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Win 7 naběhne ale je extremě pomalé
OTL logfile created on: 1/14/2014 4:36:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ihor\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2.73 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 63.07% Memory free
5.46 Gb Paging File | 4.00 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 363.83 Gb Free Space | 80.73% Space Free | Partition Type: NTFS
Drive E: | 999.70 Mb Total Space | 999.69 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Computer Name: IHOR-PC | User Name: Ihor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2014/01/14 16:31:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ihor\Desktop\OTL.exe
PRC - [2014/01/14 15:16:08 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/14 15:16:04 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/12/31 13:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/11/12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/11/12 02:21:46 | 000,295,232 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
========== Modules (No Company Name) ==========
MOD - [2014/01/14 15:16:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2010/11/12 02:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/01/14 15:16:04 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/01/14 15:14:29 | 000,113,704 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2013/11/26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/02/10 05:30:12 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2011/01/28 16:44:08 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/11/19 00:14:36 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/11/09 14:55:50 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 13:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/12/11 17:47:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/09 01:08:52 | 000,227,936 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/09 19:59:59 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/31 13:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/11/12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/01/15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/01/14 15:59:19 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/14 15:16:48 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/14 15:16:48 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/14 15:16:48 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/14 15:16:46 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/14 15:16:46 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/14 15:16:43 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/01/14 15:15:35 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/12/19 14:11:27 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/29 02:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/17 09:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/08/17 08:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 08:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 08:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 08:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 05:30:34 | 001,495,680 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 00:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/09 15:34:04 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/09 14:18:54 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/27 08:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/07/29 14:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/28 21:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/02/18 17:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\4game.com/plugin: C:\Program Files (x86)\4game\4game\npplugin4game.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ihor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/04/16 04:06:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/16 04:06:28 | 000,000,000 | ---D | M]
[2012/05/02 20:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 4game (Enabled) = C:\Program Files (x86)\4game\4game\npplugin4game.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ratchet & Clank Future 2 = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Allin1Convert = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj\5.81.3.15569_0\
CHR - Extension: Gmail = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ratchet & Clank Future 2 = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Allin1Convert = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj\5.81.3.15569_0\
CHR - Extension: Gmail = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/01/14 16:04:26 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [tmp4106] wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" File not found
O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [TMP6D4~1] "C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS" File not found
O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [tmp97EB] wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" File not found
O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [TMPA02~1] C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS ()
O4 - Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPA02~1.VBS ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25662BD2-60A1-4E60-B311-88CD01085FEA}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6C19710-AFEB-451F-A650-32F7302CC47D}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2014/01/14 16:32:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ihor\Desktop\OTL.exe
[2014/01/14 16:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2014/01/14 15:48:33 | 000,000,000 | ---D | C] -- C:\Users\Ihor\AppData\Roaming\AVAST Software
[2014/01/14 15:21:57 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/01/14 15:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/14 15:18:22 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/14 15:16:58 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/14 15:16:57 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/14 15:06:09 | 000,439,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/01/14 13:54:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/14 00:26:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/14 00:16:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/13 22:15:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/13 22:15:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/13 22:15:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/13 22:10:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/13 22:09:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/13 20:49:27 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/13 20:48:58 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Users\Ihor\Desktop\FRSTLauncher.exe
[2014/01/13 20:48:34 | 002,075,648 | ---- | C] (Farbar) -- C:\Users\Ihor\Desktop\FRST64.exe
[2014/01/13 19:59:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/01/13 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\Ihor\AppData\Local\Temp
[2014/01/13 18:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/01/13 18:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/30 16:16:38 | 000,357,888 | ---- | C] (AnjoCaido) -- C:\Users\Ihor\AppData\Roaming\Tekkit.exe
========== Files - Modified Within 7 Days ==========
[2014/01/14 16:41:04 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/14 16:40:56 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/01/14 16:31:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ihor\Desktop\OTL.exe
[2014/01/14 16:27:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/14 16:13:32 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 16:13:32 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 16:06:07 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/14 16:05:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/14 16:05:26 | 2197,999,616 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/14 16:04:26 | 000,000,035 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/14 16:03:47 | 000,029,696 | ---- | M] () -- C:\Users\Ihor\AppData\Local\MSGBOX.EXE
[2014/01/14 16:03:47 | 000,015,327 | ---- | M] () -- C:\Users\Ihor\Desktop\LM.bat
[2014/01/14 15:59:19 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/14 15:52:59 | 001,584,626 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/14 15:52:59 | 000,669,132 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014/01/14 15:52:59 | 000,654,480 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/14 15:52:59 | 000,141,760 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014/01/14 15:52:59 | 000,122,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/14 15:25:42 | 001,560,276 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/14 15:19:15 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/14 15:19:15 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/14 15:16:48 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/14 15:16:48 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/14 15:16:48 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/14 15:16:46 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/14 15:16:46 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/14 15:16:46 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/14 15:16:43 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/14 15:16:37 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/14 15:15:35 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/01/14 15:14:30 | 000,439,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/01/14 15:06:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2014/01/13 20:28:54 | 000,112,640 | ---- | M] (forum.viry.cz) -- C:\Users\Ihor\Desktop\FRSTLauncher.exe
[2014/01/13 20:25:10 | 002,075,648 | ---- | M] (Farbar) -- C:\Users\Ihor\Desktop\FRST64.exe
[2014/01/13 20:05:40 | 000,244,224 | ---- | M] () -- C:\Users\Ihor\AppData\Roaming\plugin.dat
[2014/01/13 14:17:00 | 000,192,923 | ---- | M] () -- C:\Users\Ihor\Desktop\stropppp 001.jpg
========== Files Created - No Company Name ==========
[2014/01/14 16:40:56 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/01/14 16:03:47 | 000,015,327 | ---- | C] () -- C:\Users\Ihor\Desktop\LM.bat
[2014/01/14 15:43:30 | 000,011,517 | ---- | C] () -- C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPA02~1.VBS
[2014/01/14 15:42:20 | 000,029,696 | ---- | C] () -- C:\Users\Ihor\AppData\Local\MSGBOX.EXE
[2014/01/14 15:19:15 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/14 15:19:15 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/14 15:06:26 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/14 15:06:24 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/13 22:15:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/13 22:15:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/13 22:15:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/13 22:15:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/13 22:15:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/13 14:17:00 | 000,192,923 | ---- | C] () -- C:\Users\Ihor\Desktop\stropppp 001.jpg
[2014/01/04 18:39:36 | 000,025,276 | ---- | C] () -- C:\Users\Ihor\AppData\Roaming\addons.dat
[2014/01/02 16:16:38 | 000,244,224 | ---- | C] () -- C:\Users\Ihor\AppData\Roaming\plugin.dat
[2013/11/25 21:40:56 | 000,046,347 | ---- | C] () -- C:\Users\Ihor\jCl-5ZpAjOU.jpg
[2013/11/25 21:39:19 | 000,048,880 | ---- | C] () -- C:\Users\Ihor\Urj8ls25KPc.jpg
[2012/11/22 14:48:06 | 001,560,276 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/25 06:14:11 | 000,000,020 | ---- | C] () -- C:\Windows\NMCAutorunXP.ini
[2012/09/11 16:51:07 | 001,990,185 | ---- | C] () -- C:\Users\Ihor\PC140334.JPG
[2012/09/11 16:51:05 | 002,020,420 | ---- | C] () -- C:\Users\Ihor\PC140333.JPG
[2012/09/11 16:51:02 | 002,072,829 | ---- | C] () -- C:\Users\Ihor\PC140332.JPG
[2012/09/11 16:50:59 | 002,099,067 | ---- | C] () -- C:\Users\Ihor\PC070331.JPG
[2012/09/11 16:50:57 | 002,083,090 | ---- | C] () -- C:\Users\Ihor\PC070329.JPG
[2012/09/11 16:50:54 | 002,087,938 | ---- | C] () -- C:\Users\Ihor\PC070328.JPG
[2012/09/11 16:50:51 | 002,113,476 | ---- | C] () -- C:\Users\Ihor\PC070327.JPG
[2012/09/11 16:50:48 | 002,106,111 | ---- | C] () -- C:\Users\Ihor\PC061231.JPG
[2012/09/11 16:50:45 | 002,121,015 | ---- | C] () -- C:\Users\Ihor\PC061230.JPG
[2012/09/11 16:50:43 | 002,087,808 | ---- | C] () -- C:\Users\Ihor\PC061227.JPG
[2012/09/11 16:50:40 | 002,098,282 | ---- | C] () -- C:\Users\Ihor\PC061226.JPG
[2012/09/11 16:50:37 | 002,035,731 | ---- | C] () -- C:\Users\Ihor\PC061225.JPG
[2012/09/11 16:50:34 | 002,100,636 | ---- | C] () -- C:\Users\Ihor\PC061224.JPG
[2012/09/11 16:50:32 | 002,115,242 | ---- | C] () -- C:\Users\Ihor\PC061223.JPG
[2012/09/11 16:50:29 | 002,095,230 | ---- | C] () -- C:\Users\Ihor\PC061222.JPG
[2012/09/11 16:50:26 | 002,090,667 | ---- | C] () -- C:\Users\Ihor\PC051221.JPG
[2012/09/11 16:50:23 | 002,089,082 | ---- | C] () -- C:\Users\Ihor\PC051220.JPG
[2012/09/11 16:50:20 | 002,081,211 | ---- | C] () -- C:\Users\Ihor\PC051219.JPG
[2012/09/11 16:50:18 | 002,101,063 | ---- | C] () -- C:\Users\Ihor\PC051218.JPG
[2012/09/11 16:50:15 | 002,116,618 | ---- | C] () -- C:\Users\Ihor\PC051217.JPG
[2012/09/11 16:50:12 | 002,070,171 | ---- | C] () -- C:\Users\Ihor\PC051216.JPG
[2012/09/11 16:50:09 | 002,141,066 | ---- | C] () -- C:\Users\Ihor\PC051215.JPG
[2012/09/09 09:22:06 | 019,220,480 | ---- | C] () -- C:\Windows\SysWow64\Shakes and Fidget Hack_Bot.exe
[2012/08/27 19:37:21 | 001,286,863 | ---- | C] () -- C:\Users\Ihor\IMG_0846.JPG
[2012/08/27 19:37:21 | 001,222,269 | ---- | C] () -- C:\Users\Ihor\IMG_0844.JPG
[2011/06/09 20:24:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/12/29 14:17:42 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\.minecraft
[2014/01/14 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\AVAST Software
[2014/01/13 18:45:57 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Clickteam
[2014/01/04 13:50:39 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Micro
[2011/10/26 07:13:54 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\OpenOffice.org
[2013/05/21 07:59:02 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Puruy
[2012/10/25 07:09:49 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\RigNRoll_usa_ws
[2012/10/25 07:36:55 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\runic games
[2011/06/11 21:25:44 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\SNS
[2012/09/03 11:09:33 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Unity
[2012/10/20 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\WildTangent
[2011/11/17 21:22:23 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,560 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/09 20:20:41 | 000,000,944 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 20:20:42 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/08/25 20:34:59 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< %systemroot%*.* /U /s >
[24 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[51 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013/12/29 14:17:42 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\.minecraft
[2013/01/14 20:26:34 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Adobe
[2014/01/14 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\AVAST Software
[2014/01/13 18:45:57 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Clickteam
[2011/06/09 21:08:05 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\CyberLink
[2011/06/09 21:19:46 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Google
[2011/06/09 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Identities
[2012/10/25 07:26:17 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\InstallShield
[2014/01/13 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Macromedia
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Media Center Programs
[2014/01/04 13:50:39 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Micro
[2014/01/13 20:33:06 | 000,000,000 | --SD | M] -- C:\Users\Ihor\AppData\Roaming\Microsoft
[2012/01/18 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Nero
[2011/10/26 07:13:54 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\OpenOffice.org
[2013/05/21 07:59:02 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Puruy
[2012/10/25 07:09:49 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\RigNRoll_usa_ws
[2012/10/25 07:36:55 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\runic games
[2014/01/13 19:50:25 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Skype
[2012/09/15 07:03:28 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\skypePM
[2011/06/11 21:25:44 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\SNS
[2012/09/03 11:09:33 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Unity
[2012/10/20 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\WildTangent
[2011/11/17 21:22:23 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Windows Live Writer
[2013/05/06 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2011/02/24 18:43:17 | 000,357,888 | ---- | M] (AnjoCaido) -- C:\Users\Ihor\AppData\Roaming\Tekkit.exe
[2014/01/04 13:50:36 | 000,098,304 | -H-- | M] () -- C:\Users\Ihor\AppData\Roaming\Micro\spy.exe
[2012/12/01 14:08:14 | 000,005,632 | R--- | M] () -- C:\Users\Ihor\AppData\Roaming\Microsoft\Installer\{A9D5884B-0ACD-4DEF-A457-E66E8316BC5D}\IconA9D5884B.exe
[2012/10/20 19:41:56 | 001,007,720 | ---- | M] (WildTangent) -- C:\Users\Ihor\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe
[2012/10/20 19:41:46 | 000,000,179 | ---- | M] () -- C:\Users\Ihor\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata
[2013/11/23 12:33:24 | 000,000,181 | ---- | M] () -- C:\Users\Ihor\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-packardbell.exe_filedata
[2012/11/29 02:52:32 | 000,572,064 | ---- | M] (WildTangent, Inc.) -- C:\Users\Ihor\AppData\Roaming\WildTangent\WildTangent Games\App\Update\Updater.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014/01/14 16:41:04 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/01/14 16:06:07 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/01/14 16:27:00 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/01/14 15:06:23 | 000,000,000 | ---- | M] () -- C:\Windows\system32\config.nt
[2014/01/14 15:25:42 | 001,560,276 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"TMPA02~1" = "C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS" -- [2014/01/02 18:47:21 | 000,011,517 | ---- | M] ()
"TMP6D4~1" = "C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS"
"tmp4106" = wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" -- [2013/10/12 02:15:48 | 000,141,824 | ---- | M] (Microsoft Corporation)
"tmp97EB" = wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" -- [2013/10/12 02:15:48 | 000,141,824 | ---- | M] (Microsoft Corporation)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013/12/10 11:38:49 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013/12/04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) MD5=376A9B411BF8B77D5BF84B24D0C7DACD -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/01/14 16:40:56 | 000,000,512 | ---- | M] () MD5=DF28C8A059D8CC3D1937A7D4D9F60B74 -- C:\PhysicalMBR.bin
========== Files - Unicode (All) ==========
[2013/11/30 13:59:02 | 000,000,000 | ---D | M](C:\Users\Ihor\Desktop\5 ????? (???.) ??????. ?????? ??. ??????????? ?????._files) -- C:\Users\Ihor\Desktop\5 канал (укр.) онлайн. Онлайн ТВ. Телевидение здесь._files
[2013/11/30 13:58:53 | 000,058,129 | ---- | M] ()(C:\Users\Ihor\Desktop\5 ????? (???.) ??????. ?????? ??. ??????????? ?????..htm) -- C:\Users\Ihor\Desktop\5 канал (укр.) онлайн. Онлайн ТВ. Телевидение здесь..htm
[2013/11/30 13:58:53 | 000,000,000 | ---D | C](C:\Users\Ihor\Desktop\5 ????? (???.) ??????. ?????? ??. ??????????? ?????._files) -- C:\Users\Ihor\Desktop\5 канал (укр.) онлайн. Онлайн ТВ. Телевидение здесь._files
[2013/11/30 13:58:50 | 000,058,129 | ---- | C] ()(C:\Users\Ihor\Desktop\5 ????? (???.) ??????. ?????? ??. ??????????? ?????..htm) -- C:\Users\Ihor\Desktop\5 канал (укр.) онлайн. Онлайн ТВ. Телевидение здесь..htm
[2013/04/01 15:28:59 | 001,658,156 | ---- | M] ()(C:\Users\Ihor\?????? ? ????????-36 ??????.pdf) -- C:\Users\Ihor\Работа в Норвегии-36 листов.pdf
[2013/04/01 15:28:55 | 000,097,222 | ---- | M] ()(C:\Users\Ihor\????????-?????.pdf) -- C:\Users\Ihor\Норвегия-языки.pdf
[2013/04/01 15:28:55 | 000,071,493 | ---- | M] ()(C:\Users\Ihor\????????? ? ??????.pdf) -- C:\Users\Ihor\Пояснения к бланку.pdf
[2013/04/01 15:28:54 | 000,147,844 | ---- | M] ()(C:\Users\Ihor\??????????? ??????????? ????????????.pdf) -- C:\Users\Ihor\Юридические разъяснения деятельности.pdf
[2013/04/01 15:28:54 | 000,132,422 | ---- | M] ()(C:\Users\Ihor\????????? ???????? ???????? ? ????????-13.pdf) -- C:\Users\Ihor\Некоторые открытые вакансии в Норвегии-13.pdf
[2013/04/01 15:28:54 | 000,115,395 | ---- | M] ()(C:\Users\Ihor\??????????? ?? ???????? -????.pdf) -- C:\Users\Ihor\Разьяснение по словарям -Киев.pdf
[2013/04/01 15:28:54 | 000,110,367 | ---- | M] ()(C:\Users\Ihor\??? ????? ???????????????.pdf) -- C:\Users\Ihor\Что такое трудоустройство.pdf
[2013/04/01 15:28:54 | 000,102,058 | ---- | M] ()(C:\Users\Ihor\????????? ??? ??????????-????????-13 (2).pdf) -- C:\Users\Ihor\Документы для оформления-Норвегия-13 (2).pdf
[2013/04/01 15:28:54 | 000,091,654 | ---- | M] ()(C:\Users\Ihor\??????????-13.pdf) -- C:\Users\Ihor\Инструкции-13.pdf
[2013/04/01 15:28:54 | 000,082,218 | ---- | M] ()(C:\Users\Ihor\????????? ?? ???.???.-3 ?????.pdf) -- C:\Users\Ihor\Пояснения по лиц.усл.-3 листа.pdf
[2013/04/01 15:28:54 | 000,081,613 | ---- | M] ()(C:\Users\Ihor\??????????? ?? ???????? -??????????.pdf) -- C:\Users\Ihor\Разьяснение по словарям -Симферполь.pdf
[2013/04/01 15:28:54 | 000,073,048 | ---- | M] ()(C:\Users\Ihor\????????? ? ?????? ? ??????????,?? ????????-2 ????? (2).pdf) -- C:\Users\Ihor\Пояснения к резюме и документам,их отправке-2 листа (2).pdf
[2013/04/01 15:28:53 | 000,132,422 | ---- | C] ()(C:\Users\Ihor\????????? ???????? ???????? ? ????????-13.pdf) -- C:\Users\Ihor\Некоторые открытые вакансии в Норвегии-13.pdf
[2013/04/01 15:28:53 | 000,102,058 | ---- | C] ()(C:\Users\Ihor\????????? ??? ??????????-????????-13 (2).pdf) -- C:\Users\Ihor\Документы для оформления-Норвегия-13 (2).pdf
[2013/04/01 15:28:53 | 000,091,654 | ---- | C] ()(C:\Users\Ihor\??????????-13.pdf) -- C:\Users\Ihor\Инструкции-13.pdf
[2013/04/01 15:28:52 | 001,658,156 | ---- | C] ()(C:\Users\Ihor\?????? ? ????????-36 ??????.pdf) -- C:\Users\Ihor\Работа в Норвегии-36 листов.pdf
[2013/04/01 15:28:52 | 000,147,844 | ---- | C] ()(C:\Users\Ihor\??????????? ??????????? ????????????.pdf) -- C:\Users\Ihor\Юридические разъяснения деятельности.pdf
[2013/04/01 15:28:52 | 000,115,395 | ---- | C] ()(C:\Users\Ihor\??????????? ?? ???????? -????.pdf) -- C:\Users\Ihor\Разьяснение по словарям -Киев.pdf
[2013/04/01 15:28:52 | 000,110,367 | ---- | C] ()(C:\Users\Ihor\??? ????? ???????????????.pdf) -- C:\Users\Ihor\Что такое трудоустройство.pdf
[2013/04/01 15:28:52 | 000,097,222 | ---- | C] ()(C:\Users\Ihor\????????-?????.pdf) -- C:\Users\Ihor\Норвегия-языки.pdf
[2013/04/01 15:28:52 | 000,082,218 | ---- | C] ()(C:\Users\Ihor\????????? ?? ???.???.-3 ?????.pdf) -- C:\Users\Ihor\Пояснения по лиц.усл.-3 листа.pdf
[2013/04/01 15:28:52 | 000,081,613 | ---- | C] ()(C:\Users\Ihor\??????????? ?? ???????? -??????????.pdf) -- C:\Users\Ihor\Разьяснение по словарям -Симферполь.pdf
[2013/04/01 15:28:52 | 000,073,048 | ---- | C] ()(C:\Users\Ihor\????????? ? ?????? ? ??????????,?? ????????-2 ????? (2).pdf) -- C:\Users\Ihor\Пояснения к резюме и документам,их отправке-2 листа (2).pdf
[2013/04/01 15:28:52 | 000,071,493 | ---- | C] ()(C:\Users\Ihor\????????? ? ??????.pdf) -- C:\Users\Ihor\Пояснения к бланку.pdf
[2011/09/04 06:35:53 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?Ô) -- C:\Windows\SysNative\ꆠÔ
[2011/09/04 06:35:53 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?Ô) -- C:\Windows\SysNative\ꆠÔ
< End of report >
OTL Extras logfile created on: 1/14/2014 4:36:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ihor\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2.73 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 63.07% Memory free
5.46 Gb Paging File | 4.00 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 363.83 Gb Free Space | 80.73% Space Free | Partition Type: NTFS
Drive E: | 999.70 Mb Total Space | 999.69 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Computer Name: IHOR-PC | User Name: Ihor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{715C9B23-724B-4D32-B1EC-EAA94483E77D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B79F2A5C-F494-4095-BF27-FF6D34EA45FA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CE2F5691-7D7B-4175-B21E-3364C4593604}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{129373F6-2BE2-4C81-8217-6E9B74665E50}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{19E6059F-CA14-43A0-B177-9B3DC152B082}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{2BFD3FA4-7497-48F0-857E-A4496DC73A79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{37B99746-C6FE-4D4E-8933-F817E79692FD}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{544306A9-D324-4E18-A236-20C9DC169738}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{58D276D2-9DB6-4AD9-9D9C-111B3A784E52}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{61F49965-702B-4EF4-A6D8-28D226E47D46}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8A15834D-09BB-44F7-8474-C5AD35A08BD3}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{8D3D062C-D69E-4EA0-B752-86C84E27E4C9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9B8196BB-2C5D-4EB7-A914-8C374EEC6B50}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A00E4DE1-CBDD-45CA-97FD-AA68BAFD7579}" = protocol=17 | dir=in | app=c:\program files (x86)\runic games\torchlight\torchlight.exe |
"{B2D9CDC9-F716-4308-A3C2-916520553EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D5911077-2D73-42F5-8ECF-621CD928165E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB9AB2E6-A3E1-40D6-8D0F-85A86D81F088}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EBBC439C-53F7-43CD-A836-BAD51BDD6301}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FCFFDA7C-6B06-4FCD-9F1B-34F8DDFCD2A9}" = protocol=6 | dir=in | app=c:\program files (x86)\runic games\torchlight\torchlight.exe |
"TCP Query User{2A32DE03-69A8-4073-94BA-AF96D6EFFB1E}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{6455C0E3-EA75-4C90-8CE1-82935B7A2FF6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{748B4190-0344-4411-B982-FD5F92028E49}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{82CA698B-F4F9-425A-8A33-975DAF85ACC6}C:\users\ihor\windows.exe" = protocol=6 | dir=in | app=c:\users\ihor\windows.exe |
"UDP Query User{67990DF7-A2A9-4B84-A461-A0171D3E873F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{77A66920-490F-414E-9FBD-DA8E6E598E06}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{B7B3F6A0-3F83-4C23-AE9B-106C7019C79E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{FD24C1F8-5192-4D34-A150-18D74238D7B4}C:\users\ihor\windows.exe" = protocol=17 | dir=in | app=c:\users\ihor\windows.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}" = ATI Catalyst Install Manager
"{56D8EE9D-5411-4DEE-6CFB-C720A07FDCAB}" = ccc-utility64
"{5850E3A0-1096-5C2D-C296-D9C2B00E8855}" = AMD Fuel
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE24C28A-6BE1-5138-7CC7-854E9EB3757C}" = WMV9/VC-1 Video Playback
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0959BCF5-05D5-9F2B-0965-1A27A533C492}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11BA11BA-AB63-16D2-F944-87DC002C28CA}_is1" = SimCity 4 Deluxe - crack version for Windows
"{1292DD8E-474E-7D7C-5FF9-B4A7639D435A}" = CCC Help Czech
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D234FAE-7FE2-5002-2B63-8CDEA2BD0B60}" = CCC Help Hungarian
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{35168310-7EE6-AD4E-84F3-73960642561C}" = Catalyst Control Center Localization All
"{366234D5-16FC-9EA2-5881-08B8CC44D36D}" = CCC Help Greek
"{37AAE8BF-DC98-1937-CDE9-9CE61833A252}" = CCC Help Japanese
"{3A915C0E-0168-0E43-B5A4-949136DF0C33}" = Catalyst Control Center Profiles Mobile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{45CBA375-6ECC-EA3C-5EC3-E06A16DFD9A8}" = CCC Help Thai
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{477878A3-24BC-98D5-B447-417E4FF30218}" = CCC Help Korean
"{4991FCCE-1131-4B92-B697-9EC0FCAFDA5B}" = Torchlight
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4EF87BA4-A1C8-818D-81B4-A211B8D817C7}" = CCC Help Portuguese
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{508457D2-6156-EE57-2F7D-8DCB90B2BCF2}" = CCC Help Russian
"{52D36E31-AE4A-8E99-8B6B-F04A306AC4E7}" = CCC Help Chinese Standard
"{54D986DF-0B7F-244D-9A36-A52CF36D8633}" = CCC Help Norwegian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A4D2D53-D233-4FAE-FB7D-9101B46C9F53}" = CCC Help Italian
"{5A8EBCAE-71F2-F101-E86E-8E128A47401C}" = CCC Help French
"{5D43581B-77CC-CA01-5D4F-34215870EBE8}" = CCC Help Swedish
"{5F055711-2CAF-4323-8443-BEE4913FC7E6}" = Shade: Hněv andělů
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{624B8C52-419F-48BF-704F-0DE2BEC1E323}" = Catalyst Control Center InstallProxy
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FDDD338-24AD-E75E-E0A7-82CDAE803378}" = CCC Help Danish
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{903E5724-3250-163F-017F-33030AAEA16B}" = CCC Help Spanish
"{90850405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C0E3DA8-408A-39D3-855D-3440E38F3D83}" = ccc-core-static
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9AED59-2E4B-C3BB-D036-9392A3898E20}" = CCC Help English
"{A2B8BB9D-D778-54D5-6390-E74A12CE469E}_is1" = CarovnyMinecraft_1.5.2_v2.0 Warez version for Windows
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9D5884B-0ACD-4DEF-A457-E66E8316BC5D}" = Total Overdose Demo
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CABA6C97-8680-D8C4-7DAA-A8D1CC230370}" = Catalyst Control Center Graphics Previews Common
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B94160-4A07-4956-9C73-8C5EEFEF180F}" = OpenOffice.org 3.3
"{DB02F9A4-E1FB-7F18-81A6-74CE89117123}_is1" = Sim city 4 deluxe - etina version for Windows
"{DB9AA311-9119-5466-BE82-6CD37304FE42}" = CCC Help Dutch
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15555E9-386B-B748-7C94-4F2591ADCB63}" = CCC Help Chinese Traditional
"{e4c74ad9-bcbc-4d37-a4cf-1a4268ee0977}" = Nero 9 Essentials
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F5FCABF0-E2AF-6A70-3971-67C8B1310480}" = CCC Help Finnish
"{F6BDA6EB-7098-4C34-A3A0-C8C6C1114137}" = YTD Toolbar v8.5
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEE720F0-7A20-A61E-D56B-90DB02655B78}" = CCC Help German
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"avast" = avast! Internet Security
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"GotClip" = GotClip Downloader
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"LManager" = Launch Manager
"Minecraft Gift CodesFinal" = Minecraft Gift Codes
"OpenAL" = OpenAL
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"Planet of Cartmans 2_is1" = Planet of Cartmans 2 v.1.2
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088292" = Zuma Deluxe
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
"wxDownload Fast_is1" = wxDownload Fast 0.6.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/19/2012 10:57:49 AM | Computer Name = Ihor-PC | Source = Iminent | ID = 0
Description =
Error - 11/20/2012 2:19:26 AM | Computer Name = Ihor-PC | Source = MsiInstaller | ID = 11704
Description =
Error - 11/20/2012 5:40:58 AM | Computer Name = Ihor-PC | Source = Application Hang | ID = 1002
Description = Program Skype.exe verze 5.10.0.116 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
c50 Čas spuštění: 01cdc702eb7dce02 Čas ukončení: 31 Cesta k aplikaci: C:\Program Files
(x86)\Skype\Phone\Skype.exe ID hlášení: 54b34c91-32f6-11e2-9b26-b870f470e97e
Error - 11/21/2012 4:13:37 AM | Computer Name = Ihor-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 8.0.7600.17115, časové
razítko: 0x5037a5e4 Název chybujícího modulu: aswWebRepIE64.dll, verze: 7.0.1466.549,
časové razítko: 0x50335082 Kód výjimky: 0xc0000005 Posun chyby: 0x000000000002d9c6
ID
chybujícího procesu: 0x1068 Čas spuštění chybující aplikace: 0x01cdc7bfe0868766 Cesta
k chybující aplikaci: C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu
modulu: C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ID zprávy: 59613ae4-33b3-11e2-bce8-b870f470e97e
Error - 11/21/2012 4:14:34 AM | Computer Name = Ihor-PC | Source = Windows Search Service | ID = 3007
Description =
Error - 11/24/2012 4:55:04 AM | Computer Name = Ihor-PC | Source = Application Hang | ID = 1002
Description = Program Skype.exe verze 5.10.0.116 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
fe4 Čas spuštění: 01cdca2102ab3018 Čas ukončení: 240 Cesta k aplikaci: C:\Program
Files (x86)\Skype\Phone\Skype.exe ID hlášení: 9af0afef-3614-11e2-a173-b870f470e97e
Error - 11/25/2012 6:31:45 AM | Computer Name = Ihor-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Updater.exe, verze: 5.10.1.44067, časové
razítko: 0x5000146c Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x00ad00c4 ID chybujícího procesu:
0xc2c Čas spuštění chybující aplikace: 0x01cdcaf7b0ec16a1 Cesta k chybující aplikaci:
C:\Program Files (x86)\Skype\Updater\Updater.exe Cesta k chybujícímu modulu: unknown
ID
zprávy: 4f144934-36eb-11e2-b936-b870f470e97e
Error - 12/20/2012 7:23:28 AM | Computer Name = Ihor-PC | Source = Application Hang | ID = 1002
Description = Program Skype.exe verze 6.0.0.126 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
8f0 Čas spuštění: 01cddea438f4f7f2 Čas ukončení: 219 Cesta k aplikaci: C:\Program
Files (x86)\Skype\Phone\Skype.exe ID hlášení: a47f262e-4a97-11e2-86fa-b870f470e97e
Error - 1/11/2013 4:12:32 AM | Computer Name = Ihor-PC | Source = System Restore | ID = 8193
Description =
Error - 1/11/2013 4:37:14 AM | Computer Name = Ihor-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
[ System Events ]
Error - 1/14/2014 9:10:42 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:16:10 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 10:03:07 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7031
Description = Služba avast! Firewall byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.
Error - 1/14/2014 10:44:30 AM | Computer Name = Ihor-PC | Source = DCOM | ID = 10010
Description =
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ihor\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2.73 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 63.07% Memory free
5.46 Gb Paging File | 4.00 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 363.83 Gb Free Space | 80.73% Space Free | Partition Type: NTFS
Drive E: | 999.70 Mb Total Space | 999.69 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Computer Name: IHOR-PC | User Name: Ihor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2014/01/14 16:31:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ihor\Desktop\OTL.exe
PRC - [2014/01/14 15:16:08 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/14 15:16:04 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/12/31 13:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/11/12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/11/12 02:21:46 | 000,295,232 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
========== Modules (No Company Name) ==========
MOD - [2014/01/14 15:16:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2010/11/12 02:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/01/14 15:16:04 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/01/14 15:14:29 | 000,113,704 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2013/11/26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/02/10 05:30:12 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2011/01/28 16:44:08 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/11/19 00:14:36 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/11/09 14:55:50 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 13:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/12/11 17:47:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/09 01:08:52 | 000,227,936 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/09 19:59:59 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/31 13:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/11/12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/01/15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/01/14 15:59:19 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/14 15:16:48 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/14 15:16:48 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/14 15:16:48 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/14 15:16:46 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/14 15:16:46 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/14 15:16:43 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/01/14 15:15:35 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/12/19 14:11:27 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/29 02:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/17 09:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/08/17 08:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 08:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 08:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 08:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 05:30:34 | 001,495,680 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 00:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/09 15:34:04 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/09 14:18:54 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/27 08:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/07/29 14:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/28 21:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/02/18 17:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\4game.com/plugin: C:\Program Files (x86)\4game\4game\npplugin4game.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ihor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/04/16 04:06:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/16 04:06:28 | 000,000,000 | ---D | M]
[2012/05/02 20:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 4game (Enabled) = C:\Program Files (x86)\4game\4game\npplugin4game.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ratchet & Clank Future 2 = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Allin1Convert = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj\5.81.3.15569_0\
CHR - Extension: Gmail = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ratchet & Clank Future 2 = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Allin1Convert = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj\5.81.3.15569_0\
CHR - Extension: Gmail = C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/01/14 16:04:26 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [tmp4106] wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" File not found
O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [TMP6D4~1] "C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS" File not found
O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [tmp97EB] wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" File not found
O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [TMPA02~1] C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS ()
O4 - Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPA02~1.VBS ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25662BD2-60A1-4E60-B311-88CD01085FEA}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6C19710-AFEB-451F-A650-32F7302CC47D}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2014/01/14 16:32:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ihor\Desktop\OTL.exe
[2014/01/14 16:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2014/01/14 15:48:33 | 000,000,000 | ---D | C] -- C:\Users\Ihor\AppData\Roaming\AVAST Software
[2014/01/14 15:21:57 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/01/14 15:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/14 15:18:22 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/14 15:16:58 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/14 15:16:57 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/14 15:06:09 | 000,439,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/01/14 13:54:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/14 00:26:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/14 00:16:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/13 22:15:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/13 22:15:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/13 22:15:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/13 22:10:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/13 22:09:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/13 20:49:27 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/13 20:48:58 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Users\Ihor\Desktop\FRSTLauncher.exe
[2014/01/13 20:48:34 | 002,075,648 | ---- | C] (Farbar) -- C:\Users\Ihor\Desktop\FRST64.exe
[2014/01/13 19:59:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/01/13 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\Ihor\AppData\Local\Temp
[2014/01/13 18:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/01/13 18:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/30 16:16:38 | 000,357,888 | ---- | C] (AnjoCaido) -- C:\Users\Ihor\AppData\Roaming\Tekkit.exe
========== Files - Modified Within 7 Days ==========
[2014/01/14 16:41:04 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/14 16:40:56 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/01/14 16:31:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ihor\Desktop\OTL.exe
[2014/01/14 16:27:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/14 16:13:32 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 16:13:32 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 16:06:07 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/14 16:05:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/14 16:05:26 | 2197,999,616 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/14 16:04:26 | 000,000,035 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/14 16:03:47 | 000,029,696 | ---- | M] () -- C:\Users\Ihor\AppData\Local\MSGBOX.EXE
[2014/01/14 16:03:47 | 000,015,327 | ---- | M] () -- C:\Users\Ihor\Desktop\LM.bat
[2014/01/14 15:59:19 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/14 15:52:59 | 001,584,626 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/14 15:52:59 | 000,669,132 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014/01/14 15:52:59 | 000,654,480 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/14 15:52:59 | 000,141,760 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014/01/14 15:52:59 | 000,122,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/14 15:25:42 | 001,560,276 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/14 15:19:15 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/14 15:19:15 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/14 15:16:48 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/14 15:16:48 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/14 15:16:48 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/14 15:16:46 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/14 15:16:46 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/14 15:16:46 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/14 15:16:43 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/14 15:16:37 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/14 15:15:35 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/01/14 15:14:30 | 000,439,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/01/14 15:06:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2014/01/13 20:28:54 | 000,112,640 | ---- | M] (forum.viry.cz) -- C:\Users\Ihor\Desktop\FRSTLauncher.exe
[2014/01/13 20:25:10 | 002,075,648 | ---- | M] (Farbar) -- C:\Users\Ihor\Desktop\FRST64.exe
[2014/01/13 20:05:40 | 000,244,224 | ---- | M] () -- C:\Users\Ihor\AppData\Roaming\plugin.dat
[2014/01/13 14:17:00 | 000,192,923 | ---- | M] () -- C:\Users\Ihor\Desktop\stropppp 001.jpg
========== Files Created - No Company Name ==========
[2014/01/14 16:40:56 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/01/14 16:03:47 | 000,015,327 | ---- | C] () -- C:\Users\Ihor\Desktop\LM.bat
[2014/01/14 15:43:30 | 000,011,517 | ---- | C] () -- C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPA02~1.VBS
[2014/01/14 15:42:20 | 000,029,696 | ---- | C] () -- C:\Users\Ihor\AppData\Local\MSGBOX.EXE
[2014/01/14 15:19:15 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/14 15:19:15 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/14 15:06:26 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/14 15:06:24 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/13 22:15:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/13 22:15:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/13 22:15:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/13 22:15:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/13 22:15:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/13 14:17:00 | 000,192,923 | ---- | C] () -- C:\Users\Ihor\Desktop\stropppp 001.jpg
[2014/01/04 18:39:36 | 000,025,276 | ---- | C] () -- C:\Users\Ihor\AppData\Roaming\addons.dat
[2014/01/02 16:16:38 | 000,244,224 | ---- | C] () -- C:\Users\Ihor\AppData\Roaming\plugin.dat
[2013/11/25 21:40:56 | 000,046,347 | ---- | C] () -- C:\Users\Ihor\jCl-5ZpAjOU.jpg
[2013/11/25 21:39:19 | 000,048,880 | ---- | C] () -- C:\Users\Ihor\Urj8ls25KPc.jpg
[2012/11/22 14:48:06 | 001,560,276 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/25 06:14:11 | 000,000,020 | ---- | C] () -- C:\Windows\NMCAutorunXP.ini
[2012/09/11 16:51:07 | 001,990,185 | ---- | C] () -- C:\Users\Ihor\PC140334.JPG
[2012/09/11 16:51:05 | 002,020,420 | ---- | C] () -- C:\Users\Ihor\PC140333.JPG
[2012/09/11 16:51:02 | 002,072,829 | ---- | C] () -- C:\Users\Ihor\PC140332.JPG
[2012/09/11 16:50:59 | 002,099,067 | ---- | C] () -- C:\Users\Ihor\PC070331.JPG
[2012/09/11 16:50:57 | 002,083,090 | ---- | C] () -- C:\Users\Ihor\PC070329.JPG
[2012/09/11 16:50:54 | 002,087,938 | ---- | C] () -- C:\Users\Ihor\PC070328.JPG
[2012/09/11 16:50:51 | 002,113,476 | ---- | C] () -- C:\Users\Ihor\PC070327.JPG
[2012/09/11 16:50:48 | 002,106,111 | ---- | C] () -- C:\Users\Ihor\PC061231.JPG
[2012/09/11 16:50:45 | 002,121,015 | ---- | C] () -- C:\Users\Ihor\PC061230.JPG
[2012/09/11 16:50:43 | 002,087,808 | ---- | C] () -- C:\Users\Ihor\PC061227.JPG
[2012/09/11 16:50:40 | 002,098,282 | ---- | C] () -- C:\Users\Ihor\PC061226.JPG
[2012/09/11 16:50:37 | 002,035,731 | ---- | C] () -- C:\Users\Ihor\PC061225.JPG
[2012/09/11 16:50:34 | 002,100,636 | ---- | C] () -- C:\Users\Ihor\PC061224.JPG
[2012/09/11 16:50:32 | 002,115,242 | ---- | C] () -- C:\Users\Ihor\PC061223.JPG
[2012/09/11 16:50:29 | 002,095,230 | ---- | C] () -- C:\Users\Ihor\PC061222.JPG
[2012/09/11 16:50:26 | 002,090,667 | ---- | C] () -- C:\Users\Ihor\PC051221.JPG
[2012/09/11 16:50:23 | 002,089,082 | ---- | C] () -- C:\Users\Ihor\PC051220.JPG
[2012/09/11 16:50:20 | 002,081,211 | ---- | C] () -- C:\Users\Ihor\PC051219.JPG
[2012/09/11 16:50:18 | 002,101,063 | ---- | C] () -- C:\Users\Ihor\PC051218.JPG
[2012/09/11 16:50:15 | 002,116,618 | ---- | C] () -- C:\Users\Ihor\PC051217.JPG
[2012/09/11 16:50:12 | 002,070,171 | ---- | C] () -- C:\Users\Ihor\PC051216.JPG
[2012/09/11 16:50:09 | 002,141,066 | ---- | C] () -- C:\Users\Ihor\PC051215.JPG
[2012/09/09 09:22:06 | 019,220,480 | ---- | C] () -- C:\Windows\SysWow64\Shakes and Fidget Hack_Bot.exe
[2012/08/27 19:37:21 | 001,286,863 | ---- | C] () -- C:\Users\Ihor\IMG_0846.JPG
[2012/08/27 19:37:21 | 001,222,269 | ---- | C] () -- C:\Users\Ihor\IMG_0844.JPG
[2011/06/09 20:24:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/12/29 14:17:42 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\.minecraft
[2014/01/14 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\AVAST Software
[2014/01/13 18:45:57 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Clickteam
[2014/01/04 13:50:39 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Micro
[2011/10/26 07:13:54 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\OpenOffice.org
[2013/05/21 07:59:02 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Puruy
[2012/10/25 07:09:49 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\RigNRoll_usa_ws
[2012/10/25 07:36:55 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\runic games
[2011/06/11 21:25:44 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\SNS
[2012/09/03 11:09:33 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Unity
[2012/10/20 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\WildTangent
[2011/11/17 21:22:23 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,560 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/09 20:20:41 | 000,000,944 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 20:20:42 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/08/25 20:34:59 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< %systemroot%*.* /U /s >
[24 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[51 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013/12/29 14:17:42 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\.minecraft
[2013/01/14 20:26:34 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Adobe
[2014/01/14 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\AVAST Software
[2014/01/13 18:45:57 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Clickteam
[2011/06/09 21:08:05 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\CyberLink
[2011/06/09 21:19:46 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Google
[2011/06/09 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Identities
[2012/10/25 07:26:17 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\InstallShield
[2014/01/13 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Macromedia
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Media Center Programs
[2014/01/04 13:50:39 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Micro
[2014/01/13 20:33:06 | 000,000,000 | --SD | M] -- C:\Users\Ihor\AppData\Roaming\Microsoft
[2012/01/18 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Nero
[2011/10/26 07:13:54 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\OpenOffice.org
[2013/05/21 07:59:02 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Puruy
[2012/10/25 07:09:49 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\RigNRoll_usa_ws
[2012/10/25 07:36:55 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\runic games
[2014/01/13 19:50:25 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Skype
[2012/09/15 07:03:28 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\skypePM
[2011/06/11 21:25:44 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\SNS
[2012/09/03 11:09:33 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Unity
[2012/10/20 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\WildTangent
[2011/11/17 21:22:23 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\Windows Live Writer
[2013/05/06 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Ihor\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2011/02/24 18:43:17 | 000,357,888 | ---- | M] (AnjoCaido) -- C:\Users\Ihor\AppData\Roaming\Tekkit.exe
[2014/01/04 13:50:36 | 000,098,304 | -H-- | M] () -- C:\Users\Ihor\AppData\Roaming\Micro\spy.exe
[2012/12/01 14:08:14 | 000,005,632 | R--- | M] () -- C:\Users\Ihor\AppData\Roaming\Microsoft\Installer\{A9D5884B-0ACD-4DEF-A457-E66E8316BC5D}\IconA9D5884B.exe
[2012/10/20 19:41:56 | 001,007,720 | ---- | M] (WildTangent) -- C:\Users\Ihor\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe
[2012/10/20 19:41:46 | 000,000,179 | ---- | M] () -- C:\Users\Ihor\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata
[2013/11/23 12:33:24 | 000,000,181 | ---- | M] () -- C:\Users\Ihor\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-packardbell.exe_filedata
[2012/11/29 02:52:32 | 000,572,064 | ---- | M] (WildTangent, Inc.) -- C:\Users\Ihor\AppData\Roaming\WildTangent\WildTangent Games\App\Update\Updater.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014/01/14 16:41:04 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/01/14 16:06:07 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/01/14 16:27:00 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/01/14 15:06:23 | 000,000,000 | ---- | M] () -- C:\Windows\system32\config.nt
[2014/01/14 15:25:42 | 001,560,276 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"TMPA02~1" = "C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS" -- [2014/01/02 18:47:21 | 000,011,517 | ---- | M] ()
"TMP6D4~1" = "C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS"
"tmp4106" = wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" -- [2013/10/12 02:15:48 | 000,141,824 | ---- | M] (Microsoft Corporation)
"tmp97EB" = wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" -- [2013/10/12 02:15:48 | 000,141,824 | ---- | M] (Microsoft Corporation)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013/12/10 11:38:49 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013/12/04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) MD5=376A9B411BF8B77D5BF84B24D0C7DACD -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/01/14 16:40:56 | 000,000,512 | ---- | M] () MD5=DF28C8A059D8CC3D1937A7D4D9F60B74 -- C:\PhysicalMBR.bin
========== Files - Unicode (All) ==========
[2013/11/30 13:59:02 | 000,000,000 | ---D | M](C:\Users\Ihor\Desktop\5 ????? (???.) ??????. ?????? ??. ??????????? ?????._files) -- C:\Users\Ihor\Desktop\5 канал (укр.) онлайн. Онлайн ТВ. Телевидение здесь._files
[2013/11/30 13:58:53 | 000,058,129 | ---- | M] ()(C:\Users\Ihor\Desktop\5 ????? (???.) ??????. ?????? ??. ??????????? ?????..htm) -- C:\Users\Ihor\Desktop\5 канал (укр.) онлайн. Онлайн ТВ. Телевидение здесь..htm
[2013/11/30 13:58:53 | 000,000,000 | ---D | C](C:\Users\Ihor\Desktop\5 ????? (???.) ??????. ?????? ??. ??????????? ?????._files) -- C:\Users\Ihor\Desktop\5 канал (укр.) онлайн. Онлайн ТВ. Телевидение здесь._files
[2013/11/30 13:58:50 | 000,058,129 | ---- | C] ()(C:\Users\Ihor\Desktop\5 ????? (???.) ??????. ?????? ??. ??????????? ?????..htm) -- C:\Users\Ihor\Desktop\5 канал (укр.) онлайн. Онлайн ТВ. Телевидение здесь..htm
[2013/04/01 15:28:59 | 001,658,156 | ---- | M] ()(C:\Users\Ihor\?????? ? ????????-36 ??????.pdf) -- C:\Users\Ihor\Работа в Норвегии-36 листов.pdf
[2013/04/01 15:28:55 | 000,097,222 | ---- | M] ()(C:\Users\Ihor\????????-?????.pdf) -- C:\Users\Ihor\Норвегия-языки.pdf
[2013/04/01 15:28:55 | 000,071,493 | ---- | M] ()(C:\Users\Ihor\????????? ? ??????.pdf) -- C:\Users\Ihor\Пояснения к бланку.pdf
[2013/04/01 15:28:54 | 000,147,844 | ---- | M] ()(C:\Users\Ihor\??????????? ??????????? ????????????.pdf) -- C:\Users\Ihor\Юридические разъяснения деятельности.pdf
[2013/04/01 15:28:54 | 000,132,422 | ---- | M] ()(C:\Users\Ihor\????????? ???????? ???????? ? ????????-13.pdf) -- C:\Users\Ihor\Некоторые открытые вакансии в Норвегии-13.pdf
[2013/04/01 15:28:54 | 000,115,395 | ---- | M] ()(C:\Users\Ihor\??????????? ?? ???????? -????.pdf) -- C:\Users\Ihor\Разьяснение по словарям -Киев.pdf
[2013/04/01 15:28:54 | 000,110,367 | ---- | M] ()(C:\Users\Ihor\??? ????? ???????????????.pdf) -- C:\Users\Ihor\Что такое трудоустройство.pdf
[2013/04/01 15:28:54 | 000,102,058 | ---- | M] ()(C:\Users\Ihor\????????? ??? ??????????-????????-13 (2).pdf) -- C:\Users\Ihor\Документы для оформления-Норвегия-13 (2).pdf
[2013/04/01 15:28:54 | 000,091,654 | ---- | M] ()(C:\Users\Ihor\??????????-13.pdf) -- C:\Users\Ihor\Инструкции-13.pdf
[2013/04/01 15:28:54 | 000,082,218 | ---- | M] ()(C:\Users\Ihor\????????? ?? ???.???.-3 ?????.pdf) -- C:\Users\Ihor\Пояснения по лиц.усл.-3 листа.pdf
[2013/04/01 15:28:54 | 000,081,613 | ---- | M] ()(C:\Users\Ihor\??????????? ?? ???????? -??????????.pdf) -- C:\Users\Ihor\Разьяснение по словарям -Симферполь.pdf
[2013/04/01 15:28:54 | 000,073,048 | ---- | M] ()(C:\Users\Ihor\????????? ? ?????? ? ??????????,?? ????????-2 ????? (2).pdf) -- C:\Users\Ihor\Пояснения к резюме и документам,их отправке-2 листа (2).pdf
[2013/04/01 15:28:53 | 000,132,422 | ---- | C] ()(C:\Users\Ihor\????????? ???????? ???????? ? ????????-13.pdf) -- C:\Users\Ihor\Некоторые открытые вакансии в Норвегии-13.pdf
[2013/04/01 15:28:53 | 000,102,058 | ---- | C] ()(C:\Users\Ihor\????????? ??? ??????????-????????-13 (2).pdf) -- C:\Users\Ihor\Документы для оформления-Норвегия-13 (2).pdf
[2013/04/01 15:28:53 | 000,091,654 | ---- | C] ()(C:\Users\Ihor\??????????-13.pdf) -- C:\Users\Ihor\Инструкции-13.pdf
[2013/04/01 15:28:52 | 001,658,156 | ---- | C] ()(C:\Users\Ihor\?????? ? ????????-36 ??????.pdf) -- C:\Users\Ihor\Работа в Норвегии-36 листов.pdf
[2013/04/01 15:28:52 | 000,147,844 | ---- | C] ()(C:\Users\Ihor\??????????? ??????????? ????????????.pdf) -- C:\Users\Ihor\Юридические разъяснения деятельности.pdf
[2013/04/01 15:28:52 | 000,115,395 | ---- | C] ()(C:\Users\Ihor\??????????? ?? ???????? -????.pdf) -- C:\Users\Ihor\Разьяснение по словарям -Киев.pdf
[2013/04/01 15:28:52 | 000,110,367 | ---- | C] ()(C:\Users\Ihor\??? ????? ???????????????.pdf) -- C:\Users\Ihor\Что такое трудоустройство.pdf
[2013/04/01 15:28:52 | 000,097,222 | ---- | C] ()(C:\Users\Ihor\????????-?????.pdf) -- C:\Users\Ihor\Норвегия-языки.pdf
[2013/04/01 15:28:52 | 000,082,218 | ---- | C] ()(C:\Users\Ihor\????????? ?? ???.???.-3 ?????.pdf) -- C:\Users\Ihor\Пояснения по лиц.усл.-3 листа.pdf
[2013/04/01 15:28:52 | 000,081,613 | ---- | C] ()(C:\Users\Ihor\??????????? ?? ???????? -??????????.pdf) -- C:\Users\Ihor\Разьяснение по словарям -Симферполь.pdf
[2013/04/01 15:28:52 | 000,073,048 | ---- | C] ()(C:\Users\Ihor\????????? ? ?????? ? ??????????,?? ????????-2 ????? (2).pdf) -- C:\Users\Ihor\Пояснения к резюме и документам,их отправке-2 листа (2).pdf
[2013/04/01 15:28:52 | 000,071,493 | ---- | C] ()(C:\Users\Ihor\????????? ? ??????.pdf) -- C:\Users\Ihor\Пояснения к бланку.pdf
[2011/09/04 06:35:53 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?Ô) -- C:\Windows\SysNative\ꆠÔ
[2011/09/04 06:35:53 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?Ô) -- C:\Windows\SysNative\ꆠÔ
< End of report >
OTL Extras logfile created on: 1/14/2014 4:36:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ihor\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2.73 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 63.07% Memory free
5.46 Gb Paging File | 4.00 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 363.83 Gb Free Space | 80.73% Space Free | Partition Type: NTFS
Drive E: | 999.70 Mb Total Space | 999.69 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Computer Name: IHOR-PC | User Name: Ihor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{715C9B23-724B-4D32-B1EC-EAA94483E77D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B79F2A5C-F494-4095-BF27-FF6D34EA45FA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CE2F5691-7D7B-4175-B21E-3364C4593604}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{129373F6-2BE2-4C81-8217-6E9B74665E50}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{19E6059F-CA14-43A0-B177-9B3DC152B082}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{2BFD3FA4-7497-48F0-857E-A4496DC73A79}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{37B99746-C6FE-4D4E-8933-F817E79692FD}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{544306A9-D324-4E18-A236-20C9DC169738}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{58D276D2-9DB6-4AD9-9D9C-111B3A784E52}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{61F49965-702B-4EF4-A6D8-28D226E47D46}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8A15834D-09BB-44F7-8474-C5AD35A08BD3}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{8D3D062C-D69E-4EA0-B752-86C84E27E4C9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9B8196BB-2C5D-4EB7-A914-8C374EEC6B50}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A00E4DE1-CBDD-45CA-97FD-AA68BAFD7579}" = protocol=17 | dir=in | app=c:\program files (x86)\runic games\torchlight\torchlight.exe |
"{B2D9CDC9-F716-4308-A3C2-916520553EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D5911077-2D73-42F5-8ECF-621CD928165E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB9AB2E6-A3E1-40D6-8D0F-85A86D81F088}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EBBC439C-53F7-43CD-A836-BAD51BDD6301}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FCFFDA7C-6B06-4FCD-9F1B-34F8DDFCD2A9}" = protocol=6 | dir=in | app=c:\program files (x86)\runic games\torchlight\torchlight.exe |
"TCP Query User{2A32DE03-69A8-4073-94BA-AF96D6EFFB1E}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{6455C0E3-EA75-4C90-8CE1-82935B7A2FF6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{748B4190-0344-4411-B982-FD5F92028E49}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{82CA698B-F4F9-425A-8A33-975DAF85ACC6}C:\users\ihor\windows.exe" = protocol=6 | dir=in | app=c:\users\ihor\windows.exe |
"UDP Query User{67990DF7-A2A9-4B84-A461-A0171D3E873F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{77A66920-490F-414E-9FBD-DA8E6E598E06}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{B7B3F6A0-3F83-4C23-AE9B-106C7019C79E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{FD24C1F8-5192-4D34-A150-18D74238D7B4}C:\users\ihor\windows.exe" = protocol=17 | dir=in | app=c:\users\ihor\windows.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}" = ATI Catalyst Install Manager
"{56D8EE9D-5411-4DEE-6CFB-C720A07FDCAB}" = ccc-utility64
"{5850E3A0-1096-5C2D-C296-D9C2B00E8855}" = AMD Fuel
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE24C28A-6BE1-5138-7CC7-854E9EB3757C}" = WMV9/VC-1 Video Playback
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0959BCF5-05D5-9F2B-0965-1A27A533C492}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11BA11BA-AB63-16D2-F944-87DC002C28CA}_is1" = SimCity 4 Deluxe - crack version for Windows
"{1292DD8E-474E-7D7C-5FF9-B4A7639D435A}" = CCC Help Czech
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D234FAE-7FE2-5002-2B63-8CDEA2BD0B60}" = CCC Help Hungarian
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{35168310-7EE6-AD4E-84F3-73960642561C}" = Catalyst Control Center Localization All
"{366234D5-16FC-9EA2-5881-08B8CC44D36D}" = CCC Help Greek
"{37AAE8BF-DC98-1937-CDE9-9CE61833A252}" = CCC Help Japanese
"{3A915C0E-0168-0E43-B5A4-949136DF0C33}" = Catalyst Control Center Profiles Mobile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{45CBA375-6ECC-EA3C-5EC3-E06A16DFD9A8}" = CCC Help Thai
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{477878A3-24BC-98D5-B447-417E4FF30218}" = CCC Help Korean
"{4991FCCE-1131-4B92-B697-9EC0FCAFDA5B}" = Torchlight
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4EF87BA4-A1C8-818D-81B4-A211B8D817C7}" = CCC Help Portuguese
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{508457D2-6156-EE57-2F7D-8DCB90B2BCF2}" = CCC Help Russian
"{52D36E31-AE4A-8E99-8B6B-F04A306AC4E7}" = CCC Help Chinese Standard
"{54D986DF-0B7F-244D-9A36-A52CF36D8633}" = CCC Help Norwegian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A4D2D53-D233-4FAE-FB7D-9101B46C9F53}" = CCC Help Italian
"{5A8EBCAE-71F2-F101-E86E-8E128A47401C}" = CCC Help French
"{5D43581B-77CC-CA01-5D4F-34215870EBE8}" = CCC Help Swedish
"{5F055711-2CAF-4323-8443-BEE4913FC7E6}" = Shade: Hněv andělů
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{624B8C52-419F-48BF-704F-0DE2BEC1E323}" = Catalyst Control Center InstallProxy
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FDDD338-24AD-E75E-E0A7-82CDAE803378}" = CCC Help Danish
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{903E5724-3250-163F-017F-33030AAEA16B}" = CCC Help Spanish
"{90850405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C0E3DA8-408A-39D3-855D-3440E38F3D83}" = ccc-core-static
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9AED59-2E4B-C3BB-D036-9392A3898E20}" = CCC Help English
"{A2B8BB9D-D778-54D5-6390-E74A12CE469E}_is1" = CarovnyMinecraft_1.5.2_v2.0 Warez version for Windows
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9D5884B-0ACD-4DEF-A457-E66E8316BC5D}" = Total Overdose Demo
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CABA6C97-8680-D8C4-7DAA-A8D1CC230370}" = Catalyst Control Center Graphics Previews Common
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B94160-4A07-4956-9C73-8C5EEFEF180F}" = OpenOffice.org 3.3
"{DB02F9A4-E1FB-7F18-81A6-74CE89117123}_is1" = Sim city 4 deluxe - etina version for Windows
"{DB9AA311-9119-5466-BE82-6CD37304FE42}" = CCC Help Dutch
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15555E9-386B-B748-7C94-4F2591ADCB63}" = CCC Help Chinese Traditional
"{e4c74ad9-bcbc-4d37-a4cf-1a4268ee0977}" = Nero 9 Essentials
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F5FCABF0-E2AF-6A70-3971-67C8B1310480}" = CCC Help Finnish
"{F6BDA6EB-7098-4C34-A3A0-C8C6C1114137}" = YTD Toolbar v8.5
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEE720F0-7A20-A61E-D56B-90DB02655B78}" = CCC Help German
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"avast" = avast! Internet Security
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"GotClip" = GotClip Downloader
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"LManager" = Launch Manager
"Minecraft Gift CodesFinal" = Minecraft Gift Codes
"OpenAL" = OpenAL
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"Planet of Cartmans 2_is1" = Planet of Cartmans 2 v.1.2
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088292" = Zuma Deluxe
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
"wxDownload Fast_is1" = wxDownload Fast 0.6.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/19/2012 10:57:49 AM | Computer Name = Ihor-PC | Source = Iminent | ID = 0
Description =
Error - 11/20/2012 2:19:26 AM | Computer Name = Ihor-PC | Source = MsiInstaller | ID = 11704
Description =
Error - 11/20/2012 5:40:58 AM | Computer Name = Ihor-PC | Source = Application Hang | ID = 1002
Description = Program Skype.exe verze 5.10.0.116 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
c50 Čas spuštění: 01cdc702eb7dce02 Čas ukončení: 31 Cesta k aplikaci: C:\Program Files
(x86)\Skype\Phone\Skype.exe ID hlášení: 54b34c91-32f6-11e2-9b26-b870f470e97e
Error - 11/21/2012 4:13:37 AM | Computer Name = Ihor-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 8.0.7600.17115, časové
razítko: 0x5037a5e4 Název chybujícího modulu: aswWebRepIE64.dll, verze: 7.0.1466.549,
časové razítko: 0x50335082 Kód výjimky: 0xc0000005 Posun chyby: 0x000000000002d9c6
ID
chybujícího procesu: 0x1068 Čas spuštění chybující aplikace: 0x01cdc7bfe0868766 Cesta
k chybující aplikaci: C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu
modulu: C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ID zprávy: 59613ae4-33b3-11e2-bce8-b870f470e97e
Error - 11/21/2012 4:14:34 AM | Computer Name = Ihor-PC | Source = Windows Search Service | ID = 3007
Description =
Error - 11/24/2012 4:55:04 AM | Computer Name = Ihor-PC | Source = Application Hang | ID = 1002
Description = Program Skype.exe verze 5.10.0.116 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
fe4 Čas spuštění: 01cdca2102ab3018 Čas ukončení: 240 Cesta k aplikaci: C:\Program
Files (x86)\Skype\Phone\Skype.exe ID hlášení: 9af0afef-3614-11e2-a173-b870f470e97e
Error - 11/25/2012 6:31:45 AM | Computer Name = Ihor-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Updater.exe, verze: 5.10.1.44067, časové
razítko: 0x5000146c Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x00ad00c4 ID chybujícího procesu:
0xc2c Čas spuštění chybující aplikace: 0x01cdcaf7b0ec16a1 Cesta k chybující aplikaci:
C:\Program Files (x86)\Skype\Updater\Updater.exe Cesta k chybujícímu modulu: unknown
ID
zprávy: 4f144934-36eb-11e2-b936-b870f470e97e
Error - 12/20/2012 7:23:28 AM | Computer Name = Ihor-PC | Source = Application Hang | ID = 1002
Description = Program Skype.exe verze 6.0.0.126 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
8f0 Čas spuštění: 01cddea438f4f7f2 Čas ukončení: 219 Cesta k aplikaci: C:\Program
Files (x86)\Skype\Phone\Skype.exe ID hlášení: a47f262e-4a97-11e2-86fa-b870f470e97e
Error - 1/11/2013 4:12:32 AM | Computer Name = Ihor-PC | Source = System Restore | ID = 8193
Description =
Error - 1/11/2013 4:37:14 AM | Computer Name = Ihor-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
[ System Events ]
Error - 1/14/2014 9:10:42 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:10:43 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 9:16:10 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 1/14/2014 10:03:07 AM | Computer Name = Ihor-PC | Source = Service Control Manager | ID = 7031
Description = Služba avast! Firewall byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.
Error - 1/14/2014 10:44:30 AM | Computer Name = Ihor-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Re: Win 7 naběhne ale je extremě pomalé
Spustte znovu OTL
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
:otl IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/04/16 04:06:15 | 000,000,000 | ---D | M] O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [tmp4106] wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" File not found O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [TMP6D4~1] "C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS" File not found O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [tmp97EB] wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" File not found O4 - HKU\S-1-5-21-1439821017-4003384198-2142392356-1001..\Run: [TMPA02~1] C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS () O4 - Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPA02~1.VBS () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. [2014/01/13 20:48:58 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Users\Ihor\Desktop\FRSTLauncher.exe [2014/01/13 20:48:34 | 002,075,648 | ---- | C] (Farbar) -- C:\Users\Ihor\Desktop\FRST64.exe [2014/01/14 16:03:47 | 000,029,696 | ---- | M] () -- C:\Users\Ihor\AppData\Local\MSGBOX.EXE [2014/01/14 16:03:47 | 000,015,327 | ---- | M] () -- C:\Users\Ihor\Desktop\LM.bat [24 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ] [51 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ] [2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ] [1 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ] [2014/01/04 13:50:36 | 000,098,304 | -H-- | M] () -- C:\Users\Ihor\AppData\Roaming\Micro\spy.exe [2012/12/01 14:08:14 | 000,005,632 | R--- | M] () -- C:\Users\Ihor\AppData\Roaming\Microsoft\Installer\{A9D5884B-0ACD-4DEF-A457-E66E8316BC5D}\IconA9D5884B.exe [2012/10/20 19:41:56 | 001,007,720 | ---- | M] (WildTangent) -- C:\Users\Ihor\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe [2014/01/14 16:41:04 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2014/01/14 16:06:07 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2014/01/14 16:27:00 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job :files %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH] [EMPTYJAVA]- Nasledne kliknete na Opravit
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Win 7 naběhne ale je extremě pomalé
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com deleted successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox\components folder moved successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox\Chrome folder moved successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Run\\tmp4106 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TMP6D4~1 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Run\\tmp97EB deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TMPA02~1 deleted successfully.
C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPA02~1.VBS moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Ihor\Desktop\FRSTLauncher.exe moved successfully.
C:\Users\Ihor\Desktop\FRST64.exe moved successfully.
C:\Users\Ihor\AppData\Local\MSGBOX.EXE moved successfully.
C:\Users\Ihor\Desktop\LM.bat moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1996.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP207B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2423.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E84.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3533.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4450.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6364.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6C89.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6EBD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6FF6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP71B6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP71B7.tmp\WindowsLive.Writer.CoreServices.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP71B7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7231.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP73D8.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP814F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8340.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP905B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP985E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA8E0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC12C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC993.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD2B9.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE3E7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1920.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP198E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP237C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP26A2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2C99.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2DB2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3DA1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3FAC.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4125.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP444F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4588.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4842.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP49AA.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4BFD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5418.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5807.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP624.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6A72.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6C89.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6CD4.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7311.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP799F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7A90.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8295.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8A94.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8AB2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8D8E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8DFD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9060.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP931A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA3DC.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA563.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB38B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB829.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB9AE.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC371.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC486.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC566.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD3E2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD661.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD854.tmp\ehshell.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD854.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDB76.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDC1E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE237.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE698.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEB4B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF0D2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPFCE.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPFE68.tmp folder deleted successfully.
C:\Windows\Installer\MSI420D.tmp deleted successfully.
C:\Windows\Installer\MSI8599.tmp deleted successfully.
C:\Windows\temp\RGIA47A.tmp deleted successfully.
C:\Users\Ihor\AppData\Roaming\Micro\spy.exe moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Installer\{A9D5884B-0ACD-4DEF-A457-E66E8316BC5D}\IconA9D5884B.exe moved successfully.
C:\Users\Ihor\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ihor
->Temp folder emptied: 167393 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 11397204 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29029798 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68106 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 39.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Ihor
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Ihor
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01142014_174948
Files\Folders moved on Reboot...
C:\Users\Ihor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS.bin moved successfully.
C:\Users\Ihor\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com deleted successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox\components folder moved successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox\Chrome folder moved successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Run\\tmp4106 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TMP6D4~1 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Run\\tmp97EB deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TMPA02~1 deleted successfully.
C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPA02~1.VBS moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Ihor\Desktop\FRSTLauncher.exe moved successfully.
C:\Users\Ihor\Desktop\FRST64.exe moved successfully.
C:\Users\Ihor\AppData\Local\MSGBOX.EXE moved successfully.
C:\Users\Ihor\Desktop\LM.bat moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1996.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP207B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2423.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E84.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3533.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4450.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6364.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6C89.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6EBD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6FF6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP71B6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP71B7.tmp\WindowsLive.Writer.CoreServices.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP71B7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7231.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP73D8.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP814F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8340.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP905B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP985E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA8E0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC12C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC993.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD2B9.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE3E7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1920.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP198E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP237C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP26A2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2C99.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2DB2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3DA1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3FAC.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4125.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP444F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4588.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4842.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP49AA.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4BFD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5418.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5807.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP624.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6A72.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6C89.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6CD4.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7311.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP799F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7A90.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8295.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8A94.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8AB2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8D8E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8DFD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9060.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP931A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA3DC.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA563.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB38B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB829.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB9AE.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC371.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC486.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC566.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD3E2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD661.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD854.tmp\ehshell.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD854.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDB76.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDC1E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE237.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE698.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEB4B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF0D2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPFCE.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPFE68.tmp folder deleted successfully.
C:\Windows\Installer\MSI420D.tmp deleted successfully.
C:\Windows\Installer\MSI8599.tmp deleted successfully.
C:\Windows\temp\RGIA47A.tmp deleted successfully.
C:\Users\Ihor\AppData\Roaming\Micro\spy.exe moved successfully.
C:\Users\Ihor\AppData\Roaming\Microsoft\Installer\{A9D5884B-0ACD-4DEF-A457-E66E8316BC5D}\IconA9D5884B.exe moved successfully.
C:\Users\Ihor\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ihor
->Temp folder emptied: 167393 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 11397204 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29029798 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68106 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 39.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Ihor
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Ihor
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01142014_174948
Files\Folders moved on Reboot...
C:\Users\Ihor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS.bin moved successfully.
C:\Users\Ihor\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Re: Win 7 naběhne ale je extremě pomalé
Tak jeste uklidime 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
Napiste jak se chova PC 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Napiste jak se chova PC "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Win 7 naběhne ale je extremě pomalé
Vsechno bezi jak ma...Mockrat dekuju za pomoc ..Jste spasitel 
Re: Win 7 naběhne ale je extremě pomalé
Ja dekuji Vam za skvelou spolupraci 
I ja jsem rad ze se nam tohle podarilo vylecit 
Nemate zac, rad jsem pomohl
Zase nekdy 
Na rozloucenou vam zahraje nase kapela
A na zaklade Pravidla o zamykani temat
I ja jsem rad ze se nam tohle podarilo vylecit Nemate zac, rad jsem pomohl
Zase nekdy Na rozloucenou vam zahraje nase kapela
A na zaklade Pravidla o zamykani temat
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?