Kontrola logu - reklamy Vyřešeno

[Orcus]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

+ nový log z adw cleaner a nový log z HJT.

[Reklama]

[DsD]

Uninstall ComboFixu > nenašlo to požadovaný soubor, ale jak to vypadá z logu delfixu, tak se o to postaral.

# DelFix v10.7 - Logfile created 31/05/2014 at 11:11:18
# Updated 27/04/2014 by Xplode
# Username : PC - PC-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.3.0.0.35_29.05.2014_20.39.05_log.txt
Deleted : C:\Users\PC\Desktop\AdwCleaner.exe
Deleted : C:\Users\PC\Desktop\aswmbr.exe
Deleted : C:\Users\PC\Desktop\aswMBR.txt
Deleted : C:\Users\PC\Desktop\ComboFix.exe
Deleted : C:\Users\PC\Desktop\JRT.exe
Deleted : C:\Users\PC\Desktop\hijackthis.exe
Deleted : C:\Users\PC\Desktop\log.txt
Deleted : C:\Users\PC\Desktop\MBR.dat
Deleted : C:\Users\PC\Desktop\RogueKillerX64.exe
Deleted : C:\Users\PC\Desktop\tdsskiller.exe
Deleted : C:\Users\PC\Desktop\TFC.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #257 [ComboFix created restore point | 05/31/2014 07:01:29]

New restore point created !

########## - EOF - ##########



# AdwCleaner v3.211 - Report created 31/05/2014 at 11:17:21
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : PC - PC-PC
# Running from : C:\Users\PC\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\w3cblgqb.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [815 octets] - [31/05/2014 11:17:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [874 octets] ##########



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:18:48, on 31.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\PC\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6886 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[DsD]

# AdwCleaner v3.211 - Report created 01/06/2014 at 11:13:31
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : PC - PC-PC
# Running from : C:\Users\PC\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\w3cblgqb.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [953 octets] - [31/05/2014 11:17:21]
AdwCleaner[R1].txt - [1012 octets] - [01/06/2014 11:12:49]
AdwCleaner[S0].txt - [937 octets] - [01/06/2014 11:13:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [996 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by PC on ne 01.06.2014 at 11:18:43,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 01.06.2014 at 11:26:52,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 1.6.2014
Scan Time: 11:33:37
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.01.04
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: PC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 272541
Time Elapsed: 9 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



RogueKiller V9.0.0.0 (x64) [May 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : PC [Práva správce]
Mód : Kontrola -- Datum : 06/01/2014 11:50:34

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2545673548-303586688-689430311-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2545673548-303586688-689430311-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2545673548-303586688-689430311-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2545673548-303586688-689430311-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 5f7d153670d8ca2da5bae5c84db6a8e6
[BSP] 18878f1e46936735740a6f695d560368 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 39900 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81922048 | Size: 117064 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )


============================================
RKreport_DEL_05292014_173804.log - RKreport_DEL_05292014_203648.log - RKreport_DEL_05302014_083239.log - RKreport_SCN_05292014_173732.log
RKreport_SCN_05292014_203628.log - RKreport_SCN_05302014_082829.log

EDIT: Zajímavé je, že v logu to píše 0 u webových prohlížečů, ale když jsem ty záložky proklikával, tak tam byly 3 záznamy (1mozila a 2 chrom, včetně názvu té reklamy), přitom když jsem z RK mazal posledně, tak jsem to smazal a teď je to tam zase.

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni Kaspersky VRT
na svojí plochu.
Spusť program Kaspersky VRT, .Program se nainstaluje.
Potvrď licenci a klikni na „Start“ . Pokud program nabídne aktualizaci , klikni dole na na „Download Now“.
- Klikni na ozubené kolečko v pravém horním rohu. V okně vyber kromě již zatržených , svojí jednotku disku , pokud jich máš víc , můžeš zatrhnout všechny.
- zvol „Automatic Scan“ nahoře vlevo. a stiskni tlačítko „Start Scanning“
- Program začne skenovat zatržené jednotky

Zaškrtnuté :
Hidden startup objects
System Memory
Disk boot sectors
Počítač
Místní disk C

Nezašrkrtnuté:
Dokumenty
My email
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Disketová jednotka
A jiné , např. Flash disky , které máš připojeny.

- povol programu Virus Removal Tool odstranit všechny nalezené infekce
- jakmile sken skončí ,zvol záložku „Report“ , vpravo nahoře (vedle ozubeného kolečka)
- klikni na „Detected Threads“ a klikni na obrázek diskety („Save“)
- ulož do počítače zprávu a vložit ji sem do příspěvku

[DsD]

Zatím jen sken z RK, z toho VRT nejspíše až zítra k večeru a to jestli... píše to 3% po hodině a odhadovaný čas dokončení za 23h. Zatím 3 nálezy.

RogueKiller V9.0.0.0 (x64) [May 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : PC [Práva správce]
Mód : Odebrat -- Datum : 06/01/2014 17:19:56

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2545673548-303586688-689430311-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2545673548-303586688-689430311-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2545673548-303586688-689430311-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2545673548-303586688-689430311-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> VYMAZÁNO

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[CHROME:Addon] Default : UiTuBeNuoAds [iifeeoiogklcdkmhhneplngikemfedab] -> ERROR [1]
[CHROME:Addon] Default : APP_NAME [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [1]

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 5f7d153670d8ca2da5bae5c84db6a8e6
[BSP] 18878f1e46936735740a6f695d560368 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 39900 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81922048 | Size: 117064 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )


============================================
RKreport_DEL_05292014_173804.log - RKreport_DEL_05292014_203648.log - RKreport_DEL_05302014_083239.log - RKreport_SCN_05292014_173732.log
RKreport_SCN_05292014_203628.log - RKreport_SCN_05302014_082829.log - RKreport_SCN_06012014_115034.log - RKreport_SCN_06012014_171841.log

[jaro3]

VRT bude trvat dlouho , asi přes noc nebo kdy chceš..

[DsD]

Jsem to stopl a odškrtl dokumenty a místní disk D a dal spustit znova. Nechtěl jsem to nechat přes noc a tak to bylo rychlejší, ráno to ještě pro jistotu pustím znova.

Status: Deleted (events: 6)
1.6.2014 17:32:05 Deleted adware not-a-virus:AdWare.Win32.Agent.aeph C:\Documents and Settings\All Users\InstallMate\{E54FCCEF-BD44-4E29-ACC2-F5663EACEE19}\Custom.dll Medium
1.6.2014 17:31:36 Deleted adware not-a-virus:AdWare.JS.MultiPlug.c C:\Documents and Settings\All Users\fgclpgdhoocakpbndepmhmmnpolebmpn\ci37KCytZ.js Medium
1.6.2014 17:34:42 Deleted adware not-a-virus:AdWare.JS.MultiPlug.c C:\Documents and Settings\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iifeeoiogklcdkmhhneplngikemfedab\1.8_0\WFRzvgwpWp.js Medium
1.6.2014 19:45:00 Deleted adware not-a-virus:AdWare.JS.MultiPlug.c C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iifeeoiogklcdkmhhneplngikemfedab\1.8_0\WFRzvgwpWp.js Medium
1.6.2014 23:07:38 Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Lukas\Škola\VŠ\1.ZS\UDP\1.4.exe High
1.6.2014 23:07:41 Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Lukas\Škola\VŠ\1.ZS\UDP\1.5.exe High


Ty poslední dva, jsou programy, co jsem vytvořil, když jsem se učil programovat v C.
Jinak reklamy ze stránek zmizely, ale v rozšíření pořád jsou, spustil jsem i CCleaner, ale nic. Viz příloha

[jaro3]

Odškrtni to aktivní..Odeber zatržítko , to nejde?

VRt měl si dát prohledat C:\ , to je systémový disk ne?

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[CHROME:Addon] Default : UiTuBeNuoAds [iifeeoiogklcdkmhhneplngikemfedab] -> ERROR [1]
[CHROME:Addon] Default : APP_NAME [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [1]

Ten addon nejde odebrat? Zkoušel si Chrome odinstalovat a znovu nainstalovat?

[DsD]

Odškrtni to aktivní..Odeber zatržítko , to nejde?

Právě že to nešlo

VRt měl si dát prohledat C:\ , to je systémový disk ne?

Jo je, já jen když už to běželo, tak ať to proletí celé, nějak mi hned nedošlo, že když jsem tam měl zatržený "počítač", tak to bere taky.

Ten addon nejde odebrat? Zkoušel si Chrome odinstalovat a znovu nainstalovat?

Nešel, zkoušel jsem ho odinstalovat a vyhledat i ten adon, ale po reinstalu tam byl zase.
Teď jsem spustil CCleaner a následně udělal reinstall chromu a už tam není.

Přikládám ještě sken z RK
RogueKiller V9.0.0.0 (x64) [May 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : PC [Práva správce]
Mód : Odebrat -- Datum : 06/02/2014 09:58:48

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 6 ¤¤¤
[CHROME:Addon] Default : Google Docs [aohghmighlieiainnegkcijnfilokake] -> ERROR [1]
[CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> ERROR [1]
[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [1]
[CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [1]
[CHROME:Addon] Default : APP_NAME [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [1]
[CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [1]

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 5f7d153670d8ca2da5bae5c84db6a8e6
[BSP] 18878f1e46936735740a6f695d560368 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 39900 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81922048 | Size: 117064 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )


============================================
RKreport_DEL_05292014_173804.log - RKreport_DEL_05292014_203648.log - RKreport_DEL_05302014_083239.log - RKreport_DEL_06012014_171956.log
RKreport_SCN_05292014_173732.log - RKreport_SCN_05292014_203628.log - RKreport_SCN_05302014_082829.log - RKreport_SCN_06012014_115034.log
RKreport_SCN_06012014_171841.log - RKreport_SCN_06022014_095637.log

[jaro3]

Ažn bude hotový VRT:

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

[DsD]

Novy sken VRT už nic jiného nenašel-

Status: Deleted (events: 6)
1.6.2014 17:32:05 Deleted adware not-a-virus:AdWare.Win32.Agent.aeph C:\Documents and Settings\All Users\InstallMate\{E54FCCEF-BD44-4E29-ACC2-F5663EACEE19}\Custom.dll Medium
1.6.2014 17:31:36 Deleted adware not-a-virus:AdWare.JS.MultiPlug.c C:\Documents and Settings\All Users\fgclpgdhoocakpbndepmhmmnpolebmpn\ci37KCytZ.js Medium
1.6.2014 17:34:42 Deleted adware not-a-virus:AdWare.JS.MultiPlug.c C:\Documents and Settings\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iifeeoiogklcdkmhhneplngikemfedab\1.8_0\WFRzvgwpWp.js Medium
1.6.2014 19:45:00 Deleted adware not-a-virus:AdWare.JS.MultiPlug.c C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iifeeoiogklcdkmhhneplngikemfedab\1.8_0\WFRzvgwpWp.js Medium
1.6.2014 23:07:38 Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Lukas\Škola\VŠ\1.ZS\UDP\1.4.exe High
1.6.2014 23:07:41 Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Lukas\Škola\VŠ\1.ZS\UDP\1.5.exe High


Ty poslední dva, jsou programy, co jsem vytvořil, když jsem se učil programovat v C.

OTL Extras logfile created on: 3.6.2014 15:00:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PC\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,75 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 61,30% Memory free
8,25 Gb Paging File | 6,99 Gb Available in Paging File | 84,81% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 38,96 Gb Total Space | 3,21 Gb Free Space | 8,23% Space Free | Partition Type: NTFS
Drive D: | 114,32 Gb Total Space | 3,34 Gb Free Space | 2,92% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05474C68-22A4-4DB8-BBFB-CAE2562968B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{0D777B8A-829F-4FB1-870F-6904B282FF79}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17E3F6E0-7AD9-48C7-8E0B-C382EBD3FBC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35040382-A275-4642-B6AA-EC42A4C5ED80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{467B59AD-8A32-4F89-BB01-374AA68E32D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51D14965-96D1-4E68-A050-6E7C0B456CFC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{534D5D3D-B8DF-475D-B980-25E82713F1C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63406523-1796-410E-A94D-D68D5E2D0625}" = rport=139 | protocol=6 | dir=out | app=system |
"{65627171-0D23-40BA-AE0B-B774B896A930}" = lport=10243 | protocol=6 | dir=in | app=system |
"{680E9FEF-9C8C-4CD3-A7AB-618F8F66B898}" = lport=137 | protocol=17 | dir=in | app=system |
"{6973AA4F-D625-4BF2-8456-BCA062D58826}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83DCFBA9-6BF7-48BD-B3D8-AFC233F39E69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E899CEF-4663-4682-BC62-72291B55AA06}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A8ABD58C-1B07-4983-8EB2-E51B70518229}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ADE56F65-8AAE-4A1E-BDC1-6B47D360416B}" = lport=445 | protocol=6 | dir=in | app=system |
"{B3ADA14E-F225-4962-85C1-AB6ED83B9EB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0D08C72-E12D-41A5-B362-A767C87704E3}" = rport=138 | protocol=17 | dir=out | app=system |
"{D72B9276-37BF-4172-941A-9BF225A08781}" = rport=445 | protocol=6 | dir=out | app=system |
"{DE20D52C-C817-435B-AC04-CB9B734A2D67}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F0E85974-3A5D-4352-B8B4-9A8C5451F096}" = lport=139 | protocol=6 | dir=in | app=system |
"{F4F35E89-BEE5-403F-8807-877F5328F77A}" = lport=138 | protocol=17 | dir=in | app=system |
"{F7B07C6E-AEA8-474A-8880-3756A9524932}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAE52CB4-B1D0-4CBF-ACD6-A5C74E9C2B5B}" = rport=137 | protocol=17 | dir=out | app=system |
"{FE637328-9065-4035-A712-E8CE75D6FD60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04981000-76AC-4994-BD2A-1BC0DC9B3AA0}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{06C99F13-39FD-498F-A0CD-79A22F1CF4D6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1123C3ED-B157-4601-B0A8-B5EB6FC884FA}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{14B59111-AA9A-41EA-9641-713F7729F71F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{19D3EB50-3F40-4DEF-8B49-F34A1A67A693}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B8F7982-F9CA-40E1-BCC8-12ECCE91ACFD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1BC5BD7C-1DB8-453C-AF86-EC6BACF97D5E}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{1C2C052C-CEF2-4245-AB9C-3CA508971D85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{220E0582-7CAF-4E68-A340-FA544A99F296}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{263EA15D-AE6A-487E-8BC9-980052F8BD05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2FE846E6-DED9-41DB-945B-E7BC52EC0476}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3423EF81-F7D6-4A33-AF29-975CF1DA5D6F}" = protocol=17 | dir=in | app=d:\pes 2010\pes2010.exe |
"{396D3641-ADD9-4A0C-B6B2-989B4831ED61}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3A4034DE-3CF9-4E8A-BA0B-03F5D1228167}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{3CED4876-1EFC-46B9-8E4F-2ACFB5D9CA19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46FE2187-C446-48B8-8445-C163FF636477}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C2F5053-B7EB-401F-A222-44A841E43E96}" = protocol=6 | dir=in | app=d:\cod4\iw3mp.exe |
"{6736FB8A-298A-4A7D-A697-3D24E05DFFFE}" = protocol=6 | dir=in | app=d:\pes 2010\pes2010.exe |
"{73C7E320-373E-42FA-94F3-AF4A9B1955D0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7B637B2F-88E5-4C87-B2C1-15495B803FF8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7C0BE74B-56E8-41E9-8D67-32B80EAD4BA3}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{7F70F921-73DA-4F58-938A-CB500563FDE6}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{80FFEC5D-2632-49E8-B094-2C93C731D34F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8D56BC92-7E98-44AA-8CF3-7E42E0F6F0A2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{94DA6C98-56FF-4F13-8EEB-B9C4FA66679F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{9CE9754A-F4ED-400D-B2E1-EDAC1D52C301}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A24C1E25-276D-4C09-8B85-DA9C062CAD77}" = protocol=17 | dir=in | app=d:\cod4\iw3mp.exe |
"{ACF43470-E177-47A6-A298-67074EB4C079}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B4AE3098-3EFD-4BD9-B519-E2DBB81D177B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD6D238E-BB9E-4237-BA31-F52A0CE9CADA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CFF7969D-8D29-4F8F-B761-65CEBDFFE09C}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{D0816554-F81B-49C3-9845-B3DBEC9F6EAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DB12677C-9420-4D28-9FE0-890DBAA788CF}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{DB8071F7-4806-4B1B-9759-F409BA695AA7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DD13DE55-3AA4-47B3-A95F-49D170F2D895}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{E2D948EE-340A-4639-BE83-8F7D4861BA5F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4A9FDCD-C302-4E06-8070-8EA68402A38C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9BEA557-CF3D-4097-AE51-1C3FC19FBE62}" = protocol=6 | dir=out | app=system |
"{EE669A74-9174-4013-8C8D-523CADB1EB45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F45027B0-D02B-47F8-9F79-871B64D9A6FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{15FEAF71-844B-4A85-8D15-0C5E646F12FB}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{223225B2-ABF2-45B1-90A7-EB20FAB68F86}C:\program files (x86)\counter-strike 1.6 non-steam\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6 non-steam\hl.exe |
"TCP Query User{3D88D907-140F-4AD2-980B-88ED59AC7AA1}D:\cs\hl.exe" = protocol=6 | dir=in | app=d:\cs\hl.exe |
"TCP Query User{5F029733-759E-49E2-9443-C474DE821D59}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\fuse\fuseservice.exe |
"TCP Query User{606B8876-BCF6-49C8-A156-17A3C9E592B7}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"TCP Query User{C790A37B-420B-4B1C-AC52-95D76FC42D1C}C:\users\pc\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\utorrent.exe |
"TCP Query User{DFECA91C-490A-4405-A1CC-2A5441679C22}C:\games\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\games\counter-strike\hl.exe |
"TCP Query User{E72DAE79-2854-44C8-89FF-24057534C2B4}D:\fifa 2011\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 2011\game\fifa.exe |
"TCP Query User{E8217B44-A971-46CD-AD62-4F47A2E5566D}C:\program files (x86)\nokia\nokia software updater for retail\nsuforretail.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater for retail\nsuforretail.exe |
"UDP Query User{0DBF33F6-D0C2-449E-AC35-B3DFC985A975}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{1E078998-DFBB-481A-BD56-C58C87CC292F}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"UDP Query User{29F59C03-FC95-4CE3-BEE9-45F4C0BC5A17}D:\fifa 2011\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 2011\game\fifa.exe |
"UDP Query User{2C88559F-95D6-4B5F-8A26-23F586B1201F}C:\program files (x86)\nokia\nokia software updater for retail\nsuforretail.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater for retail\nsuforretail.exe |
"UDP Query User{2D6FF0B7-0738-41F0-91A8-548B73EE25F0}C:\program files (x86)\counter-strike 1.6 non-steam\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6 non-steam\hl.exe |
"UDP Query User{53E3EDFB-0EF8-47A2-B3B4-A6EF5F1F865C}C:\games\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\games\counter-strike\hl.exe |
"UDP Query User{68321D03-6054-4C75-A755-79A652494C82}C:\users\pc\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\utorrent.exe |
"UDP Query User{B78710BC-2144-4FC9-ACA3-350112190565}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\fuse\fuseservice.exe |
"UDP Query User{F1F7051D-9C09-4837-92DA-112C9C2205D7}D:\cs\hl.exe" = protocol=17 | dir=in | app=d:\cs\hl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6109059C-2784-4546-A353-7100A6882DF4}" = Ruská - rozložení jako latinka (0.9.1)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7DBCBDFC-2A77-4468-888D-8C21E202C6A8}" = WinUSB Drivers x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5 CSY Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A4F0DB87-3269-34FE-AFFE-4168FDFA4A22}" = Microsoft .NET Framework 4.5 CSY Language Pack
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.8
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 8.2.0.1406
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06904B2B-5000-4C58-9471-256BA1A303BE}" = Fuse Drivers x64
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D8A96B-1911-4C3F-AA16-0B47E053E492}" = PDF Architect
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C8FAC221-1373-41DD-88E2-B3BAD3C6BD3C}" = Nokia Software Updater for Retail
"{CE9BDD0F-BAF3-474D-B6D8-15B84BDAB229}" = Windows Phone app for desktop
"{D4BF151C-70A8-4CE2-906F-4173A575BAD9}" = Nokia Connectivity Cable Driver
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Counter-Strike 1.6_is1" = Counter-Strike 1.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Fraps" = Fraps (remove only)
"GoldWave v5.69" = GoldWave v5.69
"Google Chrome" = Google Chrome
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.0.2.1012
"Mozilla Firefox 29.0.1 (x86 cs)" = Mozilla Firefox 29.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3.6.2014 8:12:45 | Computer Name = PC-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Šifrování selhala při volání OnIdentity() v objektu System
Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary 1618266drv.

System
Error: Systém nemůže nalézt uvedený soubor. .

[ OSession Events ]
Error - 8.10.2013 9:11:20 | Computer Name = PC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13.11.2013 1:56:10 | Computer Name = PC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17.11.2013 6:35:29 | Computer Name = PC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3232
seconds with 1860 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2.6.2014 1:57:23 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Assistant bylo dosaženo časového limitu
(30000 ms).

Error - 2.6.2014 3:44:27 | Computer Name = PC-PC | Source = ACPI | ID = 327685
Description = AMLI: Systém ACPI BIOS se pokouší o zápis na nesprávnou adresu portu
V/V (0x70), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem toho
může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí o odbornou
pomoc.

Error - 2.6.2014 3:44:27 | Computer Name = PC-PC | Source = ACPI | ID = 327684
Description = AMLI: Systém ACPI BIOS se pokouší o čtení z nesprávné adresy V/V portu
(0x71), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem toho
může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí o odbornou
pomoc.

Error - 2.6.2014 3:45:17 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Assistant bylo dosaženo časového limitu
(30000 ms).

Error - 2.6.2014 8:01:58 | Computer Name = PC-PC | Source = ACPI | ID = 327685
Description = AMLI: Systém ACPI BIOS se pokouší o zápis na nesprávnou adresu portu
V/V (0x70), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem toho
může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí o odbornou
pomoc.

Error - 2.6.2014 8:01:58 | Computer Name = PC-PC | Source = ACPI | ID = 327684
Description = AMLI: Systém ACPI BIOS se pokouší o čtení z nesprávné adresy V/V portu
(0x71), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem toho
může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí o odbornou
pomoc.

Error - 2.6.2014 8:02:54 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Assistant bylo dosaženo časového limitu
(30000 ms).

Error - 3.6.2014 2:29:10 | Computer Name = PC-PC | Source = ACPI | ID = 327685
Description = AMLI: Systém ACPI BIOS se pokouší o zápis na nesprávnou adresu portu
V/V (0x70), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem toho
může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí o odbornou
pomoc.

Error - 3.6.2014 2:29:10 | Computer Name = PC-PC | Source = ACPI | ID = 327684
Description = AMLI: Systém ACPI BIOS se pokouší o čtení z nesprávné adresy V/V portu
(0x71), která se nachází v chráněném rozsahu adres 0x70 - 0x71. Následkem toho
může dojít k nestabilitě systému. Obraťte se na prodejce systému s žádostí o odbornou
pomoc.

Error - 3.6.2014 2:30:00 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Assistant bylo dosaženo časového limitu
(30000 ms).


< End of report >