Trojan

Zpráva

beowafle · #16 Příspěvek od **beowafle** » 14 srp 2012 22:05

OTL Extras logfile created on: 14.8.2012 22:09:08 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\beowafle\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 64,38% Memory free
8,00 Gb Paging File | 6,34 Gb Available in Paging File | 79,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 3,42 Gb Free Space | 2,94% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 18,68 Gb Free Space | 5,58% Space Free | Partition Type: NTFS
Drive F: | 3,85 Gb Total Space | 3,77 Gb Free Space | 97,84% Space Free | Partition Type: FAT32
Drive G: | 5,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1863,01 Gb Total Space | 972,61 Gb Free Space | 52,21% Space Free | Partition Type: NTFS
Drive J: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive M: | 930,86 Gb Total Space | 22,21 Gb Free Space | 2,39% Space Free | Partition Type: NTFS

Computer Name: BEOWAFLE-PC | User Name: beowafle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3904428574-343483561-3331389905-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{070458EB-D40F-4DC3-924E-C4953F89E9DA}" = lport=21763 | protocol=17 | dir=in | name=bitcomet 21763 udp |
"{07366E83-BB7E-4B2F-96F8-C3DFE63ADED7}" = lport=139 | protocol=6 | dir=in | app=system |
"{0C80C407-CCF9-4DE2-A006-979A1B3C8274}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0D0653EA-224E-44EA-97AF-6AEE10B0191B}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{1434B1BA-7C46-457B-86D3-0101EFC59AF6}" = rport=2869 | protocol=6 | dir=out | app=system |
"{16336839-4FEB-4710-8724-F31E75F8D7C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18FF8ED9-AD6D-420E-83FC-F440B8EFB0F4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2762B4C4-30C9-4FE5-8CE2-BA234784D162}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{2AE3A0E8-A323-4757-89AB-FF0847845D2B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{327EE935-AFF6-4506-9C0B-AD64FD19BFE4}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{39D8E8AB-E446-4AB3-AC54-ADB8EFE8B5C1}" = lport=445 | protocol=6 | dir=in | app=system |
"{52D70EE4-1F4A-4743-AB77-5355656E8892}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{53682BA2-A77F-47C1-81C4-AA3FC08085DB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{58EF79A8-6F9C-42D5-B870-7B48876C5A35}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{5A6268ED-8302-49C5-B252-58B4FB8794AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B6B57A5-B0DA-4B00-A971-45AA8DF9ACF3}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{5BF606BF-35D6-4A93-98CF-B578E9A3FE07}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{61289A64-7362-46EC-80AE-91E065C1927E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62B3DEF9-0DCD-42F0-BC69-CFA27A916DBA}" = rport=139 | protocol=6 | dir=out | app=system |
"{6306DC63-6D15-4BE8-A5EC-F4133BF8C52B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6502EDBD-04AB-4A03-86BB-B56F62BE70D3}" = lport=138 | protocol=17 | dir=in | app=system |
"{65EC0CE4-EDD4-442B-A07B-549CEB5B2346}" = lport=21763 | protocol=6 | dir=in | name=bitcomet 21763 tcp |
"{6676409C-0250-491B-B775-770214C116B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{735159D1-5A56-44CA-875E-27738FC1E9A3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{73D0314F-D647-4148-A231-8C20C8DD37D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{79CCFE24-13FD-4DD0-AD14-FDA6F18C4ADC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7C507626-C59C-4D90-8DDF-BB122591DBB9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7F0CCCEB-35FE-4288-B4B0-CEF851561A49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{863D3E94-241A-4D08-915F-FAC08A9EFD6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91E4D459-6AE6-430D-80E0-D68944F4B065}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{9249015C-3F80-4518-8EEE-D231328752B2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{92BA7559-BF6F-44DA-A6E6-E2144FDD05BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{97054D91-40AA-423A-B305-912DD0CF8843}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9DE3B637-3CDB-47D3-A350-85CD12BEC480}" = rport=138 | protocol=17 | dir=out | app=system |
"{9DE3DBE2-837C-40AC-9893-C45EA99E7451}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A2FBFF20-280C-4241-9D89-1E8B2592141E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF81040E-F4B3-41F3-B30E-9C44383F393A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C7A8B8F8-1BFA-4467-9E44-850271A36799}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9073947-395F-4EE4-B8E7-734748E77B4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC12EC41-EE96-4A3C-9AC2-4F3ECD12E588}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D5CABE05-E06E-4591-BBCF-E5A3EBD66FD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2CA2894-6F7D-44EC-9B9F-F09DEE1B166F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{ECA0B223-972B-4593-B30E-BC051480AAC0}" = lport=137 | protocol=17 | dir=in | app=system |
"{EDC90928-BA2B-48B2-B002-6769042A1B3C}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{F2CCD360-8ED4-41CC-A985-041094A52B85}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{FBAE0EBD-E758-4F95-8378-CE28C78651DB}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{FE27BA51-2251-439C-858B-61D0A030C65C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C97382-9D81-4B34-9055-268AE8329848}" = protocol=17 | dir=in | app=d:\call of duty 4 - modern warfare\iw3mp.exe |
"{059FD88F-D6E0-493F-AC8E-427C2168A06A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\ben there, dan that!\btdt.exe |
"{0B81A2E0-7E2D-47CE-AD65-9BDF879FE9D3}" = dir=out | app=%programfiles% (x86)\iobit\advanced systemcare 5\ascupgrade.exe |
"{0C30E5E0-D461-4D01-B914-0F5D0932DBA0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0F0B2117-083A-438D-B12E-983BA57C754E}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{11570196-09FC-4281-9032-3446D9647369}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{146CF4D3-02F3-4D7D-8DEE-DFB48CEE0207}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{160D14FE-D0E8-4010-9301-E140E366E69C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{16F9F8CA-4426-4444-A297-FD44D25F5D83}" = dir=out | app=c:\windows\system32\svchost.exe |
"{1A8938C8-B46F-4007-920F-400E6005521C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fallout new vegas enplczru\falloutnvlauncher.exe |
"{1F6EEC0C-650E-4A62-BE8A-F559597EA05D}" = protocol=17 | dir=in | app=c:\program files (x86)\kmpmediatoolbar\dtuser.exe |
"{21B480F2-11B5-4C2F-A684-BC3EC922F69F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{2432844B-923B-437B-97E0-8ED8EE3DE280}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{247FCE12-1771-4C29-96DC-847C08BE8A9E}" = protocol=6 | dir=in | app=d:\steam\steamapps\brishit\garrysmod\hl2.exe |
"{2509BB55-5304-4445-A397-453BBE830879}" = protocol=17 | dir=in | app=d:\steam\steamapps\brishit\garrysmod\hl2.exe |
"{256DA60F-4D33-4FD4-81C5-3D620A6A6CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{28EC9BFA-45B8-4203-BB30-45102FE2B996}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{2A8DBAD5-03AE-4FE9-A309-3F64E1C37CAE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\ben there, dan that!\btdt.exe |
"{2C8E9379-F0E6-4B8B-8DFA-9D3A582CFC08}" = protocol=17 | dir=in | app=d:\apb reloaded\binaries\apb.exe |
"{30C9EF11-F7D0-4845-B393-996F9AF87710}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{37E1C627-9EFE-4554-9CAE-ADBF36AD479B}" = protocol=6 | dir=in | app=d:\steam\steamapps\brishit\garrysmod\hl2.exe |
"{3CA0C0AD-7FA5-4D24-9303-B15F7009D940}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{3F5213A3-820A-4DBC-BFFF-1B04E635A979}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{41DCA73B-247F-49D1-AF46-C6603C20F765}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{475F6643-2991-48EF-9C5A-5F820231B2A9}" = protocol=6 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{5657BCEC-27AE-4EE3-A37C-A5457FBD25B4}" = protocol=17 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{5A684324-0DBC-4868-884A-200C9556D557}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{5D4146D7-59FA-4E92-8307-9F86528B9BDB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5F097DDC-79E4-44F7-B387-26ACA190EAAC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{60EBC008-3BC3-41EF-B7DB-E39630E8E90F}" = protocol=17 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{620C5DEC-E9D2-4DCC-AA3F-3CBA81AEC850}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{63D1D9E3-BC6B-4706-9FA6-8742D826AEDB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{64B36F39-4F73-4867-8BCC-6C72DBA6D91D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{686EECC5-0C3D-4729-AC1D-6FB1D6278304}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\ben there, dan that!\winsetup.exe |
"{698F2E5E-C6A0-4E9D-99ED-EDBEA9712463}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6AABE6D8-7CAA-44C0-81AB-F55D5DC10221}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6ED7D641-6B89-4DF5-A70F-84F30711B990}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{74B07874-0C06-4925-AF64-D5FD849EC1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{761077EF-0B8D-46CB-8CE0-5B946BCB1CD0}" = dir=out | app=%programfiles% (x86)\iobit\advanced systemcare 5\performupdate.exe |
"{76F40588-7ACA-4059-A6AD-2C6B687F26F7}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{7C5941AF-9300-4FB4-B293-8F4466438556}" = dir=out | app=d:\max payne 3\playmaxpayne3.exe |
"{7C984C91-5D68-4159-A039-D758BC7C6E1F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7CE6F373-2EFB-4C68-88A3-42C29900F277}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7DDDF7BD-F3CD-492D-8F85-64F17134364A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7DFEEA4C-24A2-4D86-825B-8040A8640CAC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7E5A0335-91EC-4B05-9D38-8E8491A446C5}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{7FBB1DCA-1C6B-49E0-B2BD-AA9E793EE7EC}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{81E9EDF0-4BD2-4D58-A74D-0BBD3939A7B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{829591E4-5F72-4D49-A16B-0FFB4A03266B}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{84AA165D-D783-4BF0-A7AA-606A5A80CAF4}" = dir=in | app=d:\itunes\itunes.exe |
"{8D900B01-E7AE-4525-AE3D-978BF4FC20DA}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{8FE806B9-4EC2-4C50-AB96-E9F929CF363B}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{9095C3CF-1A4F-4E51-8693-6C0B49210FFF}" = protocol=6 | dir=in | app=d:\call of duty 4 - modern warfare\iw3mp.exe |
"{92C90118-8366-4939-90DC-67380DDD92AB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\ben there, dan that!\winsetup.exe |
"{9AEC8C07-1B00-44A9-A02C-F7D83571707F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9B64918F-F358-49C0-8B11-937C97DC87C0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9C61A63D-6867-43BB-BB82-AA6CEA0A0817}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9EFFF234-9BF8-416A-8CBC-D4D98300769E}" = protocol=6 | dir=in | app=d:\apb reloaded\binaries\apb.exe |
"{9FC96A37-DE81-4906-A7B9-FA7A94567110}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A6FF1FCC-C783-42B4-BE68-F7CD66BE7443}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A91B84EC-382E-4CA4-B8B6-98034109E571}" = dir=out | app=%programfiles% (x86)\iobit\advanced systemcare 5\licenseconverter.exe |
"{AB9F33FC-A91B-4A2A-B393-2A12F34EFFFC}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{ACA574BB-EA7A-4438-88DB-2A5D53EB5106}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{ADD27F68-4DE4-4B70-8D3B-876D1E31A371}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{AFAAA482-FE90-4C37-BADB-50B076E3BEF1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{B144AFF2-3674-466C-AFAD-F8AB6BB891AD}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{B1508510-21E8-40E8-80E8-EDAD6051BD1D}" = protocol=6 | dir=in | app=c:\users\beowafle\appdata\roaming\spotify\spotify.exe |
"{B43B955B-BD32-4102-8524-8C4C027C41E2}" = protocol=17 | dir=in | app=d:\apb reloaded\binaries\vivoxvoiceservice.exe |
"{B51A3D7D-68A4-4988-8C72-3A9F5130CF4D}" = dir=out | app=d:\max payne 3\maxpayne3.exe |
"{B52D8CFD-C029-46F1-B3B7-19CB565EBFA5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B55E4ED8-9EB4-440D-8E28-56EF75420F1A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B9914094-950A-484B-A002-2BD2AB2FFFF3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fallout new vegas enplczru\falloutnvlauncher.exe |
"{BC0E3856-1058-425D-B16D-C9F1F23D1CC3}" = dir=out | app=%programfiles% (x86)\iobit\advanced systemcare 5\asc.exe |
"{BC4EF9B4-063E-4F3A-93C4-0E108F6C0793}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{BCC3A63B-C5BC-41D2-AD4B-76401D8BF5F8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{C0E20D55-6504-4CC9-8AEF-6F0F7E3E5572}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{C12DFC10-FE07-4A0D-8615-051344315BAF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{C6247C44-295F-4062-959D-915C507EC273}" = protocol=6 | dir=in | app=d:\apb reloaded\binaries\vivoxvoiceservice.exe |
"{C76260CE-6830-4A9F-A7BB-650DBEC1A0B3}" = protocol=17 | dir=in | app=d:\steam\steamapps\brishit\garrysmod\hl2.exe |
"{C9D5E6E8-1B47-43B9-A22E-D0D9A53CBE84}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D0A77229-DA73-47A1-AD05-D9DADBE1D0D2}" = protocol=17 | dir=in | app=c:\users\beowafle\appdata\roaming\spotify\spotify.exe |
"{D2D90302-2AF7-4B9D-9342-C2FB3294B64A}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{D5CFF33F-CE90-490F-BB52-0596D82B29D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D7094853-901F-4176-9433-0797773CEE09}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{E3F14F61-D144-496A-9DAF-415E574B41AA}" = protocol=6 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{E44F6DEF-87AC-4FBD-BDB5-82298B9BBE5D}" = protocol=17 | dir=in | app=d:\utorrent\utorrent.exe |
"{E6A3275D-5839-482F-BBBA-DB687734724E}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{EABD9234-BD46-40E1-9237-BCAF5CFB9133}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{EC33C199-14E9-46DA-9354-AEFFE51EABFF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{ECB9C23D-1072-45F3-B592-964B986EA980}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{ED031EFA-463D-4752-A302-8C9457A7D998}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{F02681BD-0F30-4B40-8BFC-68DDE15DBB2C}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{F0A9B0A6-1F83-4BE1-B4CD-C0CF6D2721FC}" = protocol=6 | dir=in | app=d:\utorrent\utorrent.exe |
"{F235EDBE-252C-4C59-96C3-4B124D76FDD0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{F3CA0C21-856D-4640-AC33-26F4C44EB499}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F4720D30-DEB5-4873-B896-B30BE5BBD7F6}" = protocol=6 | dir=in | app=c:\program files (x86)\kmpmediatoolbar\dtuser.exe |
"{F74E0D6A-20AB-4721-A54A-81B7EB7AE680}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"TCP Query User{186C5DB5-BED2-4F01-8DC9-56EC8229CDFE}D:\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=d:\saints row the third\saintsrowthethird.exe |
"TCP Query User{2048EC11-3994-43B7-BAF5-2259CEDF669C}D:\vietcong\vietcong.exe" = protocol=6 | dir=in | app=d:\vietcong\vietcong.exe |
"TCP Query User{2BBC301A-90E8-4F59-B19B-EAF1DC9A49E7}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{32CBB1BD-8C6E-497E-8C6F-1DD05BA73282}D:\gtaiv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\gtaiv\grand theft auto iv\gtaiv.exe |
"TCP Query User{36F2A298-92E6-430F-BE0E-14E3430E1A2F}D:\stronghold\stronghold.exe" = protocol=6 | dir=in | app=d:\stronghold\stronghold.exe |
"TCP Query User{5A4C57F8-A9D8-41AB-8CEC-B41BAFCE192B}D:\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=d:\stronghold crusader\stronghold crusader.exe |
"TCP Query User{64E7FA77-40E2-41D5-A926-162590A4E953}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{78FC4D92-B44B-4B55-89CD-8B81F63B09F6}D:\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe |
"TCP Query User{853951FF-5119-48FE-9925-D49F2287CD5D}D:\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\winamp\winamp.exe |
"TCP Query User{89B15DC0-A343-451C-9B5F-BB783833543A}D:\you are empty\you_are_empty.exe" = protocol=6 | dir=in | app=d:\you are empty\you_are_empty.exe |
"TCP Query User{8CD3432F-4BD0-4D57-B4DA-BA3A5129549D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{8EBFB648-2FDF-4D2E-89D2-EF91C477BBC6}D:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{A821CB9A-6C75-49F3-B4EA-5A3830EBA173}D:\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe |
"TCP Query User{AB21BE51-9D9B-4D22-BDCE-ABBE1EC4F75D}D:\totalcmd\totalcmd64.exe" = protocol=6 | dir=in | app=d:\totalcmd\totalcmd64.exe |
"TCP Query User{BAC32B1C-969C-48A0-8DE1-2D0C5FE9DAD9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C32694D3-EEEE-4587-B947-60B7F6CEA30A}C:\program files\java\jre7\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\frd.exe |
"TCP Query User{C96F5C76-58D6-4D71-A832-058C0125FBEE}C:\program files (x86)\java\jre6\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\frd.exe |
"TCP Query User{D76BF7FE-E10E-4CE0-97D4-94D04BD7B904}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{DF8E6342-962D-4537-B813-97B87D060E8F}D:\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\winamp\winamp.exe |
"TCP Query User{E25FF35A-7AD9-407E-A40D-A6723E61E48F}C:\program files (x86)\nemex\njoy\njoy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nemex\njoy\njoy.exe |
"TCP Query User{E64E1FCB-35CC-4A9A-9410-459707F1CDB0}D:\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=d:\battlefield play4free\bfp4f.exe |
"TCP Query User{F6217661-67A1-49A0-8707-DE4588087C28}D:\need for speed underground 2\speed2.exe" = protocol=6 | dir=in | app=d:\need for speed underground 2\speed2.exe |
"TCP Query User{FDED6D68-23D8-43BE-BDD9-18D1DB346B61}C:\users\beowafle\desktop\bordel\portable programs\total commander v7.56\total commander.exe" = protocol=6 | dir=in | app=c:\users\beowafle\desktop\bordel\portable programs\total commander v7.56\total commander.exe |
"UDP Query User{0395DB7A-D0B5-41C9-8EBC-B0B21C581587}D:\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe |
"UDP Query User{1DCACB28-E9C1-4B28-9E57-51DFE017199E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{29462299-3682-4FC8-9995-1AF094542FA9}C:\program files (x86)\java\jre6\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\frd.exe |
"UDP Query User{2ABDEBF0-30E2-4628-A203-BB06F5A5E492}D:\totalcmd\totalcmd64.exe" = protocol=17 | dir=in | app=d:\totalcmd\totalcmd64.exe |
"UDP Query User{2BF7FC4B-E525-4F2A-BB16-76045173D470}D:\gtaiv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\gtaiv\grand theft auto iv\gtaiv.exe |
"UDP Query User{47F26ABF-D767-4530-8CE5-E84887BE9D21}D:\stronghold\stronghold.exe" = protocol=17 | dir=in | app=d:\stronghold\stronghold.exe |
"UDP Query User{47FC1956-256B-441C-9B7C-72036CF69F7C}D:\you are empty\you_are_empty.exe" = protocol=17 | dir=in | app=d:\you are empty\you_are_empty.exe |
"UDP Query User{56446BDE-14B3-4A82-8370-98C3353E0C38}D:\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\winamp\winamp.exe |
"UDP Query User{5E023DFD-7BF8-4224-AC1D-85845FF55E6A}C:\program files\java\jre7\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\frd.exe |
"UDP Query User{63DB9C81-930A-4134-8D36-C6E4EB31B79D}C:\users\beowafle\desktop\bordel\portable programs\total commander v7.56\total commander.exe" = protocol=17 | dir=in | app=c:\users\beowafle\desktop\bordel\portable programs\total commander v7.56\total commander.exe |
"UDP Query User{7ED9C8C7-854F-46BF-AC37-3A0F6C971F0E}D:\vietcong\vietcong.exe" = protocol=17 | dir=in | app=d:\vietcong\vietcong.exe |
"UDP Query User{81ECD4B8-280B-4E86-8B7E-3E71BA64E0CE}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{8B3076FF-1DC0-4F8C-9611-C6DB4A3B32F6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{A2C2EC14-75BB-4046-A722-5313655DC13F}D:\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe |
"UDP Query User{A4E11908-9655-48AF-815C-3340FB5B0D36}D:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{A9C4CF70-64FD-44AE-B279-A69DF893D769}C:\program files (x86)\nemex\njoy\njoy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nemex\njoy\njoy.exe |
"UDP Query User{AC356775-4230-4665-ADB8-BFDF46F458B8}D:\need for speed underground 2\speed2.exe" = protocol=17 | dir=in | app=d:\need for speed underground 2\speed2.exe |
"UDP Query User{B17DF988-801D-4E55-A3B9-1BDBA231305B}D:\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=d:\battlefield play4free\bfp4f.exe |
"UDP Query User{BBF68144-D1DC-471A-BA9C-A25F59349D78}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{C92AAD62-0195-4A90-ABDF-095923B7D6E2}D:\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\winamp\winamp.exe |
"UDP Query User{D252FF56-24BF-4B4C-9141-AAEC0D291279}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{DF82B1A7-1AF4-4327-9ED5-A36B13D7A96F}D:\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=d:\saints row the third\saintsrowthethird.exe |
"UDP Query User{F3A5EA1B-BEAF-4A39-A58B-4118F8B6F838}D:\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=d:\stronghold crusader\stronghold crusader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1730D13B-7517-4321-A88B-64627CF67CDC}_is1" = Logon Screen
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.2.4902 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0405-1000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-1000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-1000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0405-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Czech) 2010
"{90140000-0044-0405-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D35D9E34-7B4A-44E3-A882-69A6C6088BC6}" = Windows Live Zabezpečení rodiny
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client CS-CZ Language Pack
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Asus WebStorage" = Asus WebStorage
"CCleaner" = CCleaner
"Connectify" = Connectify
"Defraggler" = Defraggler
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7
"{0CE0711D-A5E3-4E98-B3C0-0227A5E000CA}" = Angry Birds
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13C0E1F7-BB8A-4545-B25E-628D025A94AD}_is1" = QtWeb Internet Browser 3.5
"{14CDE512-E5D5-4E41-8FD3-6E283623F42A}_is1" = "You Are EMPTY" (Pouze smazat)
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1729E749-09F1-4851-B163-05D0E98113F8}" = Rage Maker
"{1730D13B-7517-4321-A88B-64627CF67CDC}_is1" = Logon Screen 2.20
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{20D0CDB1-5F03-4A5D-86EB-7C218053B157}" = Windows Live Messenger
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.1.4235
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C82E097-694E-44ea-A947-2750679469CF}" = The Sims™ 2
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{306A848D-9C6B-4408-9337-BBB23FB74304}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.40
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B2767BD-9445-4A0C-BB8A-6B8350181B46}" = RUNAWAY - A road adventure
"{4B4451CE-D1E6-4BDE-B4B2-59F03BB83B7C}" = Windows Live Sync
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EA44BA4-A708-4223-BC1A-22B6DA9E7D1C}" = Windows Live Essentials
"{54FEAF1A-8F2A-44C1-95CA-5C1C21F4F934}" = Windows Live Mail
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5CF08C3E-DB7B-40B4-9781-93C9547197B9}" = Dreamfall
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{628C3D50-F524-4C49-A958-672CE7953756}" = The Lord of the Rings - Conquest™
"{62FF6AF0-A718-4E31-A499-016BD655F060}" = Web Album Copier
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{6E5EEE1B-3907-44C3-83BA-AD4B8CE40F76}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110304260}" = Island Wars 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C836D8A-E947-40C2-AF95-F7F771243D50}_is1" = Deeds - Digital Electronics Education and Design Suite version
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A13DE9CB-8C84-4889-B114-C5A9661F844E}" = Windows Live Fotogalerie
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Czech
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AF405D61-19F3-4F76-B379-A8D4353D5F70}" = Rage Maker Image Pack
"{B57D952C-5836-43E1-944B-2A6C58F6886A}_is1" = nJoy 1.0.2.6
"{B5BF7B43-E13D-4A76-9F8F-E933817131EC}" = calibre
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCF5C463-BD5C-4982-91F9-2C3F8F9E9C88}" = Vietcong & Vietcong: Fist Alpha
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Zaklínač
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Ant Movie Catalog_is1" = Ant Movie Catalog
"Apache Gold" = Apache Gold
"APB Reloaded" = APB Reloaded
"ASUS_Screensaver" = ASUS_Screensaver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 2.0
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"Botanicula_is1" = Botanicula
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Pro" = DAEMON Tools Pro
"Dear Esther_is1" = Dear Esther
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Eufloria 2.0.7" = Eufloria 2.0.7
"FeedDemon_is1" = FeedDemon
"FileHippo.com" = FileHippo.com Update Checker
"Flashtool" = Flashtool
"FormatFactory" = FormatFactory 2.95
"Game Booster_is1" = Game Booster 3
"GamersFirst LIVE!" = GamersFirst LIVE!
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GOM Player" = GOM Player
"HaaliMkx" = Haali Media Splitter
"HighGrow Freeware Version 4.20" = HighGrow Freeware Version 4.20
"ImgSrc Photo Uploader" = iMGSRC.RU Photo Uploader
"InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InterActual Player" = InterActual Player
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"LastPass" = LastPass (uninstall only)
"LOGO!Soft Comfort V6.0" = LOGO!Soft Comfort V6.0
"LOGO!Soft Comfort V6.1" = LOGO!Soft Comfort V6.1
"Lost Horizon" = Lost Horizon
"Maxthon3" = Maxthon 3
"MMC3" = }}N‰uŽQŠĎ
"Mozilla Firefox 14.0.1 (x86 cs)" = Mozilla Firefox 14.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"MPE" = MyPhoneExplorer
"New LEGO Digital Designer" = LEGO Digital Designer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OnLive" = OnLive
"OpenAL" = OpenAL
"Opera 12.01.1532" = Opera 12.01
"Origin" = Origin
"PicaLoader_is1" = PicaLoader 1.47.1231
"PotPlayer" = Daum PotPlayer 1.5.28025
"Precursors_is1" = Precursors v1.0
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Scorpions WinCheater 2.07 (s databází 132)_is1" = Scorpions WinCheater
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Spec Ops The Line_is1" = Spec Ops The Line
"Steam App 1250" = Killing Floor
"Steam App 22490" = Fallout: New Vegas
"Steam App 37420" = Ben There, Dan That!
"Steam App 39000" = Moonbase Alpha
"Street Legal Racing Redline" = Street Legal Racing Redline
"SubtitleWorkshop" = Subtitle Workshop 2.51
"The KMPlayer" = The KMPlayer (remove only)
"UnLock Root" = UnLock Root 2.31
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Sony Ericsson Update Service
"VisualSubSync" = VisualSubSync (remove only)
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 4.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomPlayer" = Zoom Player (remove only)
"ZUXXEZ Entertainment AG Enclave" = Enclave

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3904428574-343483561-3331389905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7f4182272b52fd8f" = CZShare Manager - 2
"eec89cd0692c9aed" = MetroTwit - 1
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"TimeAdjuster" = Time Adjuster STANDARD 3.1
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25.7.2012 14:54:41 | Computer Name = beowafle-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: rzr-lotc.exe, verze: 0.0.0.0, časové razítko:
0x21475346 Název chybujícího modulu: rzr-lotc.exe, verze: 0.0.0.0, časové razítko:
0x21475346 Kód výjimky: 0xc0000005 Posun chyby: 0x00000154 ID chybujícího procesu:
0xdfc Čas spuštění chybující aplikace: 0x01cd6a96f2fd09f4 Cesta k chybující aplikaci:
G:\Razor1911\rzr-lotc.exe Cesta k chybujícímu modulu: G:\Razor1911\rzr-lotc.exe ID
zprávy: 30b0b8f4-d68a-11e1-be0c-e0cb4e205b2b

Error - 27.7.2012 10:20:32 | Computer Name = beowafle-PC | Source = ESENT | ID = 455
Description = Windows (2276) Windows: Při otevírání souboru protokolu C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00111.log
došlo k chybě -1811.

Error - 27.7.2012 10:20:33 | Computer Name = beowafle-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 27.7.2012 10:20:33 | Computer Name = beowafle-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 27.7.2012 10:20:33 | Computer Name = beowafle-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 27.7.2012 10:20:33 | Computer Name = beowafle-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 27.7.2012 10:20:33 | Computer Name = beowafle-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 27.7.2012 10:20:34 | Computer Name = beowafle-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 27.7.2012 10:20:34 | Computer Name = beowafle-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 27.7.2012 10:20:34 | Computer Name = beowafle-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 27.7.2012 10:20:34 | Computer Name = beowafle-PC | Source = Windows Search Service | ID = 7010
Description =

[ System Events ]
Error - 11.8.2012 6:37:11 | Computer Name = beowafle-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 11.8.2012 13:10:24 | Computer Name = beowafle-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058

Error - 11.8.2012 17:51:02 | Computer Name = beowafle-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058

Error - 12.8.2012 7:38:27 | Computer Name = beowafle-PC | Source = Service Control Manager | ID = 7000
Description = Služba BBUpdate neuspěla při spuštění v důsledku následující chyby:
%%3

Error - 12.8.2012 7:40:10 | Computer Name = beowafle-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058

Error - 12.8.2012 7:40:55 | Computer Name = beowafle-PC | Source = Service Control Manager | ID = 7038
Description = Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s
aktuálně konfigurovaným heslem z důvodu následující chyby: %%1330 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 12.8.2012 7:40:55 | Computer Name = beowafle-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 12.8.2012 8:28:40 | Computer Name = beowafle-PC | Source = volsnap | ID = 393251
Description = Stínové kopie svazku C: byly přerušeny, protože se nepodařilo zvětšit
úložiště stínové kopie.

Error - 12.8.2012 9:25:24 | Computer Name = beowafle-PC | Source = volsnap | ID = 393251
Description = Stínové kopie svazku C: byly přerušeny, protože se nepodařilo zvětšit
úložiště stínové kopie.

Error - 12.8.2012 12:49:48 | Computer Name = beowafle-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058

< End of report >

#17 Příspěvek od **vyosek** » 14 srp 2012 22:37

Odinstalujte Advanced SystemCare 5 a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - [2012.03.14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3904428574-343483561-3331389905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-3904428574-343483561-3331389905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3904428574-343483561-3331389905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-3904428574-343483561-3331389905-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-3904428574-343483561-3331389905-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3904428574-343483561-3331389905-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3904428574-343483561-3331389905-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-3904428574-343483561-3331389905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3904428574-343483561-3331389905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
2012.06.19 16:33:40 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\extensions\support@lastpass.com
[2010.02.05 17:05:18 | 000,002,235 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\askcom.xml
[2010.09.29 15:28:52 | 000,002,059 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\daemon-search.xml
[2012.08.12 01:26:29 | 000,001,162 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\filetubecom.xml
[2009.10.30 12:32:51 | 000,000,694 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icq-search.xml
[2009.11.25 20:19:03 | 000,000,961 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin-1.xml
[2010.09.15 17:47:30 | 000,000,950 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin-2.xml
[2010.09.23 16:21:35 | 000,000,950 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin-3.xml
[2010.10.20 17:10:12 | 000,000,950 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin-4.xml
[2010.11.07 21:48:56 | 000,000,950 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin-5.xml
[2009.11.05 11:22:20 | 000,000,944 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin.xml
[2012.08.12 01:26:29 | 000,001,900 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\pixmac-search.xml
[2009.10.06 18:15:51 | 000,002,061 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\qipsearch.xml
[2010.06.26 21:51:14 | 000,001,692 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\sfd.xml
[2012.04.11 20:27:55 | 000,003,915 | ---- | M] () -- C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\sweetim.xml
O2 - BHO: (Codecv Class) - {A3D5DB9F-C4CC-4272-B002-D67C34CA3842} - C:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3904428574-343483561-3331389905-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{0eae1898-b7d6-11e1-8f95-e0cb4e205b2b}\Shell - "" = AutoRun
O33 - MountPoints2\{eda5ce16-e08a-11e1-aa56-e0cb4e205b2b}\Shell - "" = AutoRun
O33 - MountPoints2\{feac1316-764b-11e1-854c-e0cb4e205b2b}\Shell - "" = AutoRun
[2012.08.13 16:53:59 | 000,000,000 | -HSD | C] -- C:\Users\beowafle\AppData\Roaming\b63b966
[2012.03.25 01:49:38 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012.03.25 01:49:38 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012.03.25 01:50:36 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\IObit
[2012.03.25 01:49:38 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser.beowafle-PC\AppData\Roaming\IObit
[2012.08.14 20:25:56 | 000,000,206 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[16 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b3b76e6840fa15567939f5e2246408ed\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b3b76e6840fa15567939f5e2246408ed\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\f2ef2d51e94e8b6543fdc4d0e42d2c4c\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f2ef2d51e94e8b6543fdc4d0e42d2c4c\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\SysWOW64\*.tmp files -> C:\Windows\SysWOW64\*.tmp -> ]
[2012.08.14 22:04:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.08.14 20:25:56 | 000,000,206 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012.08.14 20:31:04 | 000,000,868 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3904428574-343483561-3331389905-1000Core.job
[2012.08.14 22:31:04 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3904428574-343483561-3331389905-1000UA.job
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2B856118

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=-
"AdobeAAMUpdater-1.0"=-
"SpywareTerminatorShield"=-
"SpywareTerminatorUpdater"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"DAEMON Tools Pro Agent"=-
"AlcoholAutomount"=-
"123456"=-
"b63b966"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"VisualSubSync"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

:files
C:\Users\beowafle\AppData\Roaming\*.exe
C:\Users\beowafle\Documents\DCSCMIN
C:\Program Files (x86)\SweetIM
C:\Program Files (x86)\IObit
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

beowafle · #18 Příspěvek od **beowafle** » 14 srp 2012 22:52

All processes killed
========== OTL ==========
Error: No service named AdvancedSystemCareService5 was found to stop!
Service\Driver key AdvancedSystemCareService5 not found.
File C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-3904428574-343483561-3331389905-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3904428574-343483561-3331389905-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3904428574-343483561-3331389905-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-3904428574-343483561-3331389905-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3904428574-343483561-3331389905-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3904428574-343483561-3331389905-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3904428574-343483561-3331389905-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
HKU\S-1-5-21-3904428574-343483561-3331389905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3904428574-343483561-3331389905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: DTToolbar@toolbarnet.com:1.1.7.0190 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "http://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=" removed from keyword.URL
Prefs.js: "http://search.icq.com/search/afe_result ... id=afex&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\askcom.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\daemon-search.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\filetubecom.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icq-search.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\pixmac-search.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\qipsearch.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\sfd.xml moved successfully.
C:\Users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\searchplugins\sweetim.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3D5DB9F-C4CC-4272-B002-D67C34CA3842}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3D5DB9F-C4CC-4272-B002-D67C34CA3842}\ deleted successfully.
C:\ProgramData\Codecv\bhoclass.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3904428574-343483561-3331389905-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae1898-b7d6-11e1-8f95-e0cb4e205b2b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eae1898-b7d6-11e1-8f95-e0cb4e205b2b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eda5ce16-e08a-11e1-aa56-e0cb4e205b2b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eda5ce16-e08a-11e1-aa56-e0cb4e205b2b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{feac1316-764b-11e1-854c-e0cb4e205b2b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{feac1316-764b-11e1-854c-e0cb4e205b2b}\ not found.
C:\Users\beowafle\AppData\Roaming\b63b966 folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\IObit\ not found.
C:\Users\UpdatusUser\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\UpdatusUser\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\UpdatusUser\AppData\Roaming\IObit folder moved successfully.
C:\Users\UpdatusUser.beowafle-PC\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\UpdatusUser.beowafle-PC\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\UpdatusUser.beowafle-PC\AppData\Roaming\IObit folder moved successfully.
C:\Windows\Tasks\AutoKMS.job moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3E85.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4807.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4901.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC5ED.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF362.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFCC5.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2DC9.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3A04.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5169.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5C43.tmp\ehshell.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5C43.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6D44.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP889.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9A5C.tmp\UIAutomationClientsideProviders.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9A5C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9BB4.tmp\Microsoft.Build.Engine.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9BB4.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA595.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPAA64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPAD80.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC4B7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD3D4.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE4A5.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltEFEA.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\b3b76e6840fa15567939f5e2246408ed\BITADEA.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\f2ef2d51e94e8b6543fdc4d0e42d2c4c\BITFA17.tmp deleted successfully.
C:\Windows\System32\tmpAC1C.tmp deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
File C:\Windows\Tasks\AutoKMS.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3904428574-343483561-3331389905-1000Core.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3904428574-343483561-3331389905-1000UA.job moved successfully.
ADS C:\ProgramData\Temp:2B856118 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Pro Agent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\123456 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\b63b966 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\VisualSubSync not found.
========== FILES ==========
C:\Users\beowafle\AppData\Roaming\inst.exe moved successfully.
C:\Users\beowafle\Documents\DCSCMIN folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\images folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator folder moved successfully.
C:\Program Files (x86)\SweetIM folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\Update folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\SecurityHole_Backup folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\BootTimeLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: AppData

User: beowafle
->Temp folder emptied: 51393999 bytes
->Temporary Internet Files folder emptied: 1377030 bytes
->Java cache emptied: 6844256 bytes
->FireFox cache emptied: 155124546 bytes
->Google Chrome cache emptied: 247013621 bytes
->Opera cache emptied: 51798935 bytes
->Flash cache emptied: 77542 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 32280990 bytes
->Temporary Internet Files folder emptied: 68134501 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12989304 bytes
->Opera cache emptied: 160840 bytes
->Flash cache emptied: 593 bytes

User: Public

User: TEMP
->Temporary Internet Files folder emptied: 32768 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: UpdatusUser.beowafle-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 221660 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 599,00 mb

[EMPTYFLASH]

User: AppData

User: beowafle
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.beowafle-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: AppData

User: beowafle
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Public

User: TEMP

User: UpdatusUser

User: UpdatusUser.beowafle-PC

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08142012_234722

Files\Folders moved on Reboot...
C:\Users\beowafle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\beowafle\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

#19 Příspěvek od **vyosek** » 14 srp 2012 22:59

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

beowafle · #20 Příspěvek od **beowafle** » 14 srp 2012 23:18

ComboFix 12-08-14.05 - beowafle 15.08.2012 0:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2738 [GMT 2:00]
Spuštěný z: c:\users\beowafle\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\beowafle\AppData\Roaming\1FB2DB.dat
c:\users\beowafle\AppData\Roaming\Faces
c:\users\beowafle\AppData\Roaming\Faces\Faces.prf
c:\users\beowafle\AppData\Roaming\Microsoft\~DFKa68078.tmp
c:\users\beowafle\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\beowafle\AppData\Roaming\Microsoft\bass.dll
c:\users\beowafle\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\beowafle\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\beowafle\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\beowafle\AppData\Roaming\Microsoft\peaadje.dll
c:\users\beowafle\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\beowafle\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\beowafle\AppData\Roaming\Microsoft\Windows\Cookies\index (1).dat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-14 do 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 21:47 . 2012-08-14 21:47 -------- d-----w- C:\_OTL
2012-08-14 20:26 . 2012-08-14 20:26 512 ----a-w- C:\PhysicalMBR.bin
2012-08-14 18:50 . 2012-08-14 18:51 -------- d-----w- c:\program files\trend micro
2012-08-14 18:50 . 2012-08-14 18:51 -------- d-----w- C:\rsit
2012-08-14 18:22 . 2012-08-14 18:22 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-08-14 18:22 . 2012-08-14 18:22 -------- d-----w- c:\programdata\Spyware Terminator
2012-08-14 18:22 . 2012-08-14 18:22 -------- d-----w- c:\users\beowafle\AppData\Roaming\Spyware Terminator
2012-08-14 18:20 . 2012-08-14 18:22 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-08-14 15:06 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FC9D32E-A553-4A03-908B-D0D780198584}\mpengine.dll
2012-08-13 14:54 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-12 20:44 . 2012-08-13 14:45 -------- d-----w- c:\users\beowafle\AppData\Roaming\dclogs
2012-08-12 12:17 . 2012-08-13 16:16 -------- d-----w- c:\program files (x86)\Zaklínač
2012-08-12 11:59 . 2012-08-12 13:07 -------- d-----w- C:\TWEE_Upgrade
2012-08-11 19:34 . 2012-08-13 15:50 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-11 14:38 . 2012-08-13 15:50 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-11 14:38 . 2012-08-12 18:35 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-11 14:38 . 2012-08-11 21:23 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-08 21:33 . 2012-08-08 21:35 -------- d-----w- C:\Flashtool
2012-08-08 21:16 . 2012-08-08 21:16 -------- d-----w- c:\program files (x86)\Sony Media Go Install
2012-08-08 21:03 . 2012-08-08 21:03 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-08-08 21:03 . 2012-08-08 21:03 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-08-08 20:53 . 2012-08-08 20:53 -------- d-----w- c:\programdata\Sony Corporation
2012-08-08 19:45 . 2012-08-11 17:39 -------- d-----w- c:\users\beowafle\AppData\Roaming\MyPhoneExplorer
2012-08-08 19:45 . 2012-08-08 19:45 -------- d-----w- c:\program files (x86)\MyPhoneExplorer
2012-08-07 21:07 . 2012-08-07 21:07 -------- d-----w- c:\program files (x86)\Alcohol Soft
2012-08-07 20:03 . 2012-08-07 20:03 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-07 20:03 . 2012-08-07 20:26 -------- d-----w- c:\users\beowafle\AppData\Roaming\DAEMON Tools Pro
2012-08-07 20:03 . 2012-08-07 20:04 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2012-08-07 20:00 . 2012-08-07 20:07 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-08-07 19:39 . 2012-08-07 21:12 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-08-07 19:38 . 2012-08-07 21:12 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-08-07 13:45 . 2012-08-07 13:45 -------- d-----w- c:\program files (x86)\Rovio
2012-08-07 13:01 . 2012-08-07 13:01 -------- d-----w- c:\program files (x86)\iMGSRC.RU Photo Uploader
2012-08-06 20:34 . 2012-08-06 20:36 -------- d-----w- c:\users\beowafle\AppData\Local\GamersFirst LIVE!
2012-08-06 20:34 . 2012-08-14 21:46 -------- d-----w- c:\users\beowafle\AppData\Local\PMB Files
2012-08-06 20:33 . 2012-08-13 15:53 -------- d-----w- c:\programdata\PMB Files
2012-08-06 20:33 . 2012-08-06 20:33 -------- d-----w- c:\program files (x86)\Pando Networks
2012-08-06 20:33 . 2012-08-06 20:33 -------- d-----w- c:\program files (x86)\GamersFirst
2012-08-06 19:01 . 2012-08-06 19:01 -------- d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
2012-08-06 18:48 . 2012-08-06 18:48 -------- d-----w- c:\users\beowafle\AppData\Roaming\n-Track Software Data
2012-08-06 18:48 . 2012-08-06 18:48 -------- d-----w- c:\users\beowafle\AppData\Roaming\n-Track Drums
2012-08-06 18:48 . 2012-08-06 18:49 -------- d-----w- c:\users\beowafle\AppData\Roaming\n-Track Studio 7
2012-08-06 18:48 . 2012-08-06 18:48 -------- d-----w- c:\program files (x86)\Common Files\Propellerhead Software
2012-08-06 18:47 . 2012-08-06 18:47 -------- d-----w- c:\program files (x86)\n-Track
2012-08-06 18:23 . 2012-08-06 18:23 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-08-05 19:34 . 2012-08-07 19:32 -------- d-----w- c:\program files (x86)\HighGrow
2012-08-04 22:43 . 2012-08-04 22:43 -------- d-----w- c:\programdata\boost_interprocess
2012-08-04 21:40 . 2012-08-04 21:40 -------- d-----w- c:\users\beowafle\AppData\Roaming\Nemex
2012-08-04 21:40 . 2012-08-04 21:40 -------- d-----w- c:\users\beowafle\AppData\Local\Nemex
2012-08-04 21:39 . 2012-08-04 21:39 -------- d-----w- c:\program files (x86)\Nemex
2012-08-04 21:23 . 2012-08-04 21:24 -------- d-----w- c:\program files (x86)\Mp3tag
2012-07-27 08:10 . 2012-07-27 08:10 -------- d-----w- c:\users\beowafle\AppData\Local\Spotify
2012-07-27 08:09 . 2012-07-27 08:25 -------- d-----w- c:\users\beowafle\AppData\Roaming\Spotify
2012-07-26 18:42 . 2012-07-26 20:02 -------- d-----w- c:\program files (x86)\VisualSubSync
2012-07-26 16:29 . 2012-07-26 16:29 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-25 20:07 . 2012-07-25 20:07 -------- d-----w- c:\programdata\JAGUAR
2012-07-25 18:39 . 2012-07-25 18:50 -------- d-----w- c:\users\beowafle\AppData\Roaming\My Games
2012-07-25 13:20 . 2012-07-26 01:03 158944 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-07-22 21:27 . 2012-07-22 21:27 -------- d-----w- c:\users\beowafle\AppData\Roaming\OnLive App
2012-07-22 21:27 . 2012-07-22 21:27 -------- d-----w- c:\program files (x86)\OnLive
2012-07-22 12:43 . 2012-07-22 12:43 -------- d-----w- c:\program files (x86)\URUSoft
2012-07-17 15:25 . 2012-07-17 15:25 -------- d-----w- c:\program files (x86)\TimeAdjuster
2012-07-17 14:39 . 2012-07-17 14:39 -------- d-----w- c:\users\beowafle\AppData\Roaming\PotPlayerMini
2012-07-17 14:39 . 2012-07-17 14:39 -------- d-----w- c:\users\beowafle\AppData\Local\Daum
2012-07-17 14:38 . 2012-07-17 14:38 -------- d-----w- c:\program files (x86)\Daum
2012-07-17 14:36 . 2012-07-17 14:44 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-07-17 14:19 . 2012-07-27 13:31 -------- d-----w- c:\users\beowafle\AppData\Roaming\Media Player Classic
2012-07-17 14:18 . 2012-05-26 10:36 204800 ----a-w- c:\windows\system32\unrar64.dll
2012-07-17 14:18 . 2012-07-17 14:18 -------- d-----w- c:\program files\MPC-HC
2012-07-17 14:05 . 2012-08-11 13:34 -------- d-----w- c:\users\beowafle\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 21:04 . 2012-03-31 06:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 21:04 . 2012-03-25 00:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-15 17:40 . 2012-07-15 17:40 3750 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2012-07-14 08:08 . 2012-03-25 00:57 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 11:35 . 2012-07-03 11:35 86016 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-07-03 11:35 . 2012-07-03 11:35 431104 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-03 11:35 . 2012-07-03 11:35 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-03 11:35 . 2012-07-03 11:35 116736 ----a-w- c:\windows\system32\OpenAL32.dll
2012-06-16 20:59 . 2012-06-16 20:59 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-06-16 15:34 . 2012-06-16 15:35 268720 ----a-w- c:\windows\system32\javaws.exe
2012-06-16 15:34 . 2012-06-16 15:34 189360 ----a-w- c:\windows\system32\javaw.exe
2012-06-16 15:34 . 2012-06-16 15:34 188840 ----a-w- c:\windows\system32\java.exe
2012-06-16 15:34 . 2012-06-16 15:35 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-16 15:34 . 2012-06-16 15:35 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-12 03:08 . 2012-07-14 08:12 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-14 08:05 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 15:13 . 2012-06-06 15:13 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-06 15:13 . 2012-03-31 07:57 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-06 06:06 . 2012-07-14 08:05 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-14 08:05 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-14 08:05 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-14 08:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-14 08:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-14 08:05 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-19 11:36 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 11:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 11:36 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 11:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 11:36 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 11:36 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 11:36 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 11:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 11:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-14 08:06 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-14 08:06 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-14 08:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-14 08:06 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-14 08:06 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-14 08:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-14 08:07 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-14 08:06 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-14 08:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-14 08:06 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-14 08:06 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-14 08:07 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-14 08:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-14 08:06 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-14 08:06 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-14 08:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-14 08:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-14 08:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-14 08:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-14 08:05 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-14 08:05 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-14 08:05 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-14 08:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-14 08:05 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-14 08:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-14 08:05 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-14 08:05 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-14 08:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2011-08-12 19:29 . 2012-07-05 14:40 93733376 ----a-w- c:\program files\realspeaksoloczc.msi
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="d:\internet download manager\IDMan.exe" [2012-07-27 3515840]
"Spotify Web Helper"="c:\users\beowafle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-27 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ATKMEDIA"="c:\program files (x86)\asus\atk media\dmedia.exe" [2009-08-20 170624]
"ATKOSD2"="c:\program files (x86)\asus\atkosd2\atkosd2.exe" [2009-08-17 6859392]
"HControlUser"="c:\program files (x86)\asus\atk hotkey\hcontroluser.exe" [2009-06-19 105016]
"iTunesHelper"="d:\itunes\ituneshelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-11-30 12862]
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2012-6-22 2720408]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2009-11-30 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
R2 BBUpdate;BBUpdate; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-08 14448]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-24 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\game booster 3\Driver\WinRing0x64.sys [x]
R4 BBSvc;Bing Bar Update Service; [x]
R4 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
R4 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2012-03-24 31344]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-07 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-02-24 69632]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-07-26 158944]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-08-14 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-06-21 1148664]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- d:\internet download manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-06-21 2786512]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-06-21 3669712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
IE: Add to Evernote 4.0 - d:\evernote\EvernoteIE.dll/204
IE: Download all links with IDM - d:\internet download manager\IEGetAll.htm
IE: Download With Album Copier - c:\program files (x86)\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm
IE: Download with IDM - d:\internet download manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\beowafle\AppData\Roaming\Mozilla\Firefox\Profiles\zqn5ytir.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-Driver Genius - (no file)
Wow6432Node-HKLM-Run-Sweetpacks Communicator - c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe
Wow6432Node-HKLM-Run-SweetIM - c:\program files (x86)\sweetim\messenger\sweetim.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-Mp3tag - c:\program files (x86)\Mp3tag\Mp3tagUninstall.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A3D5DB9F-C4CC-4272-B002-D67C34CA3842}"=hex:51,66,7a,6c,4c,1d,38,12,f1,d8,c6,
a7,fe,8a,1c,07,cf,14,95,3c,31,94,7c,56
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:90,91,87,13,04,7a,cd,01
.
[HKEY_USERS\S-1-5-21-3904428574-343483561-3331389905-1000\Software\SecuROM\License information*]
"datasecu"=hex:c9,bd,87,d7,34,3e,25,3b,3e,c9,1c,9d,31,54,66,57,d9,3a,6d,42,07,
80,08,82,8c,65,87,00,62,a7,d3,5a,e7,72,c0,6f,54,07,12,10,1a,22,25,3d,54,83,\
"rkeysecu"=hex:ee,a9,bd,a3,bc,83,ad,a1,9f,83,ee,58,43,7b,9c,cc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-08-15 00:17:56
ComboFix-quarantined-files.txt 2012-08-14 22:17
.
Před spuštěním: 4 923 650 048
Po spuštění: 3 921 207 296
.
- - End Of File - - CA33E393D20EF0D9F4F7252899C85A2D

#21 Příspěvek od **vyosek** » 15 srp 2012 00:05

Jak se chova nas pacient

beowafle · #22 Příspěvek od **beowafle** » 15 srp 2012 00:12

vše se zdá být v pořádku

#23 Příspěvek od **vyosek** » 15 srp 2012 00:13

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

beowafle · #24 Příspěvek od **beowafle** » 15 srp 2012 00:26

děkuji za pomoc

. Až se mi na začátku šk. roku obnoví kapesné, určitě fórum podpořím.

#25 Příspěvek od **vyosek** » 15 srp 2012 00:30

Nemate zac, rad jsem pomohl

Za pripadnou podporu fora jmenem celeho tymu predem dekuji

Zase nekdy Obrázek

VIRY.CZ

Trojan

Re: Trojan

Re: Trojan

Re: Trojan

Re: Trojan

Re: Trojan

Re: Trojan

Re: Trojan

Re: Trojan

Re: Trojan

Re: Trojan