Prosím o kontrolu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 20 kvě 2014 09:21

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3025503433-2825139817-749691780-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3025503433-2825139817-749691780-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\users\user\AppData\Local\Facebook\Update
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

DDS::
uInternet Settings,ProxyOverride = <local>

RegLock::
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cd,
 03,9f,be,ec,0c,bd,9e,bb,17,8e,65,fa,da
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,06,
 6d,c2,80,43,08,ae,e3,95,9a,f3,92,6a,5a
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,3b,1b,b0,c8,a0,
 66,73,24,16,00,ae,85,22,49,f2,57,15,28
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,22,
 8b,30,1a,d0,04,96,c4,10,24,74,43,24,df
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,da,
 c0,77,f2,34,0d,a4,7c,dd,65,c3,8e,cf,b0
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,3b,1b,84,9b,da,
 e8,c8,b9,17,03,ac,01,15,f7,b0,18,1c,0d
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,56,12,
 29,9b,12,88,0d,9c,e1,c1,c8,3a,cb,d2,00
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,3b,1b,96,85,8f,
 6e,5d,5a,f7,0a,a2,be,0b,1f,45,8d,80,36
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,3b,1b,bd,cd,97,
 2c,cd,e9,99,09,a7,53,e4,c7,c3,29,b9,c0
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e1,
 af,13,58,36,07,a2,2a,03,f3,02,c5,45,e6
"{54739D49-AC03-4C57-9264-C5195596B3A1}"=hex:51,66,7a,6c,4c,1d,38,12,27,9e,60,
 50,31,e2,39,09,ed,72,86,59,50,c8,f7,b5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Reklama
Top
Key3
nováček
Příspěvky: 18
Registrován: květen 14
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod Key3 » 20 kvě 2014 16:18

ComboFix 14-05-19.01 - user 20.05.2014 15:53:11.2.2 - x64
Spuštěný z: c:\users\user\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\user\Desktop\CFScript.txt
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3025503433-2825139817-749691780-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3025503433-2825139817-749691780-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.24.7\goopdate.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.24.7\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.24.7\psmachine.dll
c:\program files (x86)\Google\Update\1.3.24.7\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.24.7\psuser.dll
c:\program files (x86)\Google\Update\1.3.24.7\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.7\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\users\user\AppData\Local\Facebook\Update
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-20 do 2014-05-20 )))))))))))))))))))))))))))))))
.
.
2014-05-18 19:35 . 2014-05-18 19:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-05-18 18:46 . 2014-05-19 15:17 -------- d-----w- c:\windows\ERUNT
2014-05-18 13:56 . 2014-05-20 12:27 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-18 13:56 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-18 13:56 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 13:56 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-18 13:56 . 2014-05-18 13:56 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-18 13:56 . 2014-05-18 13:56 -------- d-----w- c:\programdata\Malwarebytes
2014-05-18 13:00 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-18 12:59 . 2014-05-18 18:26 -------- d-----w- C:\AdwCleaner
2014-05-17 11:28 . 2014-05-19 19:02 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45759058-C605-4D61-B696-99875D8F308C}\offreg.dll
2014-05-16 14:50 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45759058-C605-4D61-B696-99875D8F308C}\mpengine.dll
2014-05-14 20:38 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 20:38 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 20:38 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 20:38 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 18:11 . 2014-05-14 18:11 17938608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-05-14 18:11 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 18:11 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-14 18:11 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-11 12:54 . 2014-05-15 16:04 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-05-06 14:32 . 2014-05-14 20:42 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-03 17:02 . 2014-05-03 17:02 -------- d-----w- c:\users\user\AppData\Roaming\Image-Line
2014-05-03 17:02 . 2014-05-03 17:02 -------- d-----w- c:\program files\Image-Line
2014-05-03 17:01 . 2014-05-03 17:01 -------- d-----w- c:\users\user\AppData\Roaming\FlowStone
2014-05-03 17:01 . 2014-05-17 14:02 -------- d-----w- c:\program files (x86)\DSPRobotics
2014-05-03 16:50 . 2014-05-03 17:02 -------- d-----w- c:\program files (x86)\Image-Line
2014-04-22 14:42 . 2014-03-06 08:59 66048 ----a-w- c:\windows\system32\iesetup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 16:04 . 2013-11-11 14:19 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-15 16:04 . 2012-09-12 15:09 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-15 16:04 . 2013-12-18 14:02 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-14 20:34 . 2012-09-14 10:53 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 18:12 . 2012-05-13 21:56 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 18:12 . 2012-05-13 21:56 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-20 09:33 . 2014-04-20 09:33 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-20 09:33 . 2013-03-02 15:10 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-20 09:33 . 2013-03-02 15:10 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-20 09:33 . 2012-09-12 15:09 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-20 09:33 . 2012-09-12 15:09 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-20 09:33 . 2012-09-12 15:09 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-20 09:33 . 2014-04-20 09:33 43152 ----a-w- c:\windows\avastSS.scr
2014-04-17 03:31 . 2014-05-20 14:07 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C80F1CB0-0DA4-4C5C-85C0-F1E008999441}\mpengine.dll
2014-04-12 10:14 . 2013-10-22 16:45 578256 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:44 . 2014-04-09 13:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 13:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 13:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-05-14 18:10 340992 ----a-w- c:\windows\system32\schannel.dll
2014-03-04 09:44 . 2014-04-09 13:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 13:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-05-14 18:10 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-04 09:17 . 2014-04-09 13:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 13:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 13:44 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 13:43 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 13:43 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 13:43 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-22 16:53 222712 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-22 16:53 222712 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-22 16:53 222712 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-20 3873704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-16 15:14 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 18:13]
.
2014-05-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2014-05-19 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-22 16:53 261624 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-22 16:53 261624 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-22 16:53 261624 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-04-12 10:15 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-04-12 10:15 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-04-12 10:15 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-20 09:33 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-05-13 150992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-10 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-10 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-10 440088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.37 213.46.172.46
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\209jvf9y.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-05-20 16:13:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-20 14:12
ComboFix2.txt 2014-05-19 19:13
.
Před spuštěním: Volných bajtů: 155 402 584 064
Po spuštění: Volných bajtů: 154 929 852 416
.
- - End Of File - - 8FC1A2D53E5AF416867B5419C6E23F69
Nahoru
Key3
nováček
Příspěvky: 18
Registrován: květen 14
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod Key3 » 20 kvě 2014 16:21

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:20:32, on 20.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)

FIREFOX: 28.0 (cs)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Users\user\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120912185228.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Toshiba Places Icon Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11820 bytes
Nahoru
Key3
nováček
Příspěvky: 18
Registrován: květen 14
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod Key3 » 20 kvě 2014 16:48

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-20 16:27:47
-----------------------------
16:27:47.957 OS Version: Windows x64 6.1.7601 Service Pack 1
16:27:47.957 Number of processors: 2 586 0x2A07
16:27:47.957 ComputerName: USER-TOSH UserName: user
16:27:48.846 Initialize success
16:27:53.542 AVAST engine defs: 14052000
16:28:09.048 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:28:09.048 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
16:28:09.188 Disk 0 MBR read successfully
16:28:09.188 Disk 0 MBR scan
16:28:09.516 Disk 0 Windows VISTA default MBR code
16:28:09.547 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:28:09.672 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287879 MB offset 3074048
16:28:09.719 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15865 MB offset 592650240
16:28:09.968 Disk 0 scanning C:\windows\system32\drivers
16:28:22.480 Service scanning
16:28:57.299 Modules scanning
16:28:57.314 Disk 0 trace - called modules:
16:28:57.330 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
16:28:57.346 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006328060]
16:28:57.361 3 CLASSPNP.SYS[fffff88001e0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004094050]
16:28:58.079 AVAST engine scan C:\windows
16:29:01.542 AVAST engine scan C:\windows\system32
16:32:15.856 AVAST engine scan C:\windows\system32\drivers
16:32:27.946 AVAST engine scan C:\Users\user
16:42:30.435 AVAST engine scan C:\ProgramData
16:44:20.540 Scan finished successfully
16:46:15.403 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
16:46:15.418 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 20 kvě 2014 18:38

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR


Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Key3
nováček
Příspěvky: 18
Registrován: květen 14
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod Key3 » 20 kvě 2014 20:00

Mockrát děkuji! :-) Teď by měl být můj počítač čistý. Chci se zeptat ohledně těch programů co mi odstranily viry, v podstatě si mohu odstranit vše, že ano?

Ještě chci požádat o pomoc se hry, jak jsem Vám říkala. Klasická odinstalace v programech není a ve svých cílových složkách uninstall také není. Hra se dá pořád spustit, když kliknu na ikonku v cílové složce. Je pravda, že mají crack nemůže to být tím?
Nahoru
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod Orcus » 20 kvě 2014 20:51

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

====================================================

Vypiš sem úplné názvy obou her prosím.
Láska hřeje, ale uhlí je uhlí. :fire:


Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.
Nahoru
Key3
nováček
Příspěvky: 18
Registrován: květen 14
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod Key3 » 20 kvě 2014 21:40

# DelFix v10.7 - Logfile created 20/05/2014 at 21:37:04
# Updated 27/04/2014 by Xplode
# Username : user - USER-TOSH
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\AdwCleaner
Deleted : C:\Users\user\Desktop\adwcleaner_3.208.exe
Deleted : C:\Users\user\Desktop\JRT.exe
Deleted : C:\Users\user\Desktop\HijackThis.exe
Deleted : C:\Users\user\Desktop\RogueKillerX64.exe
Deleted : C:\Users\user\Desktop\TFC.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #263 [Windows Update | 05/03/2014 21:10:47]
Deleted : RP #264 [Windows Update | 05/06/2014 14:31:20]
Deleted : RP #265 [Windows Update | 05/09/2014 15:44:50]
Deleted : RP #266 [Windows Update | 05/13/2014 14:19:49]
Deleted : RP #267 [Windows Update | 05/14/2014 20:31:17]
Deleted : RP #268 [Removed Apple Mobile Device Support | 05/17/2014 13:56:07]
Deleted : RP #269 [Removed Apple Application Support | 05/17/2014 13:58:00]
Deleted : RP #270 [Removed Apple Software Update | 05/17/2014 13:59:12]
Deleted : RP #271 [Removed Bonjour | 05/17/2014 14:00:13]
Deleted : RP #272 [Removed iTunes | 05/17/2014 14:05:10]
Deleted : RP #273 [Removed Facebook Video Calling 1.2.0.287 | 05/18/2014 14:16:50]
Deleted : RP #274 [Removed Facebook Video Calling 1.2.0.287 | 05/18/2014 14:18:56]
Deleted : RP #275 [Revo Uninstaller's restore point - Facebook Video Calling 1.2.0.287 | 05/18/2014 19:37:20]
Deleted : RP #276 [Removed Facebook Video Calling 1.2.0.287 | 05/18/2014 19:38:01]

New restore point created !

########## - EOF - ##########
Nahoru
Key3
nováček
Příspěvky: 18
Registrován: květen 14
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod Key3 » 20 kvě 2014 21:47

Názvy her - DMC a Mafia.

Ještě bokem se zeptám, v domácnosti mám další dva počítače o které se teď bojím jestli nejsou také něčím nakaženy. Mohu vložit logy sem nebo mám založit nová témata poté co dořešíme ty mé zapeklité hry?
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 21 kvě 2014 10:17

Založit vžsy nové téma.

Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://jpshortstuff.247fixes.com/SystemLook.exe

SystemLook (64-bit)
http://jpshortstuff.247fixes.com/SystemLook_x64.exe

a ulož si ho na plochu.

Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:

Kód: Vybrat vše

:filefind
DMC.*
keygen.exe.*
Mafia.*
crack.*

:folderfind
*DMC*
*Mafia*

:regfind
Mafia
DMC



Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Key3
nováček
Příspěvky: 18
Registrován: květen 14
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod Key3 » 21 kvě 2014 10:45

SystemLook 30.07.11 by jpshortstuff
Log created at 10:35 on 21/05/2014 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "DMC.*"
No files found.

Searching for "keygen.exe.*"
No files found.

Searching for "Mafia.*"
C:\Program Files\Mafia\mafia.url --a---- 90 bytes [18:40 24/03/2014] [18:40 24/03/2014] 17CB1CF7E9DEF61545F28D6F1B9CF190
C:\Program Files (x86)\Mafia\mafia.url --a---- 90 bytes [18:59 24/03/2014] [18:59 24/03/2014] 17CB1CF7E9DEF61545F28D6F1B9CF190
C:\Users\user\AppData\Roaming\uTorrent\Mafia.torrent ------- 20623 bytes [18:14 24/03/2014] [18:13 24/03/2014] 53FF9067F1A4CB4A5FD9FB580B5F4D40

Searching for "crack.*"
C:\Users\user\Desktop\FAKIN\Music\Tekno\CRACK.mp3 --a---- 3866702 bytes [14:01 26/02/2014] [14:01 26/02/2014] 2C2D2665AAB581DC9DED1668F851D63A

========== folderfind ==========

Searching for "*DMC*"
C:\Program Files (x86)\DMC d------ [20:50 30/08/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_06f86d1b d----c- [15:41 14/09/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_070c7ef6 d----c- [15:41 14/09/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_11114424 d----c- [12:06 01/09/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_11c31dff d----c- [11:34 02/09/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_12655968 d----c- [12:06 01/09/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_12af2cbe d----c- [11:34 02/09/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_13c50fa4 d----c- [17:43 08/11/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_145a2daa d----c- [14:12 31/08/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_169d1f6d d----c- [17:43 08/11/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_18f63e6c d----c- [14:12 31/08/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_1b77aeb3 d----c- [23:31 09/11/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_1b9a27db d----c- [23:03 08/11/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_1e9a366c d----c- [23:03 08/11/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_DMC-DevilMayCry._d7cd21861430bf6691147b8f3af02d15b3c3dc18_1f1b9a0a d----c- [23:31 09/11/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\Critical_DMC-DevilMayCry._69a846f47ab7ef8e56f44861ac3f0d125b5e87c_367edff8 d----c- [18:52 13/09/2013]
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\Critical_DMC-DevilMayCry._d41a225c876472b3685217ba08fc3f71e0477_267633a1 d----c- [13:18 09/03/2014]
C:\Users\user\Desktop\FAKIN\Hry\DMC d------ [15:50 30/08/2013]
C:\Users\user\Desktop\FAKIN\Hry\DMC\DMC Devil May Cry-SC d------ [13:32 30/08/2013]
C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_neutral_547edd894d7c19d9 d------ [05:31 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_neutral_170c11f3a6d3f0a8 d------ [05:31 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_neutral_d3fa0f62d3d7cea1 d------ [05:31 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_neutral_9bb71004e7b8f7ae d------ [05:31 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_neutral_96c22c683482d8bd d------ [05:31 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_neutral_83cc415156be45c8 d------ [05:31 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_neutral_e5ca2f01ca47bddb d------ [05:31 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_neutral_b53453733bd795bc d------ [21:52 10/10/2013]
C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8 d------ [03:28 21/11/2010]
C:\Windows\System32\DriverStore\FileRepository\mdmcpq2.inf_amd64_neutral_e9784021af1f5e24 d------ [05:31 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7 d------ [05:31 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_neutral_e91a5dc0655e200a d------ [05:31 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3 d------ [05:31 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0 d------ [05:31 14/07/2009]
C:\Windows\winsxs\amd64_mdmc26a.inf_31bf3856ad364e35_6.1.7600.16385_none_2ca97652b619e316 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_mdmcdp.inf_31bf3856ad364e35_6.1.7600.16385_none_3f1541fe31238ac7 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_mdmcm28.inf_31bf3856ad364e35_6.1.7600.16385_none_d130a4ccfd6ae450 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_mdmcodex.inf_31bf3856ad364e35_6.1.7600.16385_none_276f44de5e8e7007 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_mdmcom1.inf_31bf3856ad364e35_6.1.7600.16385_none_7d622c7305197048 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_mdmcommu.inf_31bf3856ad364e35_6.1.7600.16385_none_4d3b1a3089ccc445 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_mdmcomp.inf_31bf3856ad364e35_6.1.7600.16385_none_aaac94866321a3b9 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_mdmcpq.inf_31bf3856ad364e35_6.1.7601.17514_none_d13aa360cb6ad78e d------ [03:23 21/11/2010]
C:\Windows\winsxs\amd64_mdmcpq.inf_31bf3856ad364e35_6.1.7601.18247_none_d11d1800cb809992 d------ [21:47 10/10/2013]
C:\Windows\winsxs\amd64_mdmcpq.inf_31bf3856ad364e35_6.1.7601.22436_none_d1b08653e497013b d------ [21:47 10/10/2013]
C:\Windows\winsxs\amd64_mdmcpq2.inf_31bf3856ad364e35_6.1.7600.16385_none_6057e7ac6633be7a d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_mdmcpv.inf_31bf3856ad364e35_6.1.7600.16385_none_fea0e3c58b51e611 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_mdmcrtix.inf_31bf3856ad364e35_6.1.7600.16385_none_8a345ba26a11afd0 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_mdmcxhv6.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3d06dfcb64817c19 d------ [08:35 14/02/2011]
C:\Windows\winsxs\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.1.7600.16385_none_064a4eb4ec0af80f d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_mdmcxpv6.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8d1ab690c34a6851 d------ [08:35 14/02/2011]
C:\Windows\winsxs\amd64_mdmcxpv6.inf_31bf3856ad364e35_6.1.7600.16385_none_1f3c6efc8093e1d7 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-lddmcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f6fa3ea22fbb772e d------ [07:06 21/11/2010]
C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.17514_none_09ee9e0dfa2c4fbd d------ [03:16 21/11/2010]
C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.17610_none_09ea9ecbfa2fe788 d------ [20:55 13/05/2012]
C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.18126_none_09e5b055fa32c361 d------ [21:05 15/05/2013]
C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.18228_none_09e7b2cffa30f336 d------ [12:05 10/10/2013]
C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.21720_none_0a696bab1355a343 d------ [20:55 13/05/2012]
C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.22296_none_0a239dad138926c2 d------ [21:05 15/05/2013]
C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.22410_none_0a741f1d134da97e d------ [12:05 10/10/2013]
C:\Windows\winsxs\amd64_microsoft-windows-w..ywmdmcesp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5ab8f48186dbac43 d------ [08:35 14/02/2011]
C:\Windows\winsxs\amd64_microsoft-windows-wmpdmc-ux.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_fed93e9454420af8 d------ [08:35 14/02/2011]
C:\Windows\winsxs\amd64_microsoft-windows-wmpdmc-ux_31bf3856ad364e35_6.1.7601.17514_none_4c8976380e00631f d------ [03:25 21/11/2010]
C:\Windows\winsxs\amd64_microsoft-windows-wmpdmccore-api_31bf3856ad364e35_6.1.7600.16385_none_50e753e6cb762285 d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7600.16385_none_1892d7d01aa63088 d------ [05:30 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-w..ywmdmcesp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_fe9a58fdce7e3b0d d------ [08:35 14/02/2011]
C:\Windows\winsxs\x86_microsoft-windows-wmpdmc-ux.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_a2baa3109be499c2 d------ [08:35 14/02/2011]
C:\Windows\winsxs\x86_microsoft-windows-wmpdmc-ux_31bf3856ad364e35_6.1.7601.17514_none_f06adab455a2f1e9 d------ [03:25 21/11/2010]
C:\Windows\winsxs\x86_microsoft-windows-wmpdmccore-api_31bf3856ad364e35_6.1.7600.16385_none_f4c8b8631318b14f d------ [05:30 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7600.16385_none_bc743c4c6248bf52 d------ [05:30 14/07/2009]

Searching for "*Mafia*"
C:\Program Files\Mafia d------ [18:33 24/03/2014]
C:\Program Files (x86)\Mafia d------ [18:57 24/03/2014]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mafia d------ [19:01 24/03/2014]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Mafia d------ [19:01 24/03/2014]
C:\Users\user\Desktop\FAKIN\Hry\Mafia d------ [18:14 24/03/2014]

========== regfind ==========

Searching for "Mafia"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-3025503433-2825139817-749691780-1000\{A311E2E3-610F-47F6-A1E1-037D8EA80660}]
"ConfigApplicationPath"="C:\Program Files (x86)\Mafia"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-3025503433-2825139817-749691780-1000\{A311E2E3-610F-47F6-A1E1-037D8EA80660}]
"Description"="Mafia"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-3025503433-2825139817-749691780-1000\{A311E2E3-610F-47F6-A1E1-037D8EA80660}]
"AppExePath"="C:\Program Files (x86)\Mafia\Game.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-3025503433-2825139817-749691780-1000\{A311E2E3-610F-47F6-A1E1-037D8EA80660}]
"Title"="Mafia"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Illusion Softworks\Mafia]

Searching for "DMC"
[HKEY_CURRENT_USER\Software\KMPlayer\KMP3.0\WDMChList_Ant]
[HKEY_CURRENT_USER\Software\KMPlayer\KMP3.0\WDMChList_Cable]
[HKEY_CURRENT_USER\Software\KMPlayer\KMP3.0\WDMChList_HDTV]
[HKEY_CURRENT_USER\Software\Microsoft\DirectInput\DMC-DEVILMAYCRY.EXE50C2491C02BAFA00]
[HKEY_CURRENT_USER\Software\Microsoft\DirectInput\DMC-DEVILMAYCRY.EXE50C2491C02BAFA00]
"Name"="DMC-DEVILMAYCRY.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\DirectInput\DMC4LAUNCHER.EXE48477B140012A538]
[HKEY_CURRENT_USER\Software\Microsoft\DirectInput\DMC4LAUNCHER.EXE48477B140012A538]
"Name"="DMC4LAUNCHER.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\73bf486a_0]
@="{0.0.0.00000000}.{418ff704-297d-48dc-8427-c88e6466f9b6}|\Device\HarddiskVolume2\Program Files (x86)\DMC\Binaries\Win32\DMC-DevilMayCry.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\994a04e3_0]
@="{0.0.0.00000000}.{756c734f-5fe5-4d35-98e4-efb7d9e216fc}|\Device\HarddiskVolume2\Program Files (x86)\DMC\Binaries\Win32\DMC-DevilMayCry.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a9f2fbdd_0]
@="{0.0.0.00000000}.{e46928ca-3f24-4a25-bc13-d08162c9ecdc}|\Device\HarddiskVolume2\Program Files (x86)\DMC\Binaries\Win32\DMC-DevilMayCry.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DMC\Binaries\Win32\DMC-DevilMayCry.exe"="DMC-DevilMayCry"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WMPDMCCore.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{92C2A9B3-4228-438E-8A7B-EF110987764C}]
@="WMPDMCCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\wmpdmc.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00597829-82CE-44d4-8B0B-40BE695973B5}]
@="WMPDMCServersManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00597829-82CE-44d4-8B0B-40BE695973B5}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0482DDE0-7817-11CF-8A03-00AA006ECB65}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{067B4B81-B1EC-489f-B111-940EBDC44EBE}\ProgID]
@="WMDMCESP.WMDMCESP.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{067B4B81-B1EC-489f-B111-940EBDC44EBE}\VersionIndependentProgID]
@="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1821B62A-B2A5-4e0a-98C5-9FA0D5BAAAEC}]
@="WMPDMCPlaylistsManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1821B62A-B2A5-4e0a-98C5-9FA0D5BAAAEC}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B7D4AD0-A1B1-43A8-9A46-FB36AB4C1868}]
@="WMPDMCDevice Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B7D4AD0-A1B1-43A8-9A46-FB36AB4C1868}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DB68FCC-3C8C-49DB-8C76-9A89DE76B8CF}]
@="WMPDMCDevicesManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DB68FCC-3C8C-49DB-8C76-9A89DE76B8CF}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B362208-CB07-4fa5-8076-8DB4AA890561}]
@="WMPDMCServer Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B362208-CB07-4fa5-8076-8DB4AA890561}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{662C0206-72AD-4ee9-899F-5E1735F60A55}]
@="WMPDMCMedia Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{662C0206-72AD-4ee9-899F-5E1735F60A55}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71F96464-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71F96465-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71F96466-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71F96467-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81E9DD62-78D5-11D2-B47E-006097B3391B}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B496CE1-811B-11CF-8C77-00AA006B6814}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6E13343-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6E13350-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D722AF63-6A0D-4e37-BD40-CF6FAC79A83C}]
@="WMPDMCCoreServices Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D722AF63-6A0D-4e37-BD40-CF6FAC79A83C}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72A76A0-EB0A-11D0-ACE4-0000C0CC16BA}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72A76E0-EB0A-11D0-ACE4-0000C0CC16BA}\InprocServer32]
@="C:\Windows\system32\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F80608CB-5A88-4046-9E4B-3C1BB368F2DA}]
@="WMPDMCPlaylist Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F80608CB-5A88-4046-9E4B-3C1BB368F2DA}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DevilMayCry4Type\Shell\Open\Command]
@="C:\Program Files (x86)\CAPCOM\DEVILMAYCRY4\DMC4Launcher.exe "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0395F7CF-6B47-4ECB-B2E7-8002E325A348}]
@="IWMPDMCPlaylist"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0642BF80-F9A6-47d7-898F-17175E377BD9}]
@="IWMPDMCPlaylistsManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{315AD0A5-2456-410f-9E24-08F3E6E314D4}]
@="IWMPDMCServersManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51A3662C-9B06-497c-942A-E80EA7DFB95E}]
@="IWMPDMCServer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5251D540-37D1-409B-BD72-5C36C3167344}]
@="IWMPDMCMedia"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B65B2CF3-DE3B-4523-B331-2DCD24FFB353}]
@="IWMPDMCCoreServices"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC928373-5257-44C4-9867-16A888547659}]
@="IWMPDMCDevicesManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F41F5D56-5FE2-47DE-80F6-EB9D229F0125}]
@="IWMPDMCDevice"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WMDMCESP.WMDMCESP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WMDMCESP.WMDMCESP\CurVer]
@="WMDMCESP.WMDMCESP.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WMDMCESP.WMDMCESP.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00597829-82CE-44d4-8B0B-40BE695973B5}]
@="WMPDMCServersManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00597829-82CE-44d4-8B0B-40BE695973B5}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0482DDE0-7817-11CF-8A03-00AA006ECB65}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{067B4B81-B1EC-489f-B111-940EBDC44EBE}\ProgID]
@="WMDMCESP.WMDMCESP.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{067B4B81-B1EC-489f-B111-940EBDC44EBE}\VersionIndependentProgID]
@="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1821B62A-B2A5-4e0a-98C5-9FA0D5BAAAEC}]
@="WMPDMCPlaylistsManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1821B62A-B2A5-4e0a-98C5-9FA0D5BAAAEC}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B7D4AD0-A1B1-43A8-9A46-FB36AB4C1868}]
@="WMPDMCDevice Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B7D4AD0-A1B1-43A8-9A46-FB36AB4C1868}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DB68FCC-3C8C-49DB-8C76-9A89DE76B8CF}]
@="WMPDMCDevicesManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DB68FCC-3C8C-49DB-8C76-9A89DE76B8CF}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2B362208-CB07-4fa5-8076-8DB4AA890561}]
@="WMPDMCServer Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2B362208-CB07-4fa5-8076-8DB4AA890561}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{662C0206-72AD-4ee9-899F-5E1735F60A55}]
@="WMPDMCMedia Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{662C0206-72AD-4ee9-899F-5E1735F60A55}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71F96464-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71F96465-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71F96466-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71F96467-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{81E9DD62-78D5-11D2-B47E-006097B3391B}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B496CE1-811B-11CF-8C77-00AA006B6814}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C6E13343-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C6E13350-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D2AC288F-B39B-11D1-8704-00600893B1BD}\InProcServer32]
@="%SystemRoot%\System32\dmcompos.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D2AC2890-B39B-11D1-8704-00600893B1BD}\InProcServer32]
@="%SystemRoot%\System32\dmcompos.dll"
Nahoru
Key3
nováček
Příspěvky: 18
Registrován: květen 14
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod Key3 » 21 kvě 2014 10:45

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D2AC2896-B39B-11D1-8704-00600893B1BD}\InProcServer32]
@="%SystemRoot%\System32\dmcompos.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D30BCC65-60E8-11D1-A7CE-00A0C913F73C}\InProcServer32]
@="%SystemRoot%\System32\dmcompos.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D722AF63-6A0D-4e37-BD40-CF6FAC79A83C}]
@="WMPDMCCoreServices Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D722AF63-6A0D-4e37-BD40-CF6FAC79A83C}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F17E8672-C3B4-11D1-870B-00600893B1BD}\InProcServer32]
@="%SystemRoot%\System32\dmcompos.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F72A76A0-EB0A-11D0-ACE4-0000C0CC16BA}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F72A76E0-EB0A-11D0-ACE4-0000C0CC16BA}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F80608CB-5A88-4046-9E4B-3C1BB368F2DA}]
@="WMPDMCPlaylist Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F80608CB-5A88-4046-9E4B-3C1BB368F2DA}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0395F7CF-6B47-4ECB-B2E7-8002E325A348}]
@="IWMPDMCPlaylist"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0642BF80-F9A6-47d7-898F-17175E377BD9}]
@="IWMPDMCPlaylistsManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{315AD0A5-2456-410f-9E24-08F3E6E314D4}]
@="IWMPDMCServersManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{51A3662C-9B06-497c-942A-E80EA7DFB95E}]
@="IWMPDMCServer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5251D540-37D1-409B-BD72-5C36C3167344}]
@="IWMPDMCMedia"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B65B2CF3-DE3B-4523-B331-2DCD24FFB353}]
@="IWMPDMCCoreServices"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EC928373-5257-44C4-9867-16A888547659}]
@="IWMPDMCDevicesManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F41F5D56-5FE2-47DE-80F6-EB9D229F0125}]
@="IWMPDMCDevice"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\WMPDMCCore.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{92C2A9B3-4228-438E-8A7B-EF110987764C}]
@="WMPDMCCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\DMC-DevilMayCry.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_mdmcpq.inf_31bf3856ad364e35_0.0.0.0_none_f30d2f22b552fab9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_0.0.0.0_none_2bc129cfe41472e8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_0.0.0.0_cs-cz_9ab040ccdc4f406c]
"WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~amd64~cs-CZ~7.6.7600.256.Adm"="7.6.7600.256@32"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-windowsupdate-adm_31bf3856ad364e35_0.0.0.0_none_eb6ca4ff13465505]
"WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~amd64~~7.6.7600.256.Adm"="7.6.7600.256@32"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\WinEmb-INF-mdmcpq~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~amd64~cs-CZ~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~amd64~cs-CZ~7.6.7600.256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~amd64~cs-CZ~7.6.7600.256]
"InstallName"="WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~amd64~cs-CZ~7.6.7600.256.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~amd64~~7.6.7600.256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~amd64~~7.6.7600.256]
"InstallName"="WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~amd64~~7.6.7600.256.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\CAPCOM\DEVILMAYCRY4\DMC4GDFBin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\112CAF890F891D119A2F000679BDFEDC]
"00000000000000000000000000000000"="C:\windows\Fonts\FRADMCN.TTF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48C5B1196D23F28489336D69D677307C]
"786A5E4DD7971B44F869F47D2A14669A"="C?\Program Files (x86)\CAPCOM\DEVILMAYCRY4\DMC4GDFBin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9192558E1E99049178CF06FF82932C06]
"786A5E4DD7971B44F869F47D2A14669A"="C?\Program Files (x86)\CAPCOM\DEVILMAYCRY4\nativePC\rom_pc\system\dmc4_cmn.arc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8A36DF80A995CB418A20A25A60BA977]
"786A5E4DD7971B44F869F47D2A14669A"="C?\Program Files (x86)\CAPCOM\DEVILMAYCRY4\DMC4Launcher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Extensibility\Entry Points\{de054bc8-d04d-47be-bc9d-2a8864cc9bb4}]
"Run"="C:\Program Files (x86)\CAPCOM\DEVILMAYCRY4\DMC4Launcher-MCE.lnk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Extensibility\Entry Points\{de054bc8-d04d-47be-bc9d-2a8864cc9bb4}]
"ThumbnailUrl"="C:\Program Files (x86)\CAPCOM\DEVILMAYCRY4\DMC4Launcher-MCE.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmc26a.inf_31bf3856ad364e35_none_b9c7425484f24ba9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcdp.inf_31bf3856ad364e35_none_cad12ab85ad4c740]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcm28.inf_31bf3856ad364e35_none_8621b212eeccd9bf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcodex.inf_31bf3856ad364e35_none_349e99adab1e3c00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcom1.inf_31bf3856ad364e35_none_403dcef40a641f87]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcommu.inf_31bf3856ad364e35_none_1611799334891632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcomp.inf_31bf3856ad364e35_none_61f94a0538d4fd5e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcpq.inf_31bf3856ad364e35_none_9da73017d792063b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcpq2.inf_31bf3856ad364e35_none_999079028dd2fa65]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcpv.inf_31bf3856ad364e35_none_80bd58dc6d4167c6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcrtix.inf_31bf3856ad364e35_none_f6cafddec6488a3f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcxhv6.inf-languagepack_31bf3856ad364e35_cs-cz_b494201e91039d6d]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcxhv6.inf.resources_31bf3856ad364e35_cs-cz_779ab792e3588ffe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcxhv6.inf_31bf3856ad364e35_none_90768bbeb7d78238]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcxpv6.inf-languagepack_31bf3856ad364e35_cs-cz_0e79ff434d97f4f5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcxpv6.inf.resources_31bf3856ad364e35_cs-cz_d18096b79fece786]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcxpv6.inf_31bf3856ad364e35_none_fbcd335fa75684b0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-lddmcore.resources_31bf3856ad364e35_en-us_e8fca9ff3e8b0251]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_none_21428fb1442731c4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-w..ywmdmcesp.resources_31bf3856ad364e35_cs-cz_fe84b415514e8aa4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-wmpdmc-ux.resources_31bf3856ad364e35_cs-cz_201973c93a7c0e57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-wmpdmc-ux_31bf3856ad364e35_none_81aa8a28974884f2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-wmpdmccore-api_31bf3856ad364e35_none_7f7ee5c610cb99f2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_none_8d47e369b2a9d147]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-w..ywmdmcesp.resources_31bf3856ad364e35_cs-cz_a266189198f1196e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-wmpdmc-ux.resources_31bf3856ad364e35_cs-cz_c3fad845821e9d21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-wmpdmc-ux_31bf3856ad364e35_none_258beea4deeb13bc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-wmpdmccore-api_31bf3856ad364e35_none_23604a42586e28bc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_none_312947e5fa4c6011]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WMPDMCCore/Diagnostic]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WMPDMCUI/Diagnostic]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{3f9e07bd-0e26-4241-a5a5-28cafa150a75}]
@="Microsoft-Windows-WMPDMCUI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{3f9e07bd-0e26-4241-a5a5-28cafa150a75}]
"ResourceFileName"="%SystemDrive%\Program Files\Windows Media Player\WMPDMC.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{3f9e07bd-0e26-4241-a5a5-28cafa150a75}]
"MessageFileName"="%SystemDrive%\Program Files\Windows Media Player\WMPDMC.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{3f9e07bd-0e26-4241-a5a5-28cafa150a75}\ChannelReferences\0]
@="Microsoft-Windows-WMPDMCUI/Diagnostic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{67bd1fef-afb2-458d-bcde-3758beb84dec}]
@="Microsoft-Windows-WMPDMCCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{67bd1fef-afb2-458d-bcde-3758beb84dec}]
"ResourceFileName"="%SystemDrive%\Program Files\Windows Media Player\wmpdmccore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{67bd1fef-afb2-458d-bcde-3758beb84dec}]
"MessageFileName"="%SystemDrive%\Program Files\Windows Media Player\wmpdmccore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{67bd1fef-afb2-458d-bcde-3758beb84dec}\ChannelReferences\0]
@="Microsoft-Windows-WMPDMCCore/Diagnostic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Franklin Gothic Demi Cond (TrueType)"="FRADMCN.TTF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name"="DMC-DevilMayCry.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts]
"Franklin Gothic Demi Cond (TrueType)"="FRADMCN.TTF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WildTangent\InstalledSKUs\wtbbdl-8baf78cf-c0d1-43a4-abd7-959beab53aeb]
"ExeName"="DMC4Launcher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WildTangent\InstalledSKUs\wtbbdl-8baf78cf-c0d1-43a4-abd7-959beab53aeb]
"RuntimeExeName"="DMC4Launcher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WildTangent\InstalledSKUs\wtbbdl-8baf78cf-c0d1-43a4-abd7-959beab53aeb]
"LaunchExeName"="DMC4Launcher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00597829-82CE-44d4-8B0B-40BE695973B5}]
@="WMPDMCServersManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00597829-82CE-44d4-8B0B-40BE695973B5}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0482DDE0-7817-11CF-8A03-00AA006ECB65}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{067B4B81-B1EC-489f-B111-940EBDC44EBE}\ProgID]
@="WMDMCESP.WMDMCESP.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{067B4B81-B1EC-489f-B111-940EBDC44EBE}\VersionIndependentProgID]
@="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1821B62A-B2A5-4e0a-98C5-9FA0D5BAAAEC}]
@="WMPDMCPlaylistsManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1821B62A-B2A5-4e0a-98C5-9FA0D5BAAAEC}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B7D4AD0-A1B1-43A8-9A46-FB36AB4C1868}]
@="WMPDMCDevice Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B7D4AD0-A1B1-43A8-9A46-FB36AB4C1868}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1DB68FCC-3C8C-49DB-8C76-9A89DE76B8CF}]
@="WMPDMCDevicesManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1DB68FCC-3C8C-49DB-8C76-9A89DE76B8CF}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2B362208-CB07-4fa5-8076-8DB4AA890561}]
@="WMPDMCServer Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2B362208-CB07-4fa5-8076-8DB4AA890561}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{662C0206-72AD-4ee9-899F-5E1735F60A55}]
@="WMPDMCMedia Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{662C0206-72AD-4ee9-899F-5E1735F60A55}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{71F96464-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{71F96465-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{71F96466-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{71F96467-78F3-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{81E9DD62-78D5-11D2-B47E-006097B3391B}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9B496CE1-811B-11CF-8C77-00AA006B6814}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A03CD5F0-3045-11CF-8C44-00AA006B6814}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B5730A90-1A2C-11CF-8C23-00AA006B6814}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C6E13343-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C6E13350-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D2AC288F-B39B-11D1-8704-00600893B1BD}\InProcServer32]
@="%SystemRoot%\System32\dmcompos.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D2AC2890-B39B-11D1-8704-00600893B1BD}\InProcServer32]
@="%SystemRoot%\System32\dmcompos.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D2AC2896-B39B-11D1-8704-00600893B1BD}\InProcServer32]
@="%SystemRoot%\System32\dmcompos.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D30BCC65-60E8-11D1-A7CE-00A0C913F73C}\InProcServer32]
@="%SystemRoot%\System32\dmcompos.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D722AF63-6A0D-4e37-BD40-CF6FAC79A83C}]
@="WMPDMCCoreServices Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D722AF63-6A0D-4e37-BD40-CF6FAC79A83C}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F17E8672-C3B4-11D1-870B-00600893B1BD}\InProcServer32]
@="%SystemRoot%\System32\dmcompos.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F72A76A0-EB0A-11D0-ACE4-0000C0CC16BA}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F72A76E0-EB0A-11D0-ACE4-0000C0CC16BA}\InprocServer32]
@="C:\Windows\SysWOW64\kswdmcap.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F80608CB-5A88-4046-9E4B-3C1BB368F2DA}]
@="WMPDMCPlaylist Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F80608CB-5A88-4046-9E4B-3C1BB368F2DA}\InprocServer32]
@="%PROGRAMFILES%\Windows Media Player\WMPDMCCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0395F7CF-6B47-4ECB-B2E7-8002E325A348}]
@="IWMPDMCPlaylist"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0642BF80-F9A6-47d7-898F-17175E377BD9}]
@="IWMPDMCPlaylistsManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{315AD0A5-2456-410f-9E24-08F3E6E314D4}]
@="IWMPDMCServersManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{51A3662C-9B06-497c-942A-E80EA7DFB95E}]
@="IWMPDMCServer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{5251D540-37D1-409B-BD72-5C36C3167344}]
@="IWMPDMCMedia"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B65B2CF3-DE3B-4523-B331-2DCD24FFB353}]
@="IWMPDMCCoreServices"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{EC928373-5257-44C4-9867-16A888547659}]
@="IWMPDMCDevicesManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F41F5D56-5FE2-47DE-80F6-EB9D229F0125}]
@="IWMPDMCDevice"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\WMPDMCCore.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{92C2A9B3-4228-438E-8A7B-EF110987764C}]
@="WMPDMCCore"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{95346B96-2AC6-4FC9-86C4-4675F8FE526F}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{EB12344A-298B-4A61-9D51-F7B2364A5306}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{074D0D83-AE72-4BC8-8047-E213661EB18C}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{0AEAF57E-FD7F-4478-8B39-9C0A66DBA7EF}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{95346B96-2AC6-4FC9-86C4-4675F8FE526F}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{EB12344A-298B-4A61-9D51-F7B2364A5306}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{074D0D83-AE72-4BC8-8047-E213661EB18C}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{0AEAF57E-FD7F-4478-8B39-9C0A66DBA7EF}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{95346B96-2AC6-4FC9-86C4-4675F8FE526F}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{EB12344A-298B-4A61-9D51-F7B2364A5306}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{074D0D83-AE72-4BC8-8047-E213661EB18C}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{0AEAF57E-FD7F-4478-8B39-9C0A66DBA7EF}C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\dmc\binaries\win32\dmc-devilmaycry.exe|Name=DMC-DevilMayCry|Desc=DMC-DevilMayCry|"
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\KMPlayer\KMP3.0\WDMChList_Ant]
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\KMPlayer\KMP3.0\WDMChList_Cable]
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\KMPlayer\KMP3.0\WDMChList_HDTV]
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\Microsoft\DirectInput\DMC-DEVILMAYCRY.EXE50C2491C02BAFA00]
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\Microsoft\DirectInput\DMC-DEVILMAYCRY.EXE50C2491C02BAFA00]
"Name"="DMC-DEVILMAYCRY.EXE"
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\Microsoft\DirectInput\DMC4LAUNCHER.EXE48477B140012A538]
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\Microsoft\DirectInput\DMC4LAUNCHER.EXE48477B140012A538]
"Name"="DMC4LAUNCHER.EXE"
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\73bf486a_0]
@="{0.0.0.00000000}.{418ff704-297d-48dc-8427-c88e6466f9b6}|\Device\HarddiskVolume2\Program Files (x86)\DMC\Binaries\Win32\DMC-DevilMayCry.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\994a04e3_0]
@="{0.0.0.00000000}.{756c734f-5fe5-4d35-98e4-efb7d9e216fc}|\Device\HarddiskVolume2\Program Files (x86)\DMC\Binaries\Win32\DMC-DevilMayCry.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a9f2fbdd_0]
@="{0.0.0.00000000}.{e46928ca-3f24-4a25-bc13-d08162c9ecdc}|\Device\HarddiskVolume2\Program Files (x86)\DMC\Binaries\Win32\DMC-DevilMayCry.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DMC\Binaries\Win32\DMC-DevilMayCry.exe"="DMC-DevilMayCry"
[HKEY_USERS\S-1-5-21-3025503433-2825139817-749691780-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DMC\Binaries\Win32\DMC-DevilMayCry.exe"="DMC-DevilMayCry"

-= EOF =-
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 119 hostů