Vir, kterej zatěžuje procesor na 100%

[Damned]

Výborně.

Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs) nebo ComboFix (subs) a ulož si ho na Plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Reklama]

[TGVNeer]

ComboFix 12-12-28.02 - DJShiF 28.12.2012 23:11:29.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3564.2472 [GMT 1:00]
Spuštěný z: c:\users\DJShiF\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
C:\install.exe
C:\w7lxe-v10.exe
c:\w7lxe-v10.exe\w7lxe-v10.exe
c:\windows\isRS-000.tmp
c:\windows\MICROSOFT
c:\windows\system32\update
c:\windows\system32\update\diablo121016.cl
c:\windows\system32\update\diakgcn121016.cl
c:\windows\system32\update\igfxupdate.exe
c:\windows\system32\update\libcurl-4.dll
c:\windows\system32\update\libeay32.dll
c:\windows\system32\update\libidn-11.dll
c:\windows\system32\update\libusb-1.0.dll
c:\windows\system32\update\phatk121016.cl
c:\windows\system32\update\phatk121016Capeverdev1w256l4.bin
c:\windows\system32\update\poclbm121016.cl
c:\windows\system32\update\pthreadGC2.dll
c:\windows\system32\update\ssleay32.dll
c:\windows\system32\update\zlib1.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 22:17 . 2012-12-28 22:19 -------- d-----w- c:\users\DJShiF\AppData\Local\temp
2012-12-28 22:17 . 2012-12-28 22:17 -------- d-----w- c:\users\Ondra\AppData\Local\temp
2012-12-28 20:47 . 2012-12-28 20:47 -------- d-----w- c:\users\DJShiF\AppData\Roaming\Malwarebytes
2012-12-28 20:47 . 2012-12-28 20:47 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 20:47 . 2012-12-28 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-28 20:47 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 10:21 . 2012-12-28 10:21 -------- d-----w- C:\Shortcuts
2012-12-28 09:44 . 2012-12-27 13:17 269824 ----a-w- c:\windows\system32\igfxupdate.exe
2012-12-28 09:28 . 1997-03-24 16:42 314368 ----a-w- c:\windows\IsUninst.exe
2012-12-27 15:15 . 2012-12-27 15:15 -------- d-----w- c:\users\DJShiF\AppData\Local\Gladiatus
2012-12-27 14:38 . 2012-12-27 14:38 -------- d-----w- c:\users\DJShiF\AppData\Local\Programs
2012-12-26 11:38 . 2012-12-26 11:38 -------- d-----w- c:\programdata\ATI
2012-12-26 11:38 . 2012-12-26 11:38 -------- d-----w- c:\program files\AMD AVT
2012-12-26 11:37 . 2012-12-26 11:37 -------- d-----w- c:\program files\AMD APP
2012-12-26 10:57 . 2012-12-26 11:38 -------- d-----w- c:\programdata\AMD
2012-12-26 09:44 . 2012-12-27 13:17 410112 ----a-w- c:\windows\system32\taskhost.rs
2012-12-26 09:44 . 2012-12-27 13:17 269824 ----a-w- c:\windows\system32\SearchEngine.rs
2012-12-26 09:44 . 2012-12-26 11:40 371200 ----a-w- c:\windows\system32\SearchIndexer.dll
2012-12-24 18:38 . 2012-12-24 18:38 -------- d-----w- c:\windows\system32\Adobe
2012-12-19 18:33 . 2012-12-19 18:33 -------- d-----w- c:\users\DJShiF\AppData\Local\YoYo_Games_Ltd
2012-12-19 18:33 . 2012-12-19 18:33 -------- d-----w- c:\users\DJShiF\AppData\Local\GameMaker8.1
2012-12-19 18:31 . 2012-12-19 18:33 -------- d-----w- c:\users\DJShiF\AppData\Roaming\GameMaker
2012-12-19 18:31 . 2012-12-19 18:31 -------- d-----w- c:\users\DJShiF\GameMaker 8.1
2012-12-17 21:04 . 2012-12-17 21:04 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-12-16 12:20 . 2012-12-16 12:20 -------- d-----w- c:\programdata\RELOADED
2012-12-16 11:22 . 2012-12-17 21:04 -------- d-----w- c:\users\DJShiF\AppData\Local\Mozilla Firefox
2012-12-15 13:37 . 2012-12-15 13:37 -------- d-----w- c:\users\DJShiF\AppData\Local\DOSBox
2012-12-15 13:37 . 2012-12-15 13:41 -------- d-----w- c:\program files\DOSBox-0.74
2012-12-15 12:47 . 2012-12-15 13:10 -------- d-----w- c:\users\DJShiF\AppData\Roaming\Dwarfs
2012-12-14 19:12 . 2012-12-14 19:12 -------- d-----w- c:\users\DJShiF\Tracing
2012-12-14 19:12 . 2012-12-14 19:12 -------- d-----w- c:\windows\cs
2012-12-14 13:52 . 2012-12-14 13:52 -------- d-----w- c:\program files\Sizer
2012-12-11 15:31 . 2012-12-28 07:30 -------- d-----w- c:\program files\Steam
2012-12-09 16:08 . 2012-12-09 16:08 -------- d-----w- c:\users\DJShiF\AppData\Local\FLT
2012-12-07 20:06 . 2012-12-07 20:06 -------- d-----w- c:\program files\WB Games
2012-12-04 16:05 . 2012-12-04 16:05 -------- d-----w- c:\users\DJShiF\AppData\Roaming\ftblauncher
2012-12-04 15:48 . 2012-12-04 15:48 -------- d-----w- C:\temp
2012-12-04 15:48 . 2012-12-04 15:48 -------- d-----w- c:\program files\RealVNC
2012-12-02 10:57 . 2012-12-15 14:52 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-02 10:57 . 2012-12-02 10:57 -------- d-----w- c:\users\DJShiF\AppData\Local\PunkBuster
2012-12-02 10:56 . 2012-12-02 10:56 -------- d-----w- c:\programdata\Orbit
2012-12-02 10:49 . 2007-10-22 02:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2012-12-02 08:31 . 2012-12-02 08:31 5626536 ----a-w- c:\windows\system32\atiumdag.dll
2012-12-02 08:28 . 2012-12-02 08:28 9634304 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-02 08:00 . 2012-12-02 08:00 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-02 07:59 . 2012-12-02 07:59 58880 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-12-02 07:58 . 2012-12-02 07:58 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-12-02 07:58 . 2012-12-02 07:58 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-12-02 07:57 . 2012-12-02 07:57 18979328 ----a-w- c:\windows\system32\atioglxx.dll
2012-12-02 07:54 . 2012-12-02 07:54 13703168 ----a-w- c:\windows\system32\aticaldd.dll
2012-12-02 07:37 . 2012-12-02 07:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-02 07:37 . 2012-12-02 07:37 480768 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-02 07:36 . 2012-12-02 07:36 219136 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-02 07:35 . 2012-12-02 07:35 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-12-02 07:35 . 2012-12-02 07:35 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-02 07:35 . 2012-12-02 07:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-12-02 07:29 . 2012-12-02 07:29 3862528 ----a-w- c:\windows\system32\atiumdva.dll
2012-12-02 07:18 . 2012-12-02 07:18 78336 ----a-w- c:\windows\system32\amdave32.dll
2012-12-02 07:18 . 2012-12-02 07:18 71168 ----a-w- c:\windows\system32\atisamu32.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-12-02 07:14 . 2012-12-02 07:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-02 07:13 . 2012-12-02 07:13 421888 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-12-02 07:12 . 2012-12-02 07:12 438272 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-02 07:11 . 2012-12-02 07:11 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-12-02 07:11 . 2012-12-02 07:11 83968 ----a-w- c:\windows\system32\atiu9pag.dll
2012-12-02 02:26 . 2012-12-02 02:26 179712 ----a-w- c:\windows\system32\clinfo.exe
2012-12-02 02:26 . 2012-12-02 02:26 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2012-12-02 02:26 . 2012-12-02 02:26 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-12-02 02:21 . 2012-12-02 02:21 28738048 ----a-w- c:\windows\system32\amdocl.dll
2012-12-02 02:16 . 2012-12-02 02:16 50176 ----a-w- c:\windows\system32\OpenCL.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 14:52 . 2012-08-21 10:30 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-09 09:04 . 2012-08-21 10:31 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-12-09 09:04 . 2012-08-21 10:30 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-04 20:07 . 2012-08-23 05:36 13824 ----a-w- c:\windows\system32\slwga.dll
2012-12-04 20:07 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-12-04 20:07 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2012-12-02 10:51 . 2012-08-21 10:30 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-02 07:50 . 2012-01-17 05:23 949248 ----a-w- c:\windows\system32\aticfx32.dll
2012-12-02 07:46 . 2012-01-17 05:13 6684672 ----a-w- c:\windows\system32\atidxx32.dll
2012-11-03 22:25 . 2012-11-03 22:25 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D32A9FE6-9C9F-4520-BAB0-10ECB26F20E2}\offreg.dll
2012-10-30 22:51 . 2012-08-19 19:46 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-08-19 19:46 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-08-19 19:46 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-08-19 19:46 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-08-19 19:46 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-08-19 19:46 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-08-19 19:46 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-08-19 19:46 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-10 16:30 . 2012-10-10 16:30 33512 ----a-w- c:\windows\system32\drivers\taphss.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-12-04 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-07-24 3091296]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-10-08 14:40 138096 ----atw- c:\users\DJShiF\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-16 18:21 116648 ----atw- c:\users\DJShiF\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS]
2011-12-16 12:08 133400 ----a-w- c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-07-19 09:38 336992 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2012-06-11 09:28 10996368 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 10:27 17877168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-12-02 02:30 642216 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-11 15:31 1354736 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON]
2012-01-27 09:40 291608 ----a-r- c:\program files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-12-09 10:22 969104 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva400;XDva400; [x]
R3 XDva401;XDva401; [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncserver.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SearchIndexer;Search Indexer;c:\windows\system32\svchost.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
SearchIndexer
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000Core.job
- c:\users\DJShiF\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-08 14:40]
.
2012-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000UA.job
- c:\users\DJShiF\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-08 14:40]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-03 16:28]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-03 16:28]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000Core.job
- c:\users\DJShiF\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-16 18:21]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000UA.job
- c:\users\DJShiF\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-16 18:21]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Abe's Oddysee - c:\program files\Abe's Oddysee\Uninst.isu
AddRemove-Flight Simulator 9.0 - c:\program files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE
AddRemove-HandBrake - c:\program files\Handbrake\uninst.exe
AddRemove-Rockstar Games Social Club - c:\program files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe
AddRemove-Sleeping Dogs_is1 - c:\games\Sleeping Dogs\unins000.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\GreenTree Applications\YTD Video Downloader\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1801029948-336450479-1260751092-1000\Software\SecuROM\License information*]
"datasecu"=hex:e9,fb,4a,57,47,d4,37,80,08,8f,76,5e,0f,32,c2,81,d8,77,37,46,59,
51,b5,8b,bb,26,7e,29,1e,0d,cb,95,37,56,c2,53,98,49,47,7d,d2,fc,1e,65,12,0f,\
"rkeysecu"=hex:a5,40,7a,de,eb,c6,23,71,c5,c3,c8,ef,43,9a,8d,f9
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\fraps\fraps.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Celkový čas: 2012-12-28 23:22:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-28 22:22
.
Před spuštěním: Volných bajtů: 317 813 444 608
Po spuštění: Volných bajtů: 317 490 647 040
.
- - End Of File - - 9DE6FE5E5CE49DA84A3A9CA3B4053E9F

[TGVNeer]

Procák furt na 100%..

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

KillAll::
File::
c:\windows\system32\igfxupdate.exe

Driver::
SearchIndexer

NetSvc::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"SearchIndexer"=-
"SearchIndexer"=-
"SearchIndexer"=-
"SearchIndexer"=-
"SearchIndexer"=-

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"SearchIndexer"=-
"SearchIndexer"=-
"SearchIndexer"=-
"SearchIndexer"=-
"SearchIndexer"=-




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[TGVNeer]

ComboFix 12-12-28.02 - DJShiF 29.12.2012 10:55:20.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3564.2514 [GMT 1:00]
Spuštěný z: c:\users\DJShiF\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\DJShiF\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\igfxupdate.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\igfxupdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SearchIndexer
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-29 )))))))))))))))))))))))))))))))
.
.
2012-12-29 10:02 . 2012-12-29 10:04 -------- d-----w- c:\users\DJShiF\AppData\Local\temp
2012-12-29 10:02 . 2012-12-29 10:02 -------- d-----w- c:\users\Ondra\AppData\Local\temp
2012-12-29 10:02 . 2012-12-29 10:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 20:47 . 2012-12-28 20:47 -------- d-----w- c:\users\DJShiF\AppData\Roaming\Malwarebytes
2012-12-28 20:47 . 2012-12-28 20:47 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 20:47 . 2012-12-28 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-28 20:47 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 10:21 . 2012-12-28 10:21 -------- d-----w- C:\Shortcuts
2012-12-28 09:28 . 1997-03-24 16:42 314368 ----a-w- c:\windows\IsUninst.exe
2012-12-27 15:15 . 2012-12-27 15:15 -------- d-----w- c:\users\DJShiF\AppData\Local\Gladiatus
2012-12-27 14:38 . 2012-12-27 14:38 -------- d-----w- c:\users\DJShiF\AppData\Local\Programs
2012-12-26 11:38 . 2012-12-26 11:38 -------- d-----w- c:\programdata\ATI
2012-12-26 11:38 . 2012-12-26 11:38 -------- d-----w- c:\program files\AMD AVT
2012-12-26 11:37 . 2012-12-26 11:37 -------- d-----w- c:\program files\AMD APP
2012-12-26 10:57 . 2012-12-26 11:38 -------- d-----w- c:\programdata\AMD
2012-12-26 09:44 . 2012-12-27 13:17 410112 ----a-w- c:\windows\system32\taskhost.rs
2012-12-26 09:44 . 2012-12-27 13:17 269824 ----a-w- c:\windows\system32\SearchEngine.rs
2012-12-26 09:44 . 2012-12-26 11:40 371200 ----a-w- c:\windows\system32\SearchIndexer.dll
2012-12-24 18:38 . 2012-12-24 18:38 -------- d-----w- c:\windows\system32\Adobe
2012-12-19 18:33 . 2012-12-19 18:33 -------- d-----w- c:\users\DJShiF\AppData\Local\YoYo_Games_Ltd
2012-12-19 18:33 . 2012-12-19 18:33 -------- d-----w- c:\users\DJShiF\AppData\Local\GameMaker8.1
2012-12-19 18:31 . 2012-12-19 18:33 -------- d-----w- c:\users\DJShiF\AppData\Roaming\GameMaker
2012-12-19 18:31 . 2012-12-19 18:31 -------- d-----w- c:\users\DJShiF\GameMaker 8.1
2012-12-17 21:04 . 2012-12-17 21:04 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-12-16 12:20 . 2012-12-16 12:20 -------- d-----w- c:\programdata\RELOADED
2012-12-16 11:22 . 2012-12-17 21:04 -------- d-----w- c:\users\DJShiF\AppData\Local\Mozilla Firefox
2012-12-15 13:37 . 2012-12-15 13:37 -------- d-----w- c:\users\DJShiF\AppData\Local\DOSBox
2012-12-15 13:37 . 2012-12-15 13:41 -------- d-----w- c:\program files\DOSBox-0.74
2012-12-15 12:47 . 2012-12-15 13:10 -------- d-----w- c:\users\DJShiF\AppData\Roaming\Dwarfs
2012-12-14 19:12 . 2012-12-14 19:12 -------- d-----w- c:\users\DJShiF\Tracing
2012-12-14 19:12 . 2012-12-14 19:12 -------- d-----w- c:\windows\cs
2012-12-14 13:52 . 2012-12-14 13:52 -------- d-----w- c:\program files\Sizer
2012-12-11 15:31 . 2012-12-28 07:30 -------- d-----w- c:\program files\Steam
2012-12-09 16:08 . 2012-12-09 16:08 -------- d-----w- c:\users\DJShiF\AppData\Local\FLT
2012-12-07 20:06 . 2012-12-07 20:06 -------- d-----w- c:\program files\WB Games
2012-12-04 16:05 . 2012-12-04 16:05 -------- d-----w- c:\users\DJShiF\AppData\Roaming\ftblauncher
2012-12-04 15:48 . 2012-12-04 15:48 -------- d-----w- C:\temp
2012-12-04 15:48 . 2012-12-04 15:48 -------- d-----w- c:\program files\RealVNC
2012-12-02 10:57 . 2012-12-15 14:52 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-02 10:57 . 2012-12-02 10:57 -------- d-----w- c:\users\DJShiF\AppData\Local\PunkBuster
2012-12-02 10:56 . 2012-12-02 10:56 -------- d-----w- c:\programdata\Orbit
2012-12-02 10:49 . 2007-10-22 02:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2012-12-02 08:31 . 2012-12-02 08:31 5626536 ----a-w- c:\windows\system32\atiumdag.dll
2012-12-02 08:28 . 2012-12-02 08:28 9634304 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-02 08:00 . 2012-12-02 08:00 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-02 07:59 . 2012-12-02 07:59 58880 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-12-02 07:58 . 2012-12-02 07:58 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-12-02 07:58 . 2012-12-02 07:58 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-12-02 07:57 . 2012-12-02 07:57 18979328 ----a-w- c:\windows\system32\atioglxx.dll
2012-12-02 07:54 . 2012-12-02 07:54 13703168 ----a-w- c:\windows\system32\aticaldd.dll
2012-12-02 07:37 . 2012-12-02 07:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-02 07:37 . 2012-12-02 07:37 480768 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-02 07:36 . 2012-12-02 07:36 219136 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-02 07:35 . 2012-12-02 07:35 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-12-02 07:35 . 2012-12-02 07:35 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-02 07:35 . 2012-12-02 07:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-12-02 07:29 . 2012-12-02 07:29 3862528 ----a-w- c:\windows\system32\atiumdva.dll
2012-12-02 07:18 . 2012-12-02 07:18 78336 ----a-w- c:\windows\system32\amdave32.dll
2012-12-02 07:18 . 2012-12-02 07:18 71168 ----a-w- c:\windows\system32\atisamu32.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-12-02 07:14 . 2012-12-02 07:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-02 07:13 . 2012-12-02 07:13 421888 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-12-02 07:12 . 2012-12-02 07:12 438272 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-02 07:11 . 2012-12-02 07:11 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-12-02 07:11 . 2012-12-02 07:11 83968 ----a-w- c:\windows\system32\atiu9pag.dll
2012-12-02 02:26 . 2012-12-02 02:26 179712 ----a-w- c:\windows\system32\clinfo.exe
2012-12-02 02:26 . 2012-12-02 02:26 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2012-12-02 02:26 . 2012-12-02 02:26 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-12-02 02:21 . 2012-12-02 02:21 28738048 ----a-w- c:\windows\system32\amdocl.dll
2012-12-02 02:16 . 2012-12-02 02:16 50176 ----a-w- c:\windows\system32\OpenCL.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 14:52 . 2012-08-21 10:30 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-09 09:04 . 2012-08-21 10:31 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-12-09 09:04 . 2012-08-21 10:30 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-04 20:07 . 2012-08-23 05:36 13824 ----a-w- c:\windows\system32\slwga.dll
2012-12-04 20:07 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-12-04 20:07 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2012-12-02 10:51 . 2012-08-21 10:30 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-02 07:50 . 2012-01-17 05:23 949248 ----a-w- c:\windows\system32\aticfx32.dll
2012-12-02 07:46 . 2012-01-17 05:13 6684672 ----a-w- c:\windows\system32\atidxx32.dll
2012-11-03 22:25 . 2012-11-03 22:25 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D32A9FE6-9C9F-4520-BAB0-10ECB26F20E2}\offreg.dll
2012-10-30 22:51 . 2012-08-19 19:46 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-08-19 19:46 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-08-19 19:46 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-08-19 19:46 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-08-19 19:46 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-08-19 19:46 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-08-19 19:46 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-08-19 19:46 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-10 16:30 . 2012-10-10 16:30 33512 ----a-w- c:\windows\system32\drivers\taphss.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-12-04 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-07-24 3091296]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS]
2011-12-16 12:08 133400 ----a-w- c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-07-19 09:38 336992 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2012-06-11 09:28 10996368 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 10:27 17877168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-12-02 02:30 642216 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-11 15:31 1354736 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON]
2012-01-27 09:40 291608 ----a-r- c:\program files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-12-09 10:22 969104 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva400;XDva400; [x]
R3 XDva401;XDva401; [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncserver.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000Core.job
- c:\users\DJShiF\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-08 14:40]
.
2012-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000UA.job
- c:\users\DJShiF\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-08 14:40]
.
2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-03 16:28]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-03 16:28]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000Core.job
- c:\users\DJShiF\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-16 18:21]
.
2012-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000UA.job
- c:\users\DJShiF\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-16 18:21]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1801029948-336450479-1260751092-1000\Software\SecuROM\License information*]
"datasecu"=hex:e9,fb,4a,57,47,d4,37,80,08,8f,76,5e,0f,32,c2,81,d8,77,37,46,59,
51,b5,8b,bb,26,7e,29,1e,0d,cb,95,37,56,c2,53,98,49,47,7d,d2,fc,1e,65,12,0f,\
"rkeysecu"=hex:a5,40,7a,de,eb,c6,23,71,c5,c3,c8,ef,43,9a,8d,f9
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Celkový čas: 2012-12-29 11:07:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-29 10:07
ComboFix2.txt 2012-12-28 22:22
.
Před spuštěním: Volných bajtů: 317 578 489 856
Po spuštění: Volných bajtů: 317 011 234 816
.
- - End Of File - - 0E6CD337F4DE7DDAAC7D93BACDB16C01

[TGVNeer]

Že by to bylo pryč ? Už mám okolo 0% využití :) Takhle to bylo včera a po 15 minutách se to vrátilo .. Uvidíme

[Damned]

Dočistíme to a pak se uvidí.

Odinstaluj ComboFix. ComboFix se odinstaluje takto:
Vypni antivir a pokud máš i Antispyware ( nutné ) .

Start -> Spustit (nebo klávesy Win+R) a zadej do řádku: Combofix[mezera]/uninstall
*****************************************************************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup, zaškrtni Pro všechny uživatele.Pod Běžné registry změň na Vše, Specifické registry, Procesy a Služby na Vše. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 14 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

[TGVNeer]

OTL logfile created on: 29.12.2012 15:15:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DJShiF\Desktop\Stažené z netu
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,48 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 69,68% Memory free
18,13 Gb Paging File | 16,89 Gb Available in Paging File | 93,15% Paging File free
Paging file location(s): c:\pagefile.sys 15000 20000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 302,25 Gb Free Space | 64,91% Space Free | Partition Type: NTFS

Computer Name: DJSHIF-PC | User Name: DJShiF | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

========== Processes (All) ==========

PRC - C:\Users\DJShiF\Desktop\Stažené z netu\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\System32\winlogon.exe (Microsoft Corporation)
PRC - C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
PRC - C:\Windows\System32\lsass.exe (Microsoft Corporation)
PRC - C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wininit.exe (Microsoft Corporation)
PRC - C:\Windows\System32\VSSVC.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\smss.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\services.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lsm.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dwm.exe (Microsoft Corporation)
PRC - C:\Windows\System32\csrss.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)


========== Services (All) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\System32\PnkBstrA.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (vncserver) -- C:\Program Files\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Schedule) -- C:\Windows\System32\schedsvc.dll (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (LanmanServer) -- C:\Windows\System32\srvsvc.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Browser) -- C:\Windows\System32\browser.dll (Microsoft Corporation)
SRV - (wuauserv) -- C:\Windows\System32\wuaueng.dll (Microsoft Corporation)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (ProfSvc) -- C:\Windows\System32\profsvc.dll (Microsoft Corporation)
SRV - (CryptSvc) -- C:\Windows\System32\cryptsvc.dll (Microsoft Corporation)
SRV - (Spooler) -- C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (VaultSvc) -- C:\Windows\System32\lsass.exe (Microsoft Corporation)
SRV - (SamSs) -- C:\Windows\System32\lsass.exe (Microsoft Corporation)
SRV - (ProtectedStorage) -- C:\Windows\System32\lsass.exe (Microsoft Corporation)
SRV - (Netlogon) -- C:\Windows\System32\lsass.exe (Microsoft Corporation)
SRV - (KeyIso) -- C:\Windows\System32\lsass.exe (Microsoft Corporation)
SRV - (EFS) -- C:\Windows\System32\lsass.exe (Microsoft Corporation)
SRV - (ICCS) -- C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (PlugPlay) -- C:\Windows\System32\umpnpmgr.dll (Microsoft Corporation)
SRV - (WSearch) -- C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
SRV - (Dnscache) -- C:\Windows\System32\dnsrslvr.dll (Microsoft Corporation)
SRV - (wscsvc) -- C:\Windows\System32\wscsvc.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- C:\Windows\System32\winhttp.dll (Microsoft Corporation)
SRV - (WebClient) -- C:\Windows\System32\WebClnt.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wcncsvc) -- C:\Windows\System32\wcncsvc.dll (Microsoft Corporation)
SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (wudfsvc) -- C:\Windows\System32\WUDFSvc.dll (Microsoft Corporation)
SRV - (WinRM) -- C:\Windows\System32\WsmSvc.dll (Microsoft Corporation)
SRV - (WPDBusEnum) -- C:\Windows\System32\wpdbusenum.dll (Microsoft Corporation)
SRV - (WPCSvc) -- C:\Windows\System32\wpcsvc.dll (Microsoft Corporation)
SRV - (Wlansvc) -- C:\Windows\System32\wlansvc.dll (Microsoft Corporation)
SRV - (Winmgmt) -- C:\Windows\System32\wbem\WMIsvc.dll (Microsoft Corporation)
SRV - (LanmanWorkstation) -- C:\Windows\System32\wkssvc.dll (Microsoft Corporation)
SRV - (eventlog) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (StiSvc) -- C:\Windows\System32\wiaservc.dll (Microsoft Corporation)
SRV - (Wecsvc) -- C:\Windows\System32\wecsvc.dll (Microsoft Corporation)
SRV - (WdiSystemHost) -- C:\Windows\System32\wdi.dll (Microsoft Corporation)
SRV - (WdiServiceHost) -- C:\Windows\System32\wdi.dll (Microsoft Corporation)
SRV - (WerSvc) -- C:\Windows\System32\wersvc.dll (Microsoft Corporation)
SRV - (wercplsupport) -- C:\Windows\System32\wercplsupport.dll (Microsoft Corporation)
SRV - (WcsPlugInService) -- C:\Windows\System32\WcsPlugInService.dll (Microsoft Corporation)
SRV - (W32Time) -- C:\Windows\System32\w32time.dll (Microsoft Corporation)
SRV - (upnphost) -- C:\Windows\System32\upnphost.dll (Microsoft Corporation)
SRV - (UmRdpService) -- C:\Windows\System32\umrdp.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (UxSms) -- C:\Windows\System32\uxsms.dll (Microsoft Corporation)
SRV - (TrkWks) -- C:\Windows\System32\trkwks.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (SysMain) -- C:\Windows\System32\sysmain.dll (Microsoft Corporation)
SRV - (TermService) -- C:\Windows\System32\termsrv.dll (Microsoft Corporation)
SRV - (swprv) -- C:\Windows\System32\swprv.dll (Microsoft Corporation)
SRV - (TapiSrv) -- C:\Windows\System32\tapisrv.dll (Microsoft Corporation)
SRV - (SSDPSRV) -- C:\Windows\System32\ssdpsrv.dll (Microsoft Corporation)
SRV - (SstpSvc) -- C:\Windows\System32\sstpsvc.dll (Microsoft Corporation)
SRV - (TabletInputService) -- C:\Windows\System32\TabSvc.dll (Microsoft Corporation)
SRV - (TBS) -- C:\Windows\System32\tbssvc.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (ShellHWDetection) -- C:\Windows\System32\shsvcs.dll (Microsoft Corporation)
SRV - (RpcSs) -- C:\Windows\System32\rpcss.dll (Microsoft Corporation)
SRV - (DcomLaunch) -- C:\Windows\System32\rpcss.dll (Microsoft Corporation)
SRV - (SCardSvr) -- C:\Windows\System32\SCardSvr.dll (Microsoft Corporation)
SRV - (SDRSVC) -- C:\Windows\System32\sdrsvc.dll (Microsoft Corporation)
SRV - (RemoteRegistry) -- C:\Windows\System32\regsvc.dll (Microsoft Corporation)
SRV - (SessionEnv) -- C:\Windows\System32\SessEnv.dll (Microsoft Corporation)
SRV - (SENS) -- C:\Windows\System32\Sens.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (seclogon) -- C:\Windows\System32\seclogon.dll (Microsoft Corporation)
SRV - (pla) -- C:\Windows\System32\pla.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (BITS) -- C:\Windows\System32\qmgr.dll (Microsoft Corporation)
SRV - (napagent) -- C:\Windows\System32\QAGENTRT.DLL (Microsoft Corporation)
SRV - (p2psvc) -- C:\Windows\System32\p2psvc.dll (Microsoft Corporation)
SRV - (RasMan) -- C:\Windows\System32\rasmans.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (QWAVE) -- C:\Windows\System32\qwave.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PcaSvc) -- C:\Windows\System32\pcasvc.dll (Microsoft Corporation)
SRV - (RasAuto) -- C:\Windows\System32\rasauto.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (nsi) -- C:\Windows\System32\nsisvc.dll (Microsoft Corporation)
SRV - (netprofm) -- C:\Windows\System32\netprofm.dll (Microsoft Corporation)
SRV - (Netman) -- C:\Windows\System32\netman.dll (Microsoft Corporation)
SRV - (NlaSvc) -- C:\Windows\System32\nlasvc.dll (Microsoft Corporation)
SRV - (KtmRm) -- C:\Windows\System32\msdtckrm.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MpsSvc) -- C:\Windows\System32\MPSSVC.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (THREADORDER) -- C:\Windows\System32\mmcss.dll (Microsoft Corporation)
SRV - (MMCSS) -- C:\Windows\System32\mmcss.dll (Microsoft Corporation)
SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (lltdsvc) -- C:\Windows\System32\lltdsvc.dll (Microsoft Corporation)
SRV - (lmhosts) -- C:\Windows\System32\lmhsvc.dll (Microsoft Corporation)
SRV - (hkmsvc) -- C:\Windows\System32\KMSVC.DLL (Microsoft Corporation)
SRV - (MSiSCSI) -- C:\Windows\System32\iscsiexe.dll (Microsoft Corporation)
SRV - (iphlpsvc) -- C:\Windows\System32\iphlpsvc.dll (Microsoft Corporation)
SRV - (PolicyAgent) -- C:\Windows\System32\IPSECSVC.DLL (Microsoft Corporation)
SRV - (SharedAccess) -- C:\Windows\System32\ipnathlp.dll (Microsoft Corporation)
SRV - (IPBusEnum) -- C:\Windows\System32\IPBusEnum.dll (Microsoft Corporation)
SRV - (IKEEXT) -- C:\Windows\System32\IKEEXT.DLL (Microsoft Corporation)
SRV - (gpsvc) -- C:\Windows\System32\gpsvc.dll (Microsoft Corporation)
SRV - (hidserv) -- C:\Windows\System32\hidserv.dll (Microsoft Corporation)
SRV - (FDResPub) -- C:\Windows\System32\FDResPub.dll (Microsoft Corporation)
SRV - (fdPHost) -- C:\Windows\System32\fdPHost.dll (Microsoft Corporation)
SRV - (EventSystem) -- C:\Windows\System32\es.dll (Microsoft Corporation)
SRV - (EapHost) -- C:\Windows\System32\eapsvc.dll (Microsoft Corporation)
SRV - (dot3svc) -- C:\Windows\System32\dot3svc.dll (Microsoft Corporation)
SRV - (DPS) -- C:\Windows\System32\dps.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (CscService) -- C:\Windows\System32\cscsvc.dll (Microsoft Corporation)
SRV - (SCPolicySvc) -- C:\Windows\System32\certprop.dll (Microsoft Corporation)
SRV - (CertPropSvc) -- C:\Windows\System32\certprop.dll (Microsoft Corporation)
SRV - (bthserv) -- C:\Windows\System32\bthserv.dll (Microsoft Corporation)
SRV - (BFE) -- C:\Windows\System32\BFE.DLL (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (Audiosrv) -- C:\Windows\System32\audiosrv.dll (Microsoft Corporation)
SRV - (AudioEndpointBuilder) -- C:\Windows\System32\audiosrv.dll (Microsoft Corporation)
SRV - (AppMgmt) -- C:\Windows\System32\appmgmts.dll (Microsoft Corporation)
SRV - (AeLookupSvc) -- C:\Windows\System32\aelupsvc.dll (Microsoft Corporation)
SRV - (Appinfo) -- C:\Windows\System32\appinfo.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wmiApSrv) -- C:\Windows\System32\wbem\WmiApSrv.exe (Microsoft Corporation)
SRV - (wbengine) -- C:\Windows\System32\wbengine.exe (Microsoft Corporation)
SRV - (VSS) -- C:\Windows\System32\VSSVC.exe (Microsoft Corporation)
SRV - (vds) -- C:\Windows\System32\vds.exe (Microsoft Corporation)
SRV - (UI0Detect) -- C:\Windows\System32\UI0Detect.exe (Microsoft Corporation)
SRV - (TrustedInstaller) -- C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation)
SRV - (SNMPTRAP) -- C:\Windows\System32\snmptrap.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\System32\msdtc.exe (Microsoft Corporation)
SRV - (msiserver) -- C:\Windows\System32\msiexec.exe (Microsoft Corporation)
SRV - (RpcLocator) -- C:\Windows\System32\Locator.exe (Microsoft Corporation)
SRV - (Fax) -- C:\Windows\System32\FXSSVC.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (COMSysApp) -- C:\Windows\System32\dllhost.exe (Microsoft Corporation)
SRV - (ALG) -- C:\Windows\System32\alg.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\..\SearchScopes\{5540170E-00E4-4AD1-9F48-2F84C3352106}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYCZ&apn_uid=0853a0b1-f009-4b65-99ae-03da641c96a5&apn_sauid=C773769F-F5D0-4B4A-94C5-626B6F209B4C
IE - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/|http://www.google.cz/|http://www.youtube.com/|http://s10.kingsage.cz/game.php?village=8222&s=build_main&build=farm|http://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DJShiF\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DJShiF\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Users\DJShiF\AppData\Local\Mozilla Firefox\components [2012.12.16 12:22:53 | 000,000,000 | ---D | M]

[2012.11.12 17:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DJShiF\AppData\Roaming\Mozilla\Extensions
[2012.12.27 12:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DJShiF\AppData\Roaming\Mozilla\Firefox\Profiles\o596wx2z.default\extensions
[2012.12.27 12:36:32 | 000,347,856 | ---- | M] () (No name found) -- C:\Users\DJShiF\AppData\Roaming\Mozilla\Firefox\Profiles\o596wx2z.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.03 17:15:42 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\DJShiF\AppData\Roaming\Mozilla\Firefox\Profiles\o596wx2z.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DJShiF\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DJShiF\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DJShiF\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DJShiF\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DJShiF\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Angry Birds = C:\Users\DJShiF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Nyan Cat Progress Bar for YouTube = C:\Users\DJShiF\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdjaekjkckpdknkfncfnaibkabdcgmkg\1.14_0\
CHR - Extension: Super countdown = C:\Users\DJShiF\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmlflpmehdclkhdpmfajmonhhcdlhibh\1.1.0_0\
CHR - Extension: avast! WebRep = C:\Users\DJShiF\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gladiatus Crazy Add On = C:\Users\DJShiF\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggbidmjnmplnobkkjiinjmbnhccpkbj\2.9.0_0\
CHR - Extension: Auto Refresh Plus = C:\Users\DJShiF\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.16_0\

O1 HOSTS File: ([2012.12.29 11:03:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1801029948-336450479-1260751092-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1801029948-336450479-1260751092-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1801029948-336450479-1260751092-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C30E4F81-ABA7-48EF-9DAB-899BA5DB2960}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 14 Days ==========

[2012.12.29 11:07:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.29 11:02:17 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\AppData\Local\temp
[2012.12.28 23:09:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.28 21:47:59 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\AppData\Roaming\Malwarebytes
[2012.12.28 21:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.28 21:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.28 21:47:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.28 21:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.28 11:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duke Nukem - Manhattan Project
[2012.12.28 11:21:13 | 000,000,000 | ---D | C] -- C:\Shortcuts
[2012.12.28 10:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abe's Oddysee
[2012.12.28 10:28:11 | 000,314,368 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2012.12.27 16:15:40 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\AppData\Local\Gladiatus
[2012.12.27 15:38:17 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\AppData\Local\Programs
[2012.12.26 12:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.12.26 12:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012.12.26 12:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.12.26 12:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.12.26 11:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.12.26 10:44:04 | 000,410,112 | ---- | C] (Intel Corporation) -- C:\Windows\System32\taskhost.rs
[2012.12.26 10:44:03 | 000,371,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.dll
[2012.12.26 10:44:03 | 000,269,824 | ---- | C] (Intel Corporation) -- C:\Windows\System32\SearchEngine.rs
[2012.12.24 19:38:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012.12.21 15:19:07 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\Desktop\stazene hry originem
[2012.12.19 21:09:10 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\Desktop\Game maker hry
[2012.12.19 19:33:56 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\AppData\Local\YoYo_Games_Ltd
[2012.12.19 19:33:44 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\AppData\Local\GameMaker8.1
[2012.12.19 19:31:50 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\GameMaker 8.1
[2012.12.19 19:31:50 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker 8.1
[2012.12.19 19:31:50 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\AppData\Roaming\GameMaker
[2012.12.17 22:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.12.17 22:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.12.16 13:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.12.16 12:22:45 | 000,000,000 | ---D | C] -- C:\Users\DJShiF\AppData\Local\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2012.12.29 14:44:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.29 14:38:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000UA.job
[2012.12.29 13:45:24 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000UA.job
[2012.12.29 11:08:06 | 000,669,486 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.12.29 11:08:06 | 000,654,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.29 11:08:06 | 000,141,118 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.12.29 11:08:06 | 000,121,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.29 11:03:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.29 11:03:46 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.29 11:03:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.29 11:03:02 | 2802,524,160 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.28 22:58:39 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 22:58:39 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 22:48:43 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.28 20:38:29 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000Core.job
[2012.12.28 19:13:49 | 000,000,633 | ---- | M] () -- C:\Users\DJShiF\AppData\Roaming\Ping Monitor_Settings.ini
[2012.12.28 16:45:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000Core.job
[2012.12.28 10:28:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.12.28 10:28:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.12.27 17:56:10 | 000,076,422 | ---- | M] () -- C:\Users\DJShiF\Desktop\minecraft_modified.jar
[2012.12.27 14:17:25 | 000,410,112 | ---- | M] (Intel Corporation) -- C:\Windows\System32\taskhost.rs
[2012.12.27 14:17:25 | 000,269,824 | ---- | M] (Intel Corporation) -- C:\Windows\System32\SearchEngine.rs
[2012.12.26 12:40:25 | 000,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.dll
[2012.12.26 10:44:04 | 000,000,008 | ---- | M] () -- C:\Windows\System32\SearchEngine.dat
[2012.12.26 10:34:31 | 000,002,533 | ---- | M] () -- C:\Users\DJShiF\Desktop\Google Chrome.lnk
[2012.12.23 22:02:06 | 000,238,360 | ---- | M] () -- C:\Users\DJShiF\Desktop\Náhled kanál2u.jpg
[2012.12.23 21:43:53 | 005,293,026 | ---- | M] () -- C:\Users\DJShiF\Desktop\Náhled kanálu.psb
[2012.12.22 16:41:34 | 000,081,938 | ---- | M] () -- C:\Users\DJShiF\Desktop\minecraft.jar
[2012.12.21 18:58:05 | 008,501,139 | ---- | M] () -- C:\Users\DJShiF\Desktop\The Mask - Come to Die.mp3
[2012.12.20 20:30:14 | 011,288,070 | ---- | M] () -- C:\Users\DJShiF\Desktop\Gritlock - Ultrakill [Original Mix].mp3
[2012.12.16 18:34:40 | 000,001,074 | ---- | M] () -- C:\Users\DJShiF\Desktop\Dwarfs.exe – zástupce.lnk
[2012.12.16 10:52:06 | 000,016,169 | ---- | M] () -- C:\Users\DJShiF\Documents\2vidko.wlmp
[2012.12.15 21:29:24 | 000,001,285 | ---- | M] () -- C:\Users\DJShiF\Desktop\Mineshafter-proxy.jar – zástupce.lnk
[2012.12.15 15:52:45 | 000,281,688 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.28 21:47:48 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.28 10:28:08 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.12.28 10:28:08 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.12.26 10:44:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\SearchEngine.dat
[2012.12.23 22:02:01 | 000,238,360 | ---- | C] () -- C:\Users\DJShiF\Desktop\Náhled kanál2u.jpg
[2012.12.23 21:43:51 | 005,293,026 | ---- | C] () -- C:\Users\DJShiF\Desktop\Náhled kanálu.psb
[2012.12.22 16:41:03 | 000,081,938 | ---- | C] () -- C:\Users\DJShiF\Desktop\minecraft.jar
[2012.12.22 16:41:03 | 000,076,422 | ---- | C] () -- C:\Users\DJShiF\Desktop\minecraft_modified.jar
[2012.12.21 18:56:36 | 008,501,139 | ---- | C] () -- C:\Users\DJShiF\Desktop\The Mask - Come to Die.mp3
[2012.12.20 20:27:17 | 011,288,070 | ---- | C] () -- C:\Users\DJShiF\Desktop\Gritlock - Ultrakill [Original Mix].mp3
[2012.12.16 18:34:40 | 000,001,074 | ---- | C] () -- C:\Users\DJShiF\Desktop\Dwarfs.exe – zástupce.lnk
[2012.12.16 10:52:06 | 000,016,169 | ---- | C] () -- C:\Users\DJShiF\Documents\2vidko.wlmp
[2012.12.15 21:29:24 | 000,001,285 | ---- | C] () -- C:\Users\DJShiF\Desktop\Mineshafter-proxy.jar – zástupce.lnk
[2012.12.13 16:45:25 | 000,000,435 | ---- | C] () -- C:\Users\DJShiF\AppData\Roaming\Ping Monitor_Servers.ini
[2012.12.02 03:26:44 | 000,179,712 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.11.16 15:39:19 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.10.12 15:28:05 | 000,000,633 | ---- | C] () -- C:\Users\DJShiF\AppData\Roaming\Ping Monitor_Settings.ini
[2012.09.20 18:07:22 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012.09.19 20:09:40 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2012.09.18 15:00:40 | 000,662,787 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.09.16 15:40:18 | 000,063,457 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012.09.04 16:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2012.09.04 16:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2012.08.21 21:05:00 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.08.21 11:31:13 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.08.21 11:31:12 | 000,022,328 | ---- | C] () -- C:\Users\DJShiF\AppData\Roaming\PnkBstrK.sys
[2012.08.21 11:30:54 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.08.21 11:30:50 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.08.21 11:30:50 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.08.16 19:19:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.16 19:17:34 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012.08.16 19:10:21 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2012.08.16 19:05:16 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2012.08.16 19:05:16 | 000,019,056 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2012.08.16 19:04:06 | 000,015,128 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012.08.16 19:02:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.07.28 02:30:54 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.07.28 02:30:54 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2011.12.08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[TGVNeer]

2.část




[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.10.24 14:29:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2012.11.19 21:03:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MyHeritage
[2012.11.02 06:52:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012.11.02 06:52:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012.12.23 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\.minecraft
[2012.11.19 16:26:43 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\.minecraft – kopie
[2012.12.15 09:49:56 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\.techniclauncher
[2012.11.25 12:59:48 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\.techniclauncher – kopie
[2012.08.27 19:22:39 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\.tshock
[2012.12.28 17:42:24 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\Audacity
[2012.08.22 12:12:02 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\BANDISOFT
[2012.09.19 15:15:08 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\BitTorrent
[2012.08.22 13:06:32 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\BSplayer
[2012.08.16 19:41:53 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\BSplayer Pro
[2012.12.15 14:10:39 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\Dwarfs
[2012.12.04 17:05:49 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\ftblauncher
[2012.09.16 16:00:01 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\FUEL
[2012.12.19 19:33:56 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\GameMaker
[2012.11.15 18:28:17 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\HandBrake
[2012.08.20 09:45:02 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\IObit
[2012.11.04 19:33:05 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\Origin
[2012.10.23 20:28:00 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\PowerISO
[2012.10.13 09:45:28 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\PunkBuster
[2012.08.17 17:12:03 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\Smart PC Solutions
[2012.10.25 08:22:14 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\Sp@rrow
[2012.09.28 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\TeamViewer
[2012.08.25 13:30:09 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\TEdit
[2012.11.22 17:22:41 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\Theta
[2012.08.18 10:46:04 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\Ubisoft
[2012.12.26 09:56:33 | 000,000,000 | ---D | M] -- C:\Users\DJShiF\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

[TGVNeer]

OTL Extras logfile created on: 29.12.2012 15:15:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DJShiF\Desktop\Stažené z netu
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,48 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 69,68% Memory free
18,13 Gb Paging File | 16,89 Gb Available in Paging File | 93,15% Paging File free
Paging file location(s): c:\pagefile.sys 15000 20000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 302,25 Gb Free Space | 64,91% Space Free | Partition Type: NTFS

Computer Name: DJSHIF-PC | User Name: DJShiF | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801029948-336450479-1260751092-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.FBB2X2OZN7ZWJ33NMJMGCYDHFI] -- C:\Users\DJShiF\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{040DB682-797D-4147-A002-A3BD353A1358}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{05D67A74-4789-44E0-B5B1-051C2E58764D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{146A6B56-A021-4EBD-8D9F-EC24FAF990CA}" = lport=445 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B7212F1-0250-458D-9B2E-A27F3E241B63}" = lport=139 | protocol=6 | dir=in | app=system |
"{2533D527-9AAE-4C85-A7C8-073D611F6A53}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A9FD921-C1E9-4AC5-AA23-2BF3298ADDB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3259134C-7DF5-4AF8-A083-A943ABF229E6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{441CDDEA-519A-4971-9981-B637CFB7E8C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E5F80F0-7A08-4815-812E-8EA41170DA70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{59FFF8C8-2CE0-4F46-AA58-9C0CB80E1FDA}" = lport=3389 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{66932B80-DA1C-490D-8A18-75C90640A14F}" = rport=137 | protocol=17 | dir=out | app=system |
"{69700659-3049-4809-B424-D36C9BC00255}" = rport=445 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FBB38A0-C954-4902-BDF4-A18CDAAAC06C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C5D9C0D-E0FA-43E1-B0BF-967DFB9F3579}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F0AE999-949B-48EF-86C0-8C5AE3D3CA1F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{923C993E-94EA-43BA-A700-27A6B9FFDB2C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A3A60A6C-DA28-4309-AF20-92D8BB48982D}" = rport=138 | protocol=17 | dir=out | app=system |
"{AC4F87B8-731C-4815-839B-6038A311A87A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C91C42AB-47A1-4160-BD8F-AA59F630E40D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE529CD9-4646-4B8F-AB6A-BED8469D2E07}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6986B18-17A5-40D6-B761-BB35B9E29E4E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAFB6C32-50F7-47D6-B889-728B6A2E0157}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{DF0DB13F-63FE-42C0-A8DA-A4BAFCA2B23D}" = lport=137 | protocol=17 | dir=in | app=system |
"{E5A427DC-F452-47C2-A9E0-E05ACA70539E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDCC1F2F-83A9-4F41-9B4C-D86E2597D111}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04A19CB0-2531-4E7C-B2E1-A13609DC6A3C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{14285535-727A-410C-BE1F-0154E1F33982}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{23574608-1FB7-46D9-874C-312175BF72B6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{287B03AF-C76B-4DE2-BBF0-FA2C9CF5FC86}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2DB19629-40F3-44BA-B1C6-75473345DD99}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2F299F62-D9A9-4D1E-9E60-38192238D992}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{373D3651-89BE-41C0-B12A-A3597E0C0890}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3880CD16-1C0C-4449-A754-FB46E98C2BCA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{3C32EA4B-4A8B-4E9B-BDC0-92ED3BAEFCA6}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{3C41E5E8-72CF-48BC-9C2B-0490333BD1AB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{478A150F-0728-4C3D-873B-E6E38A55BA17}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4AD6829D-AE80-426F-B83B-E9C908EA4836}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63E394CE-B6F6-4E06-A58D-3A9F2D03FEBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{642EA15D-3662-44D7-A1AD-38A743A0D708}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6943B890-784D-45B3-866D-0FFEB8FCC9BF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6C368DBC-A6DE-4DC2-A270-86C11A4C484F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{726AE13D-1284-4D2D-A84E-A5909D19F1CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{74DB28A1-27CA-41A1-9792-138C2D361CA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{74FF727C-688B-4D2B-BA50-0A2A54E69A02}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{75ABDCEA-B2BB-4DC5-94F5-2468626AA15D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7BF3F0C1-F2F5-4BD8-A927-AC521374BC32}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{7C80E690-04D2-43A7-AEE9-2C9DC705CA87}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{7E5F488C-170D-4C9F-B72B-64CBFDB38906}" = protocol=17 | dir=in | app=c:\program files\codemasters\fuel\fuel.exe |
"{841A7898-2D5C-4DE6-AA44-CD6239F7BEAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{852BB6C4-311D-4A2D-A006-23FC6284E8F0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{876E7BC1-DCFC-4B38-B1EC-F8BA8DA5ED96}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{87A5A238-4FF3-49ED-BC02-E486BDD6A782}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{8F01ECBF-B3D5-4DA3-B2C1-A946B5711F86}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{92E9413A-9028-4843-BA8F-FF54B7583EB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94002D73-1799-49AC-9F16-3FD8A56FA56E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95545222-0A54-4713-8E5B-3638AAB38624}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{95FD03D0-4361-44F1-8693-CE81907EB46F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97F455F1-C250-4673-B271-C5E999A6E883}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A0A536C1-320D-4D45-BC61-3FE943B1D94E}" = protocol=6 | dir=in | app=c:\program files\codemasters\fuel\fuel.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7CB57EF-0829-4134-8B2B-DD699BC41802}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B43C1008-1F9E-470B-B39C-A7264A09BA9E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C02214BE-E290-4327-A89B-A8A587CC4627}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6952764-E00D-4813-97FD-D317864527EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C8DEC2DA-9AE9-4FDE-A91B-24E97D93599A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D04776A6-4EC1-4208-BC73-0865ED25DDB8}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5737396-05EB-4CB3-9660-03578E26DB65}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{DAB34346-D638-40C0-80EB-58E0311F5FDE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F480B61D-08E9-47F4-9B67-C0222092CCF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7169230-FA3C-4540-B3DF-B00598C69A45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD5CE9A1-E0F8-4FA5-9B9E-3F5A89B682E6}" = protocol=6 | dir=out | app=system |
"TCP Query User{0618A73C-6914-4D15-AFC7-7591D78BFE63}C:\sdilena\garry's mod\hl2.exe" = protocol=6 | dir=in | app=c:\sdilena\garry's mod\hl2.exe |
"TCP Query User{17F2D00C-D31B-483C-A9D9-0ADDD75C890C}C:\sdilena\call of duty modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\sdilena\call of duty modern warfare 3\iw5mp_server.exe |
"TCP Query User{1F8BF249-BEC5-4B83-BAB6-C3CDA382FEAC}C:\users\djshif\desktop\složky to je vše\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\djshif\desktop\složky to je vše\terraria\terrariaserver.exe |
"TCP Query User{3AA759DF-7910-4F4B-AC8A-989B31C5079A}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{3F321A58-941D-4DB8-9722-1BCDB3B61D49}C:\program files\rockstar games\maxpayne3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\maxpayne3\maxpayne3.exe |
"TCP Query User{468B40F4-99A3-4F56-B892-F1A741F5F4CC}C:\sdilena\rise of nations\patriots.exe" = protocol=6 | dir=in | app=c:\sdilena\rise of nations\patriots.exe |
"TCP Query User{4B74F026-8EB7-465C-BDAB-FD4EE29A7064}C:\sdilena\call of duty modern warfare 3 – kopie\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\sdilena\call of duty modern warfare 3 – kopie\iw5mp_server.exe |
"TCP Query User{5456E063-D744-475C-9C31-CCA3D1CFDD32}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{5E1E55F4-48FB-48DC-AC72-49A750C848FB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{7A345227-242C-4DB7-A7F9-3C8AC10A3B68}C:\program files\prototype 2\prototype2.exe" = protocol=6 | dir=in | app=c:\program files\prototype 2\prototype2.exe |
"TCP Query User{89905CD1-E9E9-4560-95C3-0F4C003C6E71}C:\sdilena\call of duty modern warfare 3 – kopie\iw5sp.exe" = protocol=6 | dir=in | app=c:\sdilena\call of duty modern warfare 3 – kopie\iw5sp.exe |
"TCP Query User{8BE2CD8A-E64A-48BA-ADD2-067D0AB157FD}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{8C8B2114-83D9-4845-A239-7FE4EE215978}C:\sdilena\call of duty modern warfare 3 – kopie\iw5mp.exe" = protocol=6 | dir=in | app=c:\sdilena\call of duty modern warfare 3 – kopie\iw5mp.exe |
"TCP Query User{90BC62E9-EDE4-4D9E-A820-A3433DFB02C3}C:\sdilena\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=c:\sdilena\call of duty modern warfare 3\iw5mp.exe |
"TCP Query User{A6F2D4CC-4E00-4477-B2DD-A299BCB6A460}C:\sdilena\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=c:\sdilena\call of duty modern warfare 3\iw5sp.exe |
"UDP Query User{00603BA9-CA3F-418B-81A7-343AAB683030}C:\sdilena\rise of nations\patriots.exe" = protocol=17 | dir=in | app=c:\sdilena\rise of nations\patriots.exe |
"UDP Query User{048BB2EB-A244-4A19-BF1D-77DE674D6168}C:\sdilena\call of duty modern warfare 3 – kopie\iw5mp.exe" = protocol=17 | dir=in | app=c:\sdilena\call of duty modern warfare 3 – kopie\iw5mp.exe |
"UDP Query User{17B0EBA4-4A16-481F-AF41-E8FD845EE0DD}C:\sdilena\call of duty modern warfare 3 – kopie\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\sdilena\call of duty modern warfare 3 – kopie\iw5mp_server.exe |
"UDP Query User{6241EB42-E20C-4A0E-B93D-7F43D0B16889}C:\sdilena\garry's mod\hl2.exe" = protocol=17 | dir=in | app=c:\sdilena\garry's mod\hl2.exe |
"UDP Query User{7155BF79-A238-4045-BBF8-C2BCD80DC887}C:\users\djshif\desktop\složky to je vše\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\djshif\desktop\složky to je vše\terraria\terrariaserver.exe |
"UDP Query User{8B4D0909-2469-4C97-93E1-870C0C01A32E}C:\program files\rockstar games\maxpayne3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\maxpayne3\maxpayne3.exe |
"UDP Query User{942B7C8D-ADDB-446F-BF42-79A9F4776D6E}C:\sdilena\call of duty modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\sdilena\call of duty modern warfare 3\iw5mp_server.exe |
"UDP Query User{A29749D2-CB1D-4585-B957-7F5A3A479544}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{B914BB40-70CB-46E1-8501-D0751EE11BE9}C:\sdilena\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=c:\sdilena\call of duty modern warfare 3\iw5sp.exe |
"UDP Query User{C54094A9-FE43-4F20-A8F3-2524F03F4538}C:\program files\prototype 2\prototype2.exe" = protocol=17 | dir=in | app=c:\program files\prototype 2\prototype2.exe |
"UDP Query User{C9951A1E-FC21-4DC1-87EC-80B8C30D3626}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D2A17B73-59F0-4503-9E0E-5169CD2162A5}C:\sdilena\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=c:\sdilena\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{D8170BE3-DAB2-4E38-A40D-6FD130DE203F}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{E9D718D1-E541-46BC-9EFE-BFC256156E53}C:\sdilena\call of duty modern warfare 3 – kopie\iw5sp.exe" = protocol=17 | dir=in | app=c:\sdilena\call of duty modern warfare 3 – kopie\iw5sp.exe |
"UDP Query User{F81ABF1C-1515-459C-9D6C-79D4EFE33A9D}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0901FCE8-5415-4499-BBC8-1AA106DD66E2}" = Adobe Setup
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0402.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4DECFC9F-2310-4C02-009A-B6758306EF00}" = FIFA 06
"{5178C1BB-1EB1-4468-894B-7DE964DDCAA2}" = Adobe Photoshop CS3
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{66DB6D91-BF91-480B-933D-7CB8B1E64D74}" = Windows Live Messenger
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}" = Windows Live Essentials
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{852F940A-BE93-4DF9-98E5-6F5FA7AFF3EE}" = Intel® Trusted Connect Service Client
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}" = Duke Nukem - Manhattan Project
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A035950F-15BA-41C0-9D8F-165FC0536012}" = Movie Maker
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}" = Fotogalerie
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B87F2410-E145-CD16-0FF1-9978BFE6072F}" = AMD Drag and Drop Transcoding
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D4B9B59F-CACD-E603-9EC1-73C169B9B4AB}" = ccc-utility
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = Catalyst Control Center
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{D9D94C72-AC7C-4225-7984-B91432592CBC}" = AMD Catalyst Install Manager
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD2CEA69-56C8-51B5-7ABA-2A016D4BC275}" = AMD Accelerated Video Transcoding
"{DE43AA92-E8C0-4620-AFE2-FBD623C71643}" = Sizer 3.34
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB91007A-0110-42A6-B869-2709955A9B2A}" = Photo Common
"{EC268F4A-331A-B660-E117-1D33E0DDF739}" = AMD Media Foundation Decoders
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{F51FF206-2273-4B3E-A90A-4752AE288C12}" = FUEL
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Borderlands 2_is1" = Borderlands 2
"BSPlayerf" = BS.Player FREE
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Crossfire Europe" = Crossfire Europe
"Fraps" = Fraps (remove only)
"GameSpy Arcade" = GameSpy Arcade
"Hamachi" = Hamachi 1.0.2.5
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0402.1
"InstallShield_{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}" = Duke Nukem - Manhattan Project
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"JUST CAUSE *DVD RIP* *MULTI 4*_is1" = JUST CAUSE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Mozilla Firefox 17.0.1 (x86 cs)" = Mozilla Firefox 17.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RealVNC_is1" = VNC Server 5.0.3
"RealVNCViewer_is1" = VNC Viewer 5.0.3
"RegUtility_is1" = RegUtility version 4.1
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"Scribblenauts Unlimited_is1" = Scribblenauts Unlimited
"SpeedFan" = SpeedFan (remove only)
"Steam App 212800" = Super Crate Box
"Steam App 570" = Dota 2
"Unlocker" = Unlocker 1.9.1
"Uplay" = Uplay
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1801029948-336450479-1260751092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameMaker81" = GameMaker 8.1
"Google Chrome" = Google Chrome
"Proactive System Password Recovery" = Proactive System Password Recovery
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28.12.2012 6:17:25 | Computer Name = DJShiF-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 28.12.2012 6:20:49 | Computer Name = DJShiF-PC | Source = VSS | ID = 8194
Description =

Error - 28.12.2012 7:08:33 | Computer Name = DJShiF-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: prism3d.exe, verze: 0.0.0.0, časové razítko:
0x3cd16842 Název chybujícího modulu: duke_base.dll, verze: 0.0.0.0, časové razítko:
0x3cd167dd Kód výjimky: 0xc0000005 Posun chyby: 0x000a4b6c ID chybujícího procesu:
0xac0 Čas spuštění chybující aplikace: 0x01cde4e5a4d38258 Cesta k chybující aplikaci:
C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe Cesta k chybujícímu
modulu: C:\Program Files\Duke Nukem - Manhattan Project\duke\sys\duke_base.dll ID
zprávy: ea88a8fb-50de-11e2-bde9-902b341e743f

Error - 28.12.2012 14:10:04 | Computer Name = DJShiF-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 28.12.2012 17:15:51 | Computer Name = DJShiF-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovač aktivace licence (sppuinotify.dll) byl ukončen s následujícím
kódem chyby: 0x80070005

Error - 28.12.2012 18:00:04 | Computer Name = DJShiF-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 28.12.2012 18:18:43 | Computer Name = DJShiF-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 29.12.2012 5:21:19 | Computer Name = DJShiF-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 29.12.2012 5:47:38 | Computer Name = DJShiF-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 29.12.2012 6:03:37 | Computer Name = DJShiF-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

[ System Events ]
Error - 29.12.2012 5:59:12 | Computer Name = DJShiF-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 29.12.2012 6:01:53 | Computer Name = DJShiF-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 29.12.2012 6:02:19 | Computer Name = DJShiF-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 29.12.2012 6:02:23 | Computer Name = DJShiF-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 29.12.2012 6:03:18 | Computer Name = DJShiF-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (11:01:46, ?29.?12.?2012) bylo neočekávané.

Error - 29.12.2012 6:04:39 | Computer Name = DJShiF-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058

Error - 29.12.2012 6:06:28 | Computer Name = DJShiF-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058

Error - 29.12.2012 6:06:50 | Computer Name = DJShiF-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058

Error - 29.12.2012 6:45:19 | Computer Name = DJShiF-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058

Error - 29.12.2012 6:46:19 | Computer Name = DJShiF-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058


< End of report >

[Damned]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/Opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKU\S-1-5-21-1801029948-336450479-1260751092-1000\..\SearchScopes\{5540170E-00E4-4AD1-9F48-2F84C3352106}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYCZ&apn_uid=0853a0b1-f009-4b65-99ae-03da641c96a5&apn_sauid=C773769F-F5D0-4B4A-94C5-626B6F209B4C
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: File not found
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Services

:Files
C:\Windows\System32\SearchEngine.dat

C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\system32\SET*.tmp
C:\Recycler
C:\$RECYCLE.BIN
C:\RECYCLER
C:\Windows\tasks\*.job

:Reg

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[TGVNeer]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry key HKEY_USERS\S-1-5-21-1801029948-336450479-1260751092-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5540170E-00E4-4AD1-9F48-2F84C3352106}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5540170E-00E4-4AD1-9F48-2F84C3352106}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin\ deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Windows\System32\SearchEngine.dat moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\tasks\SA.DAT moved successfully.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\Recycler not found.
C:\$RECYCLE.BIN\S-1-5-21-1801029948-336450479-1260751092-1000\$RZFHCKK\sys folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1801029948-336450479-1260751092-1000\$RZFHCKK\duke\sys folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1801029948-336450479-1260751092-1000\$RZFHCKK\duke\base\state folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1801029948-336450479-1260751092-1000\$RZFHCKK\duke\base\save folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1801029948-336450479-1260751092-1000\$RZFHCKK\duke\base\keys folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1801029948-336450479-1260751092-1000\$RZFHCKK\duke\base\demo folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1801029948-336450479-1260751092-1000\$RZFHCKK\duke\base folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1801029948-336450479-1260751092-1000\$RZFHCKK\duke folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1801029948-336450479-1260751092-1000\$RZFHCKK folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1801029948-336450479-1260751092-1000 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
File\Folder C:\RECYCLER not found.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000Core.job moved successfully.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000UA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1801029948-336450479-1260751092-1000UA.job moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DJShiF
->Temp folder emptied: 10093824 bytes
->Temporary Internet Files folder emptied: 1553530 bytes
->Java cache emptied: 5288083 bytes
->FireFox cache emptied: 69399304 bytes
->Google Chrome cache emptied: 261453268 bytes
->Flash cache emptied: 689 bytes

User: Ondra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 332,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: DJShiF
->Flash cache emptied: 0 bytes

User: Ondra

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12292012_200610

Files\Folders moved on Reboot...
File\Folder C:\Users\DJShiF\AppData\Local\Temp\~PID54E.tmp not found!
File\Folder C:\Users\DJShiF\AppData\Local\Temp\~PID54F.tmp not found!
File\Folder C:\Users\DJShiF\AppData\Local\Temp\~PID60B.tmp not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...