ComboFix 12-12-27.03 - Ondřej 28.12.2012 12:05:47.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8136.6144 [GMT 1:00]
Spuštěný z: c:\users\Ond°ej\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ond°ej\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondýej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondrej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 01:13 . 2012-12-28 01:13 -------- d-----w- c:\users\Ondrej\AppData\Local\Microsoft
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 00:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Local\Programs
2012-12-27 18:40 . 2012-12-27 22:15 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Bloody Trapland Demo
2012-12-27 18:40 . 2010-02-04 08:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-12-27 18:40 . 2010-02-04 08:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-12-27 18:40 . 2010-02-04 08:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-12-27 18:40 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-27 18:33 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\programdata\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Desura
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\ICQ Search
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Mozilla
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\programdata\ICQ
2012-12-25 17:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{252F0221-FD9E-4855-BA9B-8693C81F7700}\mpengine.dll
2012-12-21 21:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- c:\users\Ondřej\AppData\Local\CRE
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- C:\Mozilla
2012-12-18 20:41 . 2012-12-22 20:37 -------- d-----w- c:\users\Ondřej\AppData\Roaming\uTorrent
2012-12-16 01:32 . 2012-12-16 01:32 -------- d-----w- c:\windows\Migration
2012-12-14 20:52 . 2007-05-16 15:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\programdata\PMB Files
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\program files (x86)\Pando Networks
2012-12-13 19:31 . 2012-11-14 06:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Babylon
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\programdata\Babylon
2012-12-13 19:22 . 2012-12-13 19:22 -------- d-----w- c:\users\Ondřej\.swt
2012-12-13 14:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 14:44 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 14:44 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-01 20:29 . 2012-12-01 20:33 -------- d-----w- c:\program files\Babylon
2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 19:40 . 2011-12-24 21:42 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 14:40 . 2012-09-07 07:33 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 14:40 . 2011-12-24 18:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 13:13 . 2012-11-07 13:13 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-07 13:13 . 2012-11-07 13:13 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-07 13:13 . 2012-11-07 13:13 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-07 13:13 . 2012-11-07 13:13 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-07 13:13 . 2012-11-07 13:13 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-07 13:13 . 2012-11-07 13:13 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-07 13:13 . 2012-11-07 13:13 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-07 13:13 . 2012-11-07 13:13 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-07 13:13 . 2012-11-07 13:13 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2012-11-07 13:12 . 2012-11-07 13:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-07 13:12 . 2012-11-07 13:12 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-07 13:12 . 2012-11-07 13:12 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-07 13:12 . 2012-11-07 13:12 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-07 13:12 . 2012-11-07 13:12 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-30 22:51 . 2012-10-08 13:58 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-08 13:58 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-08 13:58 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-08 13:58 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-10-08 13:58 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-08 13:58 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-08 13:58 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-04-25 18:43 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-29 19:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 19:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 19:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-10-08 13:58 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-12 17:09 . 2012-05-10 19:57 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-09 18:17 . 2012-11-14 13:23 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-14 13:23 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 14:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 13:23 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 13:23 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 13:23 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 13:23 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 13:23 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 13:23 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 13:23 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 13:23 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 13:23 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 13:23 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 13:23 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 16:07 . 2012-10-02 16:07 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-02 16:07 . 2012-10-02 16:07 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-30 19:39 . 2012-09-30 19:39 15112 ----a-w- c:\users\Ondřej\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-12-24 438272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
"Skype"="c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Facebook Update"="c:\users\Ondřej\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-08 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-14 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-24 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-23 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"HamaKMCONFIG"="c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe" [2008-05-30 212992]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Continue otshot Installation.lnk - c:\users\Ondřej\Downloads\Otshot_installer71.exe [2012-11-24 1227096]
Facebook Messenger.lnk - c:\users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-15 79376]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-12-27 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files (x86)\Lenovo\ReadyComm\AppSvc.exe [2010-12-27 509280]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files (x86)\Lenovo\ReadyComm\ConnSvc.exe [2010-12-27 578912]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-07 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-07 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-07 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-23 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-23 39008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-23 13408]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-25 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe [2009-07-01 197120]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-23 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-15 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 14:40]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-23 18:43 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-23 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-23 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-23 5908928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-27 500208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-28 12:12:47
ComboFix-quarantined-files.txt 2012-12-28 11:12
ComboFix2.txt 2012-12-28 01:16
.
Před spuštěním: Volných bajtů: 149 579 530 240
Po spuštění: Volných bajtů: 149 276 827 648
.
- - End Of File - - ED12C3192FE15A10DC4A041ED8E85105
Facebook vir SSL/TSL poštovní klient a jeho vypnutí Vyřešeno
Re: Facebook vir SSL/TSL poštovní klient a jeho vypnutí
ComboFix 12-12-27.03 - Ondřej 28.12.2012 12:05:47.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8136.6144 [GMT 1:00]
Spuštěný z: c:\users\Ond°ej\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ond°ej\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondýej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondrej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 01:13 . 2012-12-28 01:13 -------- d-----w- c:\users\Ondrej\AppData\Local\Microsoft
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 00:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Local\Programs
2012-12-27 18:40 . 2012-12-27 22:15 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Bloody Trapland Demo
2012-12-27 18:40 . 2010-02-04 08:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-12-27 18:40 . 2010-02-04 08:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-12-27 18:40 . 2010-02-04 08:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-12-27 18:40 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-27 18:33 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\programdata\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Desura
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\ICQ Search
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Mozilla
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\programdata\ICQ
2012-12-25 17:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{252F0221-FD9E-4855-BA9B-8693C81F7700}\mpengine.dll
2012-12-21 21:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- c:\users\Ondřej\AppData\Local\CRE
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- C:\Mozilla
2012-12-18 20:41 . 2012-12-22 20:37 -------- d-----w- c:\users\Ondřej\AppData\Roaming\uTorrent
2012-12-16 01:32 . 2012-12-16 01:32 -------- d-----w- c:\windows\Migration
2012-12-14 20:52 . 2007-05-16 15:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\programdata\PMB Files
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\program files (x86)\Pando Networks
2012-12-13 19:31 . 2012-11-14 06:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Babylon
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\programdata\Babylon
2012-12-13 19:22 . 2012-12-13 19:22 -------- d-----w- c:\users\Ondřej\.swt
2012-12-13 14:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 14:44 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 14:44 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-01 20:29 . 2012-12-01 20:33 -------- d-----w- c:\program files\Babylon
2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 19:40 . 2011-12-24 21:42 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 14:40 . 2012-09-07 07:33 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 14:40 . 2011-12-24 18:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 13:13 . 2012-11-07 13:13 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-07 13:13 . 2012-11-07 13:13 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-07 13:13 . 2012-11-07 13:13 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-07 13:13 . 2012-11-07 13:13 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-07 13:13 . 2012-11-07 13:13 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-07 13:13 . 2012-11-07 13:13 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-07 13:13 . 2012-11-07 13:13 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-07 13:13 . 2012-11-07 13:13 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-07 13:13 . 2012-11-07 13:13 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2012-11-07 13:12 . 2012-11-07 13:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-07 13:12 . 2012-11-07 13:12 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-07 13:12 . 2012-11-07 13:12 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-07 13:12 . 2012-11-07 13:12 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-07 13:12 . 2012-11-07 13:12 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-30 22:51 . 2012-10-08 13:58 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-08 13:58 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-08 13:58 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-08 13:58 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-10-08 13:58 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-08 13:58 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-08 13:58 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-04-25 18:43 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-29 19:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 19:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 19:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-10-08 13:58 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-12 17:09 . 2012-05-10 19:57 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-09 18:17 . 2012-11-14 13:23 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-14 13:23 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 14:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 13:23 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 13:23 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 13:23 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 13:23 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 13:23 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 13:23 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 13:23 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 13:23 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 13:23 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 13:23 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 13:23 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 16:07 . 2012-10-02 16:07 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-02 16:07 . 2012-10-02 16:07 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-30 19:39 . 2012-09-30 19:39 15112 ----a-w- c:\users\Ondřej\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-12-24 438272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
"Skype"="c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Facebook Update"="c:\users\Ondřej\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-08 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-14 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-24 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-23 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"HamaKMCONFIG"="c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe" [2008-05-30 212992]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Continue otshot Installation.lnk - c:\users\Ondřej\Downloads\Otshot_installer71.exe [2012-11-24 1227096]
Facebook Messenger.lnk - c:\users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-15 79376]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-12-27 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files (x86)\Lenovo\ReadyComm\AppSvc.exe [2010-12-27 509280]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files (x86)\Lenovo\ReadyComm\ConnSvc.exe [2010-12-27 578912]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-07 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-07 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-07 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-23 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-23 39008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-23 13408]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-25 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe [2009-07-01 197120]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-23 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-15 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 14:40]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-23 18:43 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-23 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-23 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-23 5908928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-27 500208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-28 12:12:47
ComboFix-quarantined-files.txt 2012-12-28 11:12
ComboFix2.txt 2012-12-28 01:16
.
Před spuštěním: Volných bajtů: 149 579 530 240
Po spuštění: Volných bajtů: 149 276 827 648
.
- - End Of File - - ED12C3192FE15A10DC4A041ED8E85105
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8136.6144 [GMT 1:00]
Spuštěný z: c:\users\Ond°ej\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ond°ej\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondýej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondrej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 01:13 . 2012-12-28 01:13 -------- d-----w- c:\users\Ondrej\AppData\Local\Microsoft
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 00:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Local\Programs
2012-12-27 18:40 . 2012-12-27 22:15 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Bloody Trapland Demo
2012-12-27 18:40 . 2010-02-04 08:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-12-27 18:40 . 2010-02-04 08:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-12-27 18:40 . 2010-02-04 08:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-12-27 18:40 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-27 18:33 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\programdata\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Desura
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\ICQ Search
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Mozilla
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\programdata\ICQ
2012-12-25 17:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{252F0221-FD9E-4855-BA9B-8693C81F7700}\mpengine.dll
2012-12-21 21:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- c:\users\Ondřej\AppData\Local\CRE
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- C:\Mozilla
2012-12-18 20:41 . 2012-12-22 20:37 -------- d-----w- c:\users\Ondřej\AppData\Roaming\uTorrent
2012-12-16 01:32 . 2012-12-16 01:32 -------- d-----w- c:\windows\Migration
2012-12-14 20:52 . 2007-05-16 15:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\programdata\PMB Files
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\program files (x86)\Pando Networks
2012-12-13 19:31 . 2012-11-14 06:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Babylon
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\programdata\Babylon
2012-12-13 19:22 . 2012-12-13 19:22 -------- d-----w- c:\users\Ondřej\.swt
2012-12-13 14:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 14:44 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 14:44 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-01 20:29 . 2012-12-01 20:33 -------- d-----w- c:\program files\Babylon
2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 19:40 . 2011-12-24 21:42 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 14:40 . 2012-09-07 07:33 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 14:40 . 2011-12-24 18:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 13:13 . 2012-11-07 13:13 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-07 13:13 . 2012-11-07 13:13 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-07 13:13 . 2012-11-07 13:13 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-07 13:13 . 2012-11-07 13:13 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-07 13:13 . 2012-11-07 13:13 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-07 13:13 . 2012-11-07 13:13 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-07 13:13 . 2012-11-07 13:13 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-07 13:13 . 2012-11-07 13:13 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-07 13:13 . 2012-11-07 13:13 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2012-11-07 13:12 . 2012-11-07 13:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-07 13:12 . 2012-11-07 13:12 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-07 13:12 . 2012-11-07 13:12 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-07 13:12 . 2012-11-07 13:12 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-07 13:12 . 2012-11-07 13:12 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-30 22:51 . 2012-10-08 13:58 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-08 13:58 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-08 13:58 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-08 13:58 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-10-08 13:58 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-08 13:58 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-08 13:58 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-04-25 18:43 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-29 19:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 19:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 19:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-10-08 13:58 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-12 17:09 . 2012-05-10 19:57 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-09 18:17 . 2012-11-14 13:23 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-14 13:23 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 14:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 13:23 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 13:23 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 13:23 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 13:23 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 13:23 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 13:23 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 13:23 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 13:23 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 13:23 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 13:23 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 13:23 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 16:07 . 2012-10-02 16:07 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-02 16:07 . 2012-10-02 16:07 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-30 19:39 . 2012-09-30 19:39 15112 ----a-w- c:\users\Ondřej\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-12-24 438272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
"Skype"="c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Facebook Update"="c:\users\Ondřej\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-08 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-14 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-24 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-23 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"HamaKMCONFIG"="c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe" [2008-05-30 212992]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Continue otshot Installation.lnk - c:\users\Ondřej\Downloads\Otshot_installer71.exe [2012-11-24 1227096]
Facebook Messenger.lnk - c:\users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-15 79376]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-12-27 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files (x86)\Lenovo\ReadyComm\AppSvc.exe [2010-12-27 509280]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files (x86)\Lenovo\ReadyComm\ConnSvc.exe [2010-12-27 578912]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-07 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-07 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-07 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-23 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-23 39008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-23 13408]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-25 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe [2009-07-01 197120]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-23 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-15 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 14:40]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-23 18:43 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-23 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-23 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-23 5908928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-27 500208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-28 12:12:47
ComboFix-quarantined-files.txt 2012-12-28 11:12
ComboFix2.txt 2012-12-28 01:16
.
Před spuštěním: Volných bajtů: 149 579 530 240
Po spuštění: Volných bajtů: 149 276 827 648
.
- - End Of File - - ED12C3192FE15A10DC4A041ED8E85105
Re: Facebook vir SSL/TSL poštovní klient a jeho vypnutí
ComboFix 12-12-27.03 - Ondřej 28.12.2012 12:05:47.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8136.6144 [GMT 1:00]
Spuštěný z: c:\users\Ond°ej\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ond°ej\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondýej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondrej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 01:13 . 2012-12-28 01:13 -------- d-----w- c:\users\Ondrej\AppData\Local\Microsoft
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 00:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Local\Programs
2012-12-27 18:40 . 2012-12-27 22:15 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Bloody Trapland Demo
2012-12-27 18:40 . 2010-02-04 08:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-12-27 18:40 . 2010-02-04 08:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-12-27 18:40 . 2010-02-04 08:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-12-27 18:40 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-27 18:33 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\programdata\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Desura
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\ICQ Search
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Mozilla
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\programdata\ICQ
2012-12-25 17:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{252F0221-FD9E-4855-BA9B-8693C81F7700}\mpengine.dll
2012-12-21 21:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- c:\users\Ondřej\AppData\Local\CRE
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- C:\Mozilla
2012-12-18 20:41 . 2012-12-22 20:37 -------- d-----w- c:\users\Ondřej\AppData\Roaming\uTorrent
2012-12-16 01:32 . 2012-12-16 01:32 -------- d-----w- c:\windows\Migration
2012-12-14 20:52 . 2007-05-16 15:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\programdata\PMB Files
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\program files (x86)\Pando Networks
2012-12-13 19:31 . 2012-11-14 06:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Babylon
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\programdata\Babylon
2012-12-13 19:22 . 2012-12-13 19:22 -------- d-----w- c:\users\Ondřej\.swt
2012-12-13 14:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 14:44 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 14:44 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-01 20:29 . 2012-12-01 20:33 -------- d-----w- c:\program files\Babylon
2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 19:40 . 2011-12-24 21:42 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 14:40 . 2012-09-07 07:33 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 14:40 . 2011-12-24 18:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 13:13 . 2012-11-07 13:13 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-07 13:13 . 2012-11-07 13:13 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-07 13:13 . 2012-11-07 13:13 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-07 13:13 . 2012-11-07 13:13 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-07 13:13 . 2012-11-07 13:13 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-07 13:13 . 2012-11-07 13:13 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-07 13:13 . 2012-11-07 13:13 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-07 13:13 . 2012-11-07 13:13 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-07 13:13 . 2012-11-07 13:13 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2012-11-07 13:12 . 2012-11-07 13:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-07 13:12 . 2012-11-07 13:12 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-07 13:12 . 2012-11-07 13:12 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-07 13:12 . 2012-11-07 13:12 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-07 13:12 . 2012-11-07 13:12 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-30 22:51 . 2012-10-08 13:58 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-08 13:58 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-08 13:58 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-08 13:58 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-10-08 13:58 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-08 13:58 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-08 13:58 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-04-25 18:43 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-29 19:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 19:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 19:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-10-08 13:58 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-12 17:09 . 2012-05-10 19:57 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-09 18:17 . 2012-11-14 13:23 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-14 13:23 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 14:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 13:23 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 13:23 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 13:23 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 13:23 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 13:23 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 13:23 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 13:23 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 13:23 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 13:23 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 13:23 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 13:23 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 16:07 . 2012-10-02 16:07 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-02 16:07 . 2012-10-02 16:07 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-30 19:39 . 2012-09-30 19:39 15112 ----a-w- c:\users\Ondřej\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-12-24 438272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
"Skype"="c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Facebook Update"="c:\users\Ondřej\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-08 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-14 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-24 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-23 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"HamaKMCONFIG"="c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe" [2008-05-30 212992]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Continue otshot Installation.lnk - c:\users\Ondřej\Downloads\Otshot_installer71.exe [2012-11-24 1227096]
Facebook Messenger.lnk - c:\users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-15 79376]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-12-27 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files (x86)\Lenovo\ReadyComm\AppSvc.exe [2010-12-27 509280]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files (x86)\Lenovo\ReadyComm\ConnSvc.exe [2010-12-27 578912]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-07 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-07 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-07 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-23 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-23 39008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-23 13408]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-25 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe [2009-07-01 197120]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-23 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-15 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 14:40]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-23 18:43 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-23 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-23 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-23 5908928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-27 500208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-28 12:12:47
ComboFix-quarantined-files.txt 2012-12-28 11:12
ComboFix2.txt 2012-12-28 01:16
.
Před spuštěním: Volných bajtů: 149 579 530 240
Po spuštění: Volných bajtů: 149 276 827 648
.
- - End Of File - - ED12C3192FE15A10DC4A041ED8E85105
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8136.6144 [GMT 1:00]
Spuštěný z: c:\users\Ond°ej\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ond°ej\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondýej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondrej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 01:13 . 2012-12-28 01:13 -------- d-----w- c:\users\Ondrej\AppData\Local\Microsoft
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 00:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Local\Programs
2012-12-27 18:40 . 2012-12-27 22:15 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Bloody Trapland Demo
2012-12-27 18:40 . 2010-02-04 08:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-12-27 18:40 . 2010-02-04 08:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-12-27 18:40 . 2010-02-04 08:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-12-27 18:40 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-27 18:33 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\programdata\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Desura
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\ICQ Search
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Mozilla
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\programdata\ICQ
2012-12-25 17:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{252F0221-FD9E-4855-BA9B-8693C81F7700}\mpengine.dll
2012-12-21 21:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- c:\users\Ondřej\AppData\Local\CRE
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- C:\Mozilla
2012-12-18 20:41 . 2012-12-22 20:37 -------- d-----w- c:\users\Ondřej\AppData\Roaming\uTorrent
2012-12-16 01:32 . 2012-12-16 01:32 -------- d-----w- c:\windows\Migration
2012-12-14 20:52 . 2007-05-16 15:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\programdata\PMB Files
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\program files (x86)\Pando Networks
2012-12-13 19:31 . 2012-11-14 06:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Babylon
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\programdata\Babylon
2012-12-13 19:22 . 2012-12-13 19:22 -------- d-----w- c:\users\Ondřej\.swt
2012-12-13 14:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 14:44 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 14:44 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-01 20:29 . 2012-12-01 20:33 -------- d-----w- c:\program files\Babylon
2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 19:40 . 2011-12-24 21:42 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 14:40 . 2012-09-07 07:33 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 14:40 . 2011-12-24 18:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 13:13 . 2012-11-07 13:13 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-07 13:13 . 2012-11-07 13:13 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-07 13:13 . 2012-11-07 13:13 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-07 13:13 . 2012-11-07 13:13 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-07 13:13 . 2012-11-07 13:13 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-07 13:13 . 2012-11-07 13:13 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-07 13:13 . 2012-11-07 13:13 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-07 13:13 . 2012-11-07 13:13 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-07 13:13 . 2012-11-07 13:13 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2012-11-07 13:12 . 2012-11-07 13:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-07 13:12 . 2012-11-07 13:12 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-07 13:12 . 2012-11-07 13:12 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-07 13:12 . 2012-11-07 13:12 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-07 13:12 . 2012-11-07 13:12 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-30 22:51 . 2012-10-08 13:58 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-08 13:58 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-08 13:58 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-08 13:58 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-10-08 13:58 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-08 13:58 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-08 13:58 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-04-25 18:43 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-29 19:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 19:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 19:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-10-08 13:58 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-12 17:09 . 2012-05-10 19:57 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-09 18:17 . 2012-11-14 13:23 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-14 13:23 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 14:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 13:23 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 13:23 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 13:23 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 13:23 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 13:23 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 13:23 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 13:23 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 13:23 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 13:23 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 13:23 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 13:23 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 16:07 . 2012-10-02 16:07 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-02 16:07 . 2012-10-02 16:07 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-30 19:39 . 2012-09-30 19:39 15112 ----a-w- c:\users\Ondřej\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-12-24 438272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
"Skype"="c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Facebook Update"="c:\users\Ondřej\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-08 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-14 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-24 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-23 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"HamaKMCONFIG"="c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe" [2008-05-30 212992]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Continue otshot Installation.lnk - c:\users\Ondřej\Downloads\Otshot_installer71.exe [2012-11-24 1227096]
Facebook Messenger.lnk - c:\users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-15 79376]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-12-27 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files (x86)\Lenovo\ReadyComm\AppSvc.exe [2010-12-27 509280]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files (x86)\Lenovo\ReadyComm\ConnSvc.exe [2010-12-27 578912]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-07 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-07 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-07 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-23 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-23 39008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-23 13408]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-25 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe [2009-07-01 197120]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-23 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-15 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 14:40]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-23 18:43 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-23 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-23 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-23 5908928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-27 500208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-28 12:12:47
ComboFix-quarantined-files.txt 2012-12-28 11:12
ComboFix2.txt 2012-12-28 01:16
.
Před spuštěním: Volných bajtů: 149 579 530 240
Po spuštění: Volných bajtů: 149 276 827 648
.
- - End Of File - - ED12C3192FE15A10DC4A041ED8E85105
Re: Facebook vir SSL/TSL poštovní klient a jeho vypnutí
Nejde mi to sem poslat ten vlog. Dám zkopírovat a sem vložit. Objeví se tu, dám odeslat a nevidím to tu odeslaný.
Re: Facebook vir SSL/TSL poštovní klient a jeho vypnutí
ComboFix 12-12-27.03 - Ondřej 28.12.2012 12:05:47.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8136.6144 [GMT 1:00]
Spuštěný z: c:\users\Ond°ej\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ond°ej\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondýej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondrej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 01:13 . 2012-12-28 01:13 -------- d-----w- c:\users\Ondrej\AppData\Local\Microsoft
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 00:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Local\Programs
2012-12-27 18:40 . 2012-12-27 22:15 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Bloody Trapland Demo
2012-12-27 18:40 . 2010-02-04 08:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-12-27 18:40 . 2010-02-04 08:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-12-27 18:40 . 2010-02-04 08:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-12-27 18:40 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-27 18:33 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\programdata\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Desura
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\ICQ Search
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Mozilla
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\programdata\ICQ
2012-12-25 17:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{252F0221-FD9E-4855-BA9B-8693C81F7700}\mpengine.dll
2012-12-21 21:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- c:\users\Ondřej\AppData\Local\CRE
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- C:\Mozilla
2012-12-18 20:41 . 2012-12-22 20:37 -------- d-----w- c:\users\Ondřej\AppData\Roaming\uTorrent
2012-12-16 01:32 . 2012-12-16 01:32 -------- d-----w- c:\windows\Migration
2012-12-14 20:52 . 2007-05-16 15:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\programdata\PMB Files
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\program files (x86)\Pando Networks
2012-12-13 19:31 . 2012-11-14 06:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Babylon
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\programdata\Babylon
2012-12-13 19:22 . 2012-12-13 19:22 -------- d-----w- c:\users\Ondřej\.swt
2012-12-13 14:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 14:44 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 14:44 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-01 20:29 . 2012-12-01 20:33 -------- d-----w- c:\program files\Babylon
2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 19:40 . 2011-12-24 21:42 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 14:40 . 2012-09-07 07:33 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 14:40 . 2011-12-24 18:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 13:13 . 2012-11-07 13:13 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-07 13:13 . 2012-11-07 13:13 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-07 13:13 . 2012-11-07 13:13 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-07 13:13 . 2012-11-07 13:13 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-07 13:13 . 2012-11-07 13:13 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-07 13:13 . 2012-11-07 13:13 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-07 13:13 . 2012-11-07 13:13 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-07 13:13 . 2012-11-07 13:13 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-07 13:13 . 2012-11-07 13:13 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2012-11-07 13:12 . 2012-11-07 13:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-07 13:12 . 2012-11-07 13:12 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-07 13:12 . 2012-11-07 13:12 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-07 13:12 . 2012-11-07 13:12 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-07 13:12 . 2012-11-07 13:12 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-30 22:51 . 2012-10-08 13:58 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-08 13:58 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-08 13:58 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-08 13:58 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-10-08 13:58 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-08 13:58 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-08 13:58 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-04-25 18:43 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-29 19:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 19:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 19:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-10-08 13:58 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-12 17:09 . 2012-05-10 19:57 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-09 18:17 . 2012-11-14 13:23 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-14 13:23 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 14:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 13:23 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 13:23 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 13:23 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 13:23 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 13:23 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 13:23 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 13:23 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 13:23 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 13:23 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 13:23 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 13:23 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 16:07 . 2012-10-02 16:07 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-02 16:07 . 2012-10-02 16:07 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-30 19:39 . 2012-09-30 19:39 15112 ----a-w- c:\users\Ondřej\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-12-24 438272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
"Skype"="c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Facebook Update"="c:\users\Ondřej\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-08 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-14 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-24 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-23 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"HamaKMCONFIG"="c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe" [2008-05-30 212992]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Continue otshot Installation.lnk - c:\users\Ondřej\Downloads\Otshot_installer71.exe [2012-11-24 1227096]
Facebook Messenger.lnk - c:\users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-15 79376]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-12-27 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files (x86)\Lenovo\ReadyComm\AppSvc.exe [2010-12-27 509280]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files (x86)\Lenovo\ReadyComm\ConnSvc.exe [2010-12-27 578912]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-07 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-07 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-07 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-23 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-23 39008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-23 13408]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-25 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe [2009-07-01 197120]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-23 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-15 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 14:40]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-23 18:43 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-23 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-23 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-23 5908928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-27 500208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-28 12:12:47
ComboFix-quarantined-files.txt 2012-12-28 11:12
ComboFix2.txt 2012-12-28 01:16
.
Před spuštěním: Volných bajtů: 149 579 530 240
Po spuštění: Volných bajtů: 149 276 827 648
.
- - End Of File - - ED12C3192FE15A10DC4A041ED8E85105
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8136.6144 [GMT 1:00]
Spuštěný z: c:\users\Ond°ej\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ond°ej\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-28 do 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondýej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Ondrej\AppData\Local\temp
2012-12-28 11:11 . 2012-12-28 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 01:13 . 2012-12-28 01:13 -------- d-----w- c:\users\Ondrej\AppData\Local\Microsoft
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 00:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 00:20 . 2012-12-28 00:20 -------- d-----w- c:\users\Ondřej\AppData\Local\Programs
2012-12-27 18:40 . 2012-12-27 22:15 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Bloody Trapland Demo
2012-12-27 18:40 . 2010-02-04 08:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-12-27 18:40 . 2010-02-04 08:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-12-27 18:40 . 2010-02-04 08:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-12-27 18:40 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-27 18:33 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\programdata\Desura
2012-12-27 18:29 . 2012-12-27 22:15 -------- d-----w- c:\program files (x86)\Desura
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\ICQ Search
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Mozilla
2012-12-26 18:32 . 2012-12-26 18:32 -------- d-----w- c:\programdata\ICQ
2012-12-25 17:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{252F0221-FD9E-4855-BA9B-8693C81F7700}\mpengine.dll
2012-12-21 21:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 21:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- c:\users\Ondřej\AppData\Local\CRE
2012-12-18 20:42 . 2012-12-18 20:42 -------- d-----w- C:\Mozilla
2012-12-18 20:41 . 2012-12-22 20:37 -------- d-----w- c:\users\Ondřej\AppData\Roaming\uTorrent
2012-12-16 01:32 . 2012-12-16 01:32 -------- d-----w- c:\windows\Migration
2012-12-14 20:52 . 2007-05-16 15:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\programdata\PMB Files
2012-12-14 20:26 . 2012-12-14 20:26 -------- d-----w- c:\program files (x86)\Pando Networks
2012-12-13 19:31 . 2012-11-14 06:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Babylon
2012-12-13 19:30 . 2012-12-13 19:30 -------- d-----w- c:\programdata\Babylon
2012-12-13 19:22 . 2012-12-13 19:22 -------- d-----w- c:\users\Ondřej\.swt
2012-12-13 14:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 14:44 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 14:44 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-01 20:29 . 2012-12-01 20:33 -------- d-----w- c:\program files\Babylon
2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 19:40 . 2011-12-24 21:42 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 14:40 . 2012-09-07 07:33 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 14:40 . 2011-12-24 18:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 13:13 . 2012-11-07 13:13 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-07 13:13 . 2012-11-07 13:13 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-07 13:13 . 2012-11-07 13:13 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-07 13:13 . 2012-11-07 13:13 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-07 13:13 . 2012-11-07 13:13 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-07 13:13 . 2012-11-07 13:13 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-07 13:13 . 2012-11-07 13:13 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-07 13:13 . 2012-11-07 13:13 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-07 13:13 . 2012-11-07 13:13 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-07 13:13 . 2012-11-07 13:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-07 13:13 . 2012-11-07 13:13 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-07 13:13 . 2012-11-07 13:13 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-07 13:13 . 2012-11-07 13:13 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-07 13:13 . 2012-11-07 13:13 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-07 13:13 . 2012-11-07 13:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-07 13:13 . 2012-11-07 13:13 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-07 13:13 . 2012-11-07 13:13 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2012-11-07 13:12 . 2012-11-07 13:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-07 13:12 . 2012-11-07 13:12 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-07 13:12 . 2012-11-07 13:12 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-07 13:12 . 2012-11-07 13:12 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-07 13:12 . 2012-11-07 13:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-07 13:12 . 2012-11-07 13:12 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-07 13:12 . 2012-11-07 13:12 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-30 22:51 . 2012-10-08 13:58 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-08 13:58 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-08 13:58 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-08 13:58 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-10-08 13:58 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-08 13:58 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-08 13:58 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-04-25 18:43 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-29 19:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 19:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 19:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-10-08 13:58 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-12 17:09 . 2012-05-10 19:57 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-09 18:17 . 2012-11-14 13:23 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-14 13:23 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:23 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 14:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 13:23 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 13:23 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 13:23 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 13:23 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 13:23 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 13:23 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 13:23 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 13:23 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 13:23 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 13:23 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 13:23 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 16:07 . 2012-10-02 16:07 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-02 16:07 . 2012-10-02 16:07 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-30 19:39 . 2012-09-30 19:39 15112 ----a-w- c:\users\Ondřej\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-12-24 438272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
"Skype"="c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Facebook Update"="c:\users\Ondřej\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-08 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-14 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-24 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-23 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"HamaKMCONFIG"="c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe" [2008-05-30 212992]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Continue otshot Installation.lnk - c:\users\Ondřej\Downloads\Otshot_installer71.exe [2012-11-24 1227096]
Facebook Messenger.lnk - c:\users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-15 79376]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-12-27 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files (x86)\Lenovo\ReadyComm\AppSvc.exe [2010-12-27 509280]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files (x86)\Lenovo\ReadyComm\ConnSvc.exe [2010-12-27 578912]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-07 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-07 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-07 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-23 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-23 39008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-23 13408]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-25 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe [2009-07-01 197120]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-23 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-15 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 14:40]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 18:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-23 18:43 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-23 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-23 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-23 5908928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-27 500208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-28 12:12:47
ComboFix-quarantined-files.txt 2012-12-28 11:12
ComboFix2.txt 2012-12-28 01:16
.
Před spuštěním: Volných bajtů: 149 579 530 240
Po spuštění: Volných bajtů: 149 276 827 648
.
- - End Of File - - ED12C3192FE15A10DC4A041ED8E85105
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Facebook vir SSL/TSL poštovní klient a jeho vypnutí
Odinstaluj ComboFix. ComboFix se odinstaluje takto:
Vypni antivir a pokud máš i Antispyware ( nutné ) .
Start -> Spustit (nebo klávesy Win+R) a zadej do řádku: Combofix[mezera]/uninstall
***************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup, zaškrtni Pro všechny uživatele.Pod Běžné registry změň na Vše, Specifické registry na Vše. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 14 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Vypni antivir a pokud máš i Antispyware ( nutné ) .
Start -> Spustit (nebo klávesy Win+R) a zadej do řádku: Combofix[mezera]/uninstall
***************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup, zaškrtni Pro všechny uživatele.Pod Běžné registry změň na Vše, Specifické registry na Vše. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 14 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Facebook vir SSL/TSL poštovní klient a jeho vypnutí
Musim to poslat na dvě části ten OTL:
OTL logfile created on: 12/28/2012 1:09:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ondřej\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7.95 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 71.81% Memory free
15.89 Gb Paging File | 13.32 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 139.44 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.47 Gb Free Space | 91.29% Space Free | Partition Type: NTFS
Computer Name: ONDREJ-PC | User Name: Ondřej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ondřej\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Users\Ondřej\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe (UASSOFT.COM)
PRC - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMProcess.exe (UASSOFT.COM)
PRC - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMCONFIG.exe (UASSOFT.COM)
PRC - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe (UASSOFT.COM)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Steam\sdl.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\78940b28c21e0cc28b4b5121b667529f\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\aac83e0898f30f883ab3ba6e36270531\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()
MOD - C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()
MOD - C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_cs_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl ()
MOD - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\MouseHook.dll ()
MOD - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\keydll.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (AdvancedSystemCareService6) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (SkypeUpdate) -- C:\Users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files (x86)\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files (x86)\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (KMWDSERVICE) -- C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe (UASSOFT.COM)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)
DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=112670 ... df9ae0f6f0
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112670 ... df9ae0f6f0
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=116775&tt=5012_4&babsrc=SP_ss&mntrId=deaaa6da000000000000d0df9ae0f6f0
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_csCZ463
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{883674A6-5ADC-4050-AA73-E8D1A8D6D83F}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=^T8&apn_dtid=^zzz001^YY^CZ&apn_uid=71952e84-cad6-4038-b0b1-84782856cfc8&apn_sauid=8617D1AD-0766-4177-A8D0-BE87F7722BAD
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{8D14CA2A-5D75-4928-B1A1-4501CA140311}: "URL" = http://search.phpnuke.org/?lang=en&q={searchTerms}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/hypercam/{2832F12C-68C5-47D6-B6F4-C5725F922E24}?q={searchTerms}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/28 23:52:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
[2012/12/18 21:42:56 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2012/12/18 21:42:56 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/12/01 21:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - homepage: http://search.babylon.com/?affID=116775 ... df9ae0f6f0
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylon.com/?affID=116775 ... df9ae0f6f0
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: (Enabled) = C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_1\npBP4FUpdater.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_1\BP4FUpdater.exe
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: FB Refresh = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlfdaajmclngiomogmleihllaejcnni\2.0.1_0\
CHR - Extension: YouTube = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Nanny for Google Chrome (TM) = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno\0.993_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: FB Refresh = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlfdaajmclngiomogmleihllaejcnni\2.0.1_0\
CHR - Extension: YouTube = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Nanny for Google Chrome (TM) = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno\0.993_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/12/28 02:05:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HamaKMCONFIG] C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000..\Run: [Facebook Update] C:\Users\Ondřej\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue otshot Installation.lnk = C:\Users\Ondřej\Downloads\Otshot_installer71.exe ()
O4 - Startup: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CEB64E4-F1A2-4BFD-B637-74B9BDF96252}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A62C7B8E-EBFD-4043-86A5-70CB3C2ECB84}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 14 Days ==========
[2012/12/28 12:28:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/28 12:28:42 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2012/12/28 12:12:48 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/12/28 01:51:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/12/28 01:51:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/12/28 01:51:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/12/28 01:51:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/28 01:51:22 | 000,000,000 | ---D | C] -- \Qoobox
[2012/12/28 01:51:03 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/12/28 01:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/28 01:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/28 01:20:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/12/28 01:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/28 01:20:09 | 000,000,000 | ---D | C] -- C:\Users\Ondřej\AppData\Local\Programs
OTL logfile created on: 12/28/2012 1:09:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ondřej\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7.95 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 71.81% Memory free
15.89 Gb Paging File | 13.32 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 139.44 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.47 Gb Free Space | 91.29% Space Free | Partition Type: NTFS
Computer Name: ONDREJ-PC | User Name: Ondřej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ondřej\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Users\Ondřej\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe (UASSOFT.COM)
PRC - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMProcess.exe (UASSOFT.COM)
PRC - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMCONFIG.exe (UASSOFT.COM)
PRC - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe (UASSOFT.COM)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Steam\sdl.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\78940b28c21e0cc28b4b5121b667529f\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\aac83e0898f30f883ab3ba6e36270531\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()
MOD - C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()
MOD - C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_cs_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl ()
MOD - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\MouseHook.dll ()
MOD - C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\keydll.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (AdvancedSystemCareService6) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (SkypeUpdate) -- C:\Users\Ondřej\Downloads\SkypePortable\SkypePortable\App\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files (x86)\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files (x86)\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (KMWDSERVICE) -- C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe (UASSOFT.COM)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)
DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=112670 ... df9ae0f6f0
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112670 ... df9ae0f6f0
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=116775&tt=5012_4&babsrc=SP_ss&mntrId=deaaa6da000000000000d0df9ae0f6f0
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_csCZ463
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{883674A6-5ADC-4050-AA73-E8D1A8D6D83F}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=^T8&apn_dtid=^zzz001^YY^CZ&apn_uid=71952e84-cad6-4038-b0b1-84782856cfc8&apn_sauid=8617D1AD-0766-4177-A8D0-BE87F7722BAD
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{8D14CA2A-5D75-4928-B1A1-4501CA140311}: "URL" = http://search.phpnuke.org/?lang=en&q={searchTerms}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/hypercam/{2832F12C-68C5-47D6-B6F4-C5725F922E24}?q={searchTerms}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/28 23:52:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
[2012/12/18 21:42:56 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2012/12/18 21:42:56 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/12/01 21:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - homepage: http://search.babylon.com/?affID=116775 ... df9ae0f6f0
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylon.com/?affID=116775 ... df9ae0f6f0
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: (Enabled) = C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_1\npBP4FUpdater.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_1\BP4FUpdater.exe
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: FB Refresh = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlfdaajmclngiomogmleihllaejcnni\2.0.1_0\
CHR - Extension: YouTube = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Nanny for Google Chrome (TM) = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno\0.993_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: FB Refresh = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlfdaajmclngiomogmleihllaejcnni\2.0.1_0\
CHR - Extension: YouTube = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Nanny for Google Chrome (TM) = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno\0.993_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/12/28 02:05:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HamaKMCONFIG] C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000..\Run: [Facebook Update] C:\Users\Ondřej\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue otshot Installation.lnk = C:\Users\Ondřej\Downloads\Otshot_installer71.exe ()
O4 - Startup: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CEB64E4-F1A2-4BFD-B637-74B9BDF96252}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A62C7B8E-EBFD-4043-86A5-70CB3C2ECB84}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 14 Days ==========
[2012/12/28 12:28:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/28 12:28:42 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2012/12/28 12:12:48 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/12/28 01:51:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/12/28 01:51:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/12/28 01:51:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/12/28 01:51:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/28 01:51:22 | 000,000,000 | ---D | C] -- \Qoobox
[2012/12/28 01:51:03 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/12/28 01:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/28 01:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/28 01:20:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/12/28 01:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/28 01:20:09 | 000,000,000 | ---D | C] -- C:\Users\Ondřej\AppData\Local\Programs
Re: Facebook vir SSL/TSL poštovní klient a jeho vypnutí
[2012/12/27 19:40:05 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll
[2012/12/27 19:40:05 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2012/12/27 19:40:05 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2012/12/27 19:40:03 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_41.dll
[2012/12/27 19:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura
[2012/12/27 19:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura
[2012/12/27 19:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
[2012/12/27 19:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura
[2012/12/26 19:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2012/12/26 19:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2012/12/26 11:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
[2012/12/21 22:39:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/21 22:39:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/21 22:39:19 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/21 22:39:19 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/19 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/12/18 21:42:58 | 000,000,000 | ---D | C] -- C:\Users\Ondřej\AppData\Local\CRE
[2012/12/18 21:42:56 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012/12/18 21:42:56 | 000,000,000 | ---D | C] -- \Mozilla
[2012/12/16 02:32:15 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2012/12/15 22:44:45 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmGCDeps.dll
[2012/12/15 22:44:45 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmWmiPl.dll
[2012/12/15 22:44:45 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAuto.dll
[2012/12/15 22:44:45 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrscmd.dll
[2012/12/15 22:44:45 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wevtfwd.dll
[2012/12/15 22:44:45 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wecutil.exe
[2012/12/15 22:44:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wecapi.dll
[2012/12/15 22:44:45 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmRes.dll
[2012/12/15 22:44:45 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSManMigrationPlugin.dll
[2012/12/15 22:44:45 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pwrshplugin.dll
[2012/12/15 22:44:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrs.exe
[2012/12/15 22:44:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsmprovhost.exe
[2012/12/15 22:44:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSManHTTPConfig.exe
[2012/12/15 22:44:45 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAgent.dll
[2012/12/15 22:44:45 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrshost.exe
[2012/12/15 22:44:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsmplpxy.dll
[2012/12/15 22:44:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrssrv.dll
[2012/12/15 22:44:45 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrsmgr.dll
[2012/12/15 22:44:36 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmGCDeps.dll
[2012/12/15 22:44:36 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wbemcomn2.dll
[2012/12/15 22:44:36 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wbemcomn2.dll
[2012/12/15 22:44:36 | 000,309,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmWmiPl.dll
[2012/12/15 22:44:36 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\framedynos.dll
[2012/12/15 22:44:36 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\framedyn.dll
[2012/12/15 22:44:36 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\miutils.dll
[2012/12/15 22:44:36 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmitomi.dll
[2012/12/15 22:44:36 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\framedynos.dll
[2012/12/15 22:44:36 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\framedyn.dll
[2012/12/15 22:44:36 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\miutils.dll
[2012/12/15 22:44:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmidcom.dll
[2012/12/15 22:44:36 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmAuto.dll
[2012/12/15 22:44:36 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmitomi.dll
[2012/12/15 22:44:36 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmidcom.dll
[2012/12/15 22:44:36 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wevtfwd.dll
[2012/12/15 22:44:36 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrscmd.dll
[2012/12/15 22:44:36 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mi.dll
[2012/12/15 22:44:36 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wecutil.exe
[2012/12/15 22:44:36 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mi.dll
[2012/12/15 22:44:36 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wecapi.dll
[2012/12/15 22:44:36 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prvdmofcomp.dll
[2012/12/15 22:44:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSManMigrationPlugin.dll
[2012/12/15 22:44:36 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmRes.dll
[2012/12/15 22:44:36 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prvdmofcomp.dll
[2012/12/15 22:44:36 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pwrshplugin.dll
[2012/12/15 22:44:36 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncobjapi.dll
[2012/12/15 22:44:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PSModuleDiscoveryProvider.dll
[2012/12/15 22:44:36 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrs.exe
[2012/12/15 22:44:36 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncobjapi.dll
[2012/12/15 22:44:36 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012/12/15 22:44:36 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsmprovhost.exe
[2012/12/15 22:44:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSManHTTPConfig.exe
[2012/12/15 22:44:36 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmAgent.dll
[2012/12/15 22:44:36 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrshost.exe
[2012/12/15 22:44:36 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsmplpxy.dll
[2012/12/15 22:44:36 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Register-CimProvider.exe
[2012/12/15 22:44:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrssrv.dll
[2012/12/15 22:44:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Register-CimProvider.exe
[2012/12/15 22:44:36 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrsmgr.dll
[2012/12/14 21:52:21 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2012/12/14 21:52:21 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2012/12/14 21:52:21 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2012/12/14 21:52:21 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2012/12/14 21:52:18 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2012/12/14 21:52:18 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2012/12/14 21:52:17 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2012/12/14 21:52:17 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2012/12/14 21:52:15 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2012/12/14 21:52:15 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2012/12/14 21:52:15 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2012/12/14 21:52:15 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2012/12/14 21:52:12 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2012/12/14 21:52:12 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2012/12/14 21:52:07 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2012/12/14 21:52:07 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2012/12/14 21:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/12/14 21:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2012/12/28 12:58:53 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/12/28 12:40:00 | 000,000,914 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/28 12:35:33 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/28 12:35:33 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/28 12:34:25 | 001,577,410 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/28 12:34:25 | 000,666,656 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2012/12/28 12:34:25 | 000,652,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/28 12:34:25 | 000,140,320 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2012/12/28 12:34:25 | 000,121,292 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/28 12:28:55 | 000,358,257 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/12/28 12:28:29 | 000,000,962 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/28 12:27:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/28 12:27:31 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/28 12:24:00 | 000,000,966 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/28 02:25:47 | 000,000,501 | ---- | M] () -- C:\Users\Ondřej\Desktop\ComboFix.lnk
[2012/12/28 02:05:02 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/12/28 01:20:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/23 10:40:00 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat
[2012/12/22 19:21:14 | 004,956,368 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/15 22:44:45 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WsmGCDeps.dll
[2012/12/15 22:44:45 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WsmWmiPl.dll
[2012/12/15 22:44:45 | 000,204,105 | ---- | M] () -- C:\windows\SysWow64\winrm.vbs
[2012/12/15 22:44:45 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAuto.dll
[2012/12/15 22:44:45 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\winrscmd.dll
[2012/12/15 22:44:45 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wevtfwd.dll
[2012/12/15 22:44:45 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wecutil.exe
[2012/12/15 22:44:45 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wecapi.dll
[2012/12/15 22:44:45 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WsmRes.dll
[2012/12/15 22:44:45 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WSManMigrationPlugin.dll
[2012/12/15 22:44:45 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pwrshplugin.dll
[2012/12/15 22:44:45 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\winrs.exe
[2012/12/15 22:44:45 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wsmprovhost.exe
[2012/12/15 22:44:45 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WSManHTTPConfig.exe
[2012/12/15 22:44:45 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAgent.dll
[2012/12/15 22:44:45 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\winrshost.exe
[2012/12/15 22:44:45 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wsmplpxy.dll
[2012/12/15 22:44:45 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\winrssrv.dll
[2012/12/15 22:44:45 | 000,004,675 | ---- | M] () -- C:\windows\SysWow64\wsmanconfig_schema.xml
[2012/12/15 22:44:45 | 000,001,536 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\winrsmgr.dll
[2012/12/15 22:44:36 | 000,630,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WsmGCDeps.dll
[2012/12/15 22:44:36 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wbemcomn2.dll
[2012/12/15 22:44:36 | 000,382,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wbemcomn2.dll
[2012/12/15 22:44:36 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WsmWmiPl.dll
[2012/12/15 22:44:36 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\framedynos.dll
[2012/12/15 22:44:36 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\framedyn.dll
[2012/12/15 22:44:36 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\miutils.dll
[2012/12/15 22:44:36 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wmitomi.dll
[2012/12/15 22:44:36 | 000,204,105 | ---- | M] () -- C:\windows\SysNative\winrm.vbs
[2012/12/15 22:44:36 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\framedynos.dll
[2012/12/15 22:44:36 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\framedyn.dll
[2012/12/15 22:44:36 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\miutils.dll
[2012/12/15 22:44:36 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wmidcom.dll
[2012/12/15 22:44:36 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WsmAuto.dll
[2012/12/15 22:44:36 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wmitomi.dll
[2012/12/15 22:44:36 | 000,124,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wmidcom.dll
[2012/12/15 22:44:36 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wevtfwd.dll
[2012/12/15 22:44:36 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winrscmd.dll
[2012/12/15 22:44:36 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mi.dll
[2012/12/15 22:44:36 | 000,105,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wecutil.exe
[2012/12/15 22:44:36 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mi.dll
[2012/12/15 22:44:36 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wecapi.dll
[2012/12/15 22:44:36 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\prvdmofcomp.dll
[2012/12/15 22:44:36 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WSManMigrationPlugin.dll
[2012/12/15 22:44:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WsmRes.dll
[2012/12/15 22:44:36 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\prvdmofcomp.dll
[2012/12/15 22:44:36 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pwrshplugin.dll
[2012/12/15 22:44:36 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ncobjapi.dll
[2012/12/15 22:44:36 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\PSModuleDiscoveryProvider.dll
[2012/12/15 22:44:36 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winrs.exe
[2012/12/15 22:44:36 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ncobjapi.dll
[2012/12/15 22:44:36 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012/12/15 22:44:36 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wsmprovhost.exe
[2012/12/15 22:44:36 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WSManHTTPConfig.exe
[2012/12/15 22:44:36 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WsmAgent.dll
[2012/12/15 22:44:36 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winrshost.exe
[2012/12/15 22:44:36 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wsmplpxy.dll
[2012/12/15 22:44:36 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\Register-CimProvider.exe
[2012/12/15 22:44:36 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winrssrv.dll
[2012/12/15 22:44:36 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Register-CimProvider.exe
[2012/12/15 22:44:36 | 000,004,675 | ---- | M] () -- C:\windows\SysNative\wsmanconfig_schema.xml
[2012/12/15 22:44:36 | 000,004,148 | ---- | M] () -- C:\windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/15 22:44:36 | 000,001,536 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winrsmgr.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/28 02:25:47 | 000,000,501 | ---- | C] () -- C:\Users\Ondřej\Desktop\ComboFix.lnk
[2012/12/28 01:51:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/12/28 01:51:28 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/12/28 01:51:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/12/28 01:51:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/12/28 01:51:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/12/28 01:20:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/23 10:40:00 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat
[2012/12/23 10:40:00 | 000,006,576 | ---- | C] () -- \bootsqm.dat
[2012/12/15 22:44:45 | 000,204,105 | ---- | C] () -- C:\windows\SysWow64\winrm.vbs
[2012/12/15 22:44:45 | 000,004,675 | ---- | C] () -- C:\windows\SysWow64\wsmanconfig_schema.xml
[2012/12/15 22:44:36 | 000,204,105 | ---- | C] () -- C:\windows\SysNative\winrm.vbs
[2012/12/15 22:44:36 | 000,004,675 | ---- | C] () -- C:\windows\SysNative\wsmanconfig_schema.xml
[2012/12/15 22:44:36 | 000,004,148 | ---- | C] () -- C:\windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/15 17:26:25 | 004,956,368 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/20 15:23:19 | 000,000,736 | ---- | C] () -- C:\ProgramData\profile.xml
[2012/08/20 15:10:48 | 000,016,648 | ---- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2012/08/19 23:53:42 | 000,007,680 | ---- | C] () -- C:\Users\Ondřej\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/25 19:26:12 | 000,001,495 | ---- | C] () -- \user.js
[2012/02/11 10:40:06 | 001,604,058 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/24 19:47:30 | 000,001,258 | RHS- | C] () -- C:\Users\Ondřej\ntuser.pol
[2012/01/01 19:15:53 | 000,234,768 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/01/01 19:15:48 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011/12/14 00:35:33 | 2103,332,863 | -HS- | C] () -- \hiberfil.sys
[2011/09/27 15:39:24 | 004,122,624 | ---- | C] () -- C:\windows\SysWow64\x264vfw.dll
[2011/09/25 17:56:26 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll
[2011/08/23 19:58:26 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/08/23 19:58:26 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/08/23 19:43:20 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/08/23 19:43:20 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/08/23 19:43:20 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/08/23 19:43:20 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/08/23 19:43:16 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/08/23 19:33:32 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe
[2011/08/23 19:33:32 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2011/08/23 19:33:32 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini
[2011/08/23 19:33:32 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini
[2011/08/23 19:33:32 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini
[2011/08/23 19:33:32 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini
[2011/08/23 19:28:56 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/08/23 19:20:32 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/08/23 19:18:14 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011/08/23 19:16:46 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/08/23 19:13:52 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/08/23 19:13:51 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/08/23 19:13:51 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/07/12 16:56:50 | 000,074,752 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011/01/04 14:28:18 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2007/11/07 07:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI
[2007/11/07 07:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab
[2007/11/07 07:03:18 | 000,097,296 | ---- | C] () -- \install.res.1036.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | C] () -- \install.res.3082.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | C] () -- \install.res.1031.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | C] () -- \install.res.1040.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | C] () -- \install.res.1033.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | C] () -- \install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | C] () -- \install.res.1042.dll
[2007/11/07 07:03:18 | 000,076,304 | ---- | C] () -- \install.res.1028.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | C] () -- \install.res.2052.dll
[2007/11/07 07:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp
[2007/11/07 07:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini
[2007/11/07 07:00:40 | 000,000,843 | ---- | C] () -- \install.ini
[2006/12/01 22:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/12/15 22:44:36 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/15 22:44:36 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/12/15 22:44:36 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/09/16 16:35:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\APN
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012/05/14 17:59:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ask
[2012/10/08 14:58:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2012/12/13 20:30:15 | 000,000,000 | ---D | M] -- C:\Users\All Users\Babylon
[2012/04/19 12:45:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\boost_interprocess
[2012/08/19 18:28:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Conexant
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2012/12/27 23:15:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\Desura
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2012/08/21 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts
[2012/02/20 08:59:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Energy Management
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2012/11/25 18:52:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Hi-Rez Studios
[2012/12/26 19:32:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\ICQ
[2012/12/05 09:15:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\IObit
[2012/10/13 09:52:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\MAGIX
[2011/12/24 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nexon
[2011/12/24 20:35:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\NexonEU
[2012/10/26 13:35:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\NexonUS
[2011/08/23 19:50:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\OneKey Recovery
[2012/01/24 21:21:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\Partner
[2012/12/14 21:26:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\PMB Files
[2012/04/25 19:32:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe
[2012/04/28 23:52:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2012/09/15 16:23:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\Studio14Trial
[2012/12/28 01:02:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\Tarma Installer
[2012/12/28 00:18:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2012/12/28 12:29:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\VeriFace
[2012/04/28 23:52:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\Win7codecs
[2012/11/24 10:51:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\ZalmanInstaller_otshot
[2012/11/11 12:41:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\~Browser Manager
[2009/07/14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2011/08/23 19:50:52 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2011/08/23 19:37:47 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2012/12/28 02:13:27 | 000,000,000 | ---D | M] -- C:\Users\Ondrej\AppData
[2012/09/29 12:55:47 | 000,000,000 | ---D | M] -- C:\Users\Ondrej\Start Menu
[2012/05/10 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\Ondøej\AppData
[2012/04/17 22:08:08 | 000,000,000 | ---D | M] -- C:\Users\Ondøej\Videos
[2012/05/08 14:01:21 | 000,000,000 | ---D | M] -- C:\Users\Ondýej\AppData
[2012/12/13 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\.swt
[2011/12/13 23:40:58 | 000,000,000 | -H-D | M] -- C:\Users\Ondřej\AppData
[2012/08/21 10:51:21 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Contacts
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Data aplikací
[2012/12/28 13:04:42 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Desktop
[2012/12/10 23:35:55 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Documents
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Dokumenty
[2012/12/28 13:03:46 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Downloads
[2012/11/10 21:46:22 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\DSS DJ Data
[2012/10/10 13:44:11 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Favorites
[2012/08/21 10:51:22 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Links
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Local Settings
[2012/08/21 10:51:22 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Music
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Nabídka Start
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Okolní síť
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Okolní tiskárny
[2012/11/04 19:29:35 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\PC_Hot.Wheels.World.Race -(direct.play)-(ToeD)
[2012/09/15 16:48:04 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Pictures
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Poslední
[2012/08/21 10:51:22 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Saved Games
[2012/08/21 10:51:22 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Searches
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\SendTo
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Soubory cookie
[2012/11/10 21:52:14 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\Tracing
[2012/12/19 20:54:12 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Videos
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Šablony
[2012/12/28 02:16:21 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2012/12/28 01:20:22 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2012/11/10 21:26:35 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2012/04/17 19:55:33 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2012/04/28 23:52:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2012/04/28 23:52:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2012/04/28 12:35:25 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2012/04/28 23:52:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Users\All Users\Temp:D1B5B4F1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
[2012/12/27 19:40:05 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2012/12/27 19:40:05 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2012/12/27 19:40:03 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_41.dll
[2012/12/27 19:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura
[2012/12/27 19:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura
[2012/12/27 19:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
[2012/12/27 19:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura
[2012/12/26 19:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2012/12/26 19:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2012/12/26 11:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
[2012/12/21 22:39:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/21 22:39:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/21 22:39:19 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/21 22:39:19 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/19 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/12/18 21:42:58 | 000,000,000 | ---D | C] -- C:\Users\Ondřej\AppData\Local\CRE
[2012/12/18 21:42:56 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012/12/18 21:42:56 | 000,000,000 | ---D | C] -- \Mozilla
[2012/12/16 02:32:15 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2012/12/15 22:44:45 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmGCDeps.dll
[2012/12/15 22:44:45 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmWmiPl.dll
[2012/12/15 22:44:45 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAuto.dll
[2012/12/15 22:44:45 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrscmd.dll
[2012/12/15 22:44:45 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wevtfwd.dll
[2012/12/15 22:44:45 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wecutil.exe
[2012/12/15 22:44:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wecapi.dll
[2012/12/15 22:44:45 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmRes.dll
[2012/12/15 22:44:45 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSManMigrationPlugin.dll
[2012/12/15 22:44:45 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pwrshplugin.dll
[2012/12/15 22:44:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrs.exe
[2012/12/15 22:44:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsmprovhost.exe
[2012/12/15 22:44:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSManHTTPConfig.exe
[2012/12/15 22:44:45 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAgent.dll
[2012/12/15 22:44:45 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrshost.exe
[2012/12/15 22:44:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsmplpxy.dll
[2012/12/15 22:44:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrssrv.dll
[2012/12/15 22:44:45 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrsmgr.dll
[2012/12/15 22:44:36 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmGCDeps.dll
[2012/12/15 22:44:36 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wbemcomn2.dll
[2012/12/15 22:44:36 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wbemcomn2.dll
[2012/12/15 22:44:36 | 000,309,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmWmiPl.dll
[2012/12/15 22:44:36 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\framedynos.dll
[2012/12/15 22:44:36 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\framedyn.dll
[2012/12/15 22:44:36 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\miutils.dll
[2012/12/15 22:44:36 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmitomi.dll
[2012/12/15 22:44:36 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\framedynos.dll
[2012/12/15 22:44:36 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\framedyn.dll
[2012/12/15 22:44:36 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\miutils.dll
[2012/12/15 22:44:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmidcom.dll
[2012/12/15 22:44:36 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmAuto.dll
[2012/12/15 22:44:36 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmitomi.dll
[2012/12/15 22:44:36 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmidcom.dll
[2012/12/15 22:44:36 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wevtfwd.dll
[2012/12/15 22:44:36 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrscmd.dll
[2012/12/15 22:44:36 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mi.dll
[2012/12/15 22:44:36 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wecutil.exe
[2012/12/15 22:44:36 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mi.dll
[2012/12/15 22:44:36 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wecapi.dll
[2012/12/15 22:44:36 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prvdmofcomp.dll
[2012/12/15 22:44:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSManMigrationPlugin.dll
[2012/12/15 22:44:36 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmRes.dll
[2012/12/15 22:44:36 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prvdmofcomp.dll
[2012/12/15 22:44:36 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pwrshplugin.dll
[2012/12/15 22:44:36 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncobjapi.dll
[2012/12/15 22:44:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PSModuleDiscoveryProvider.dll
[2012/12/15 22:44:36 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrs.exe
[2012/12/15 22:44:36 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncobjapi.dll
[2012/12/15 22:44:36 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012/12/15 22:44:36 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsmprovhost.exe
[2012/12/15 22:44:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSManHTTPConfig.exe
[2012/12/15 22:44:36 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmAgent.dll
[2012/12/15 22:44:36 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrshost.exe
[2012/12/15 22:44:36 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsmplpxy.dll
[2012/12/15 22:44:36 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Register-CimProvider.exe
[2012/12/15 22:44:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrssrv.dll
[2012/12/15 22:44:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Register-CimProvider.exe
[2012/12/15 22:44:36 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrsmgr.dll
[2012/12/14 21:52:21 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2012/12/14 21:52:21 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2012/12/14 21:52:21 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2012/12/14 21:52:21 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2012/12/14 21:52:18 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2012/12/14 21:52:18 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2012/12/14 21:52:17 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2012/12/14 21:52:17 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2012/12/14 21:52:15 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2012/12/14 21:52:15 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2012/12/14 21:52:15 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2012/12/14 21:52:15 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2012/12/14 21:52:12 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2012/12/14 21:52:12 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2012/12/14 21:52:07 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2012/12/14 21:52:07 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2012/12/14 21:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/12/14 21:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2012/12/28 12:58:53 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/12/28 12:40:00 | 000,000,914 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/28 12:35:33 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/28 12:35:33 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/28 12:34:25 | 001,577,410 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/28 12:34:25 | 000,666,656 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2012/12/28 12:34:25 | 000,652,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/28 12:34:25 | 000,140,320 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2012/12/28 12:34:25 | 000,121,292 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/28 12:28:55 | 000,358,257 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/12/28 12:28:29 | 000,000,962 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/28 12:27:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/28 12:27:31 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/28 12:24:00 | 000,000,966 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/28 02:25:47 | 000,000,501 | ---- | M] () -- C:\Users\Ondřej\Desktop\ComboFix.lnk
[2012/12/28 02:05:02 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/12/28 01:20:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/23 10:40:00 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat
[2012/12/22 19:21:14 | 004,956,368 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/15 22:44:45 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WsmGCDeps.dll
[2012/12/15 22:44:45 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WsmWmiPl.dll
[2012/12/15 22:44:45 | 000,204,105 | ---- | M] () -- C:\windows\SysWow64\winrm.vbs
[2012/12/15 22:44:45 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAuto.dll
[2012/12/15 22:44:45 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\winrscmd.dll
[2012/12/15 22:44:45 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wevtfwd.dll
[2012/12/15 22:44:45 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wecutil.exe
[2012/12/15 22:44:45 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wecapi.dll
[2012/12/15 22:44:45 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WsmRes.dll
[2012/12/15 22:44:45 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WSManMigrationPlugin.dll
[2012/12/15 22:44:45 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pwrshplugin.dll
[2012/12/15 22:44:45 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\winrs.exe
[2012/12/15 22:44:45 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wsmprovhost.exe
[2012/12/15 22:44:45 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WSManHTTPConfig.exe
[2012/12/15 22:44:45 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAgent.dll
[2012/12/15 22:44:45 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\winrshost.exe
[2012/12/15 22:44:45 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wsmplpxy.dll
[2012/12/15 22:44:45 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\winrssrv.dll
[2012/12/15 22:44:45 | 000,004,675 | ---- | M] () -- C:\windows\SysWow64\wsmanconfig_schema.xml
[2012/12/15 22:44:45 | 000,001,536 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\winrsmgr.dll
[2012/12/15 22:44:36 | 000,630,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WsmGCDeps.dll
[2012/12/15 22:44:36 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wbemcomn2.dll
[2012/12/15 22:44:36 | 000,382,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wbemcomn2.dll
[2012/12/15 22:44:36 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WsmWmiPl.dll
[2012/12/15 22:44:36 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\framedynos.dll
[2012/12/15 22:44:36 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\framedyn.dll
[2012/12/15 22:44:36 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\miutils.dll
[2012/12/15 22:44:36 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wmitomi.dll
[2012/12/15 22:44:36 | 000,204,105 | ---- | M] () -- C:\windows\SysNative\winrm.vbs
[2012/12/15 22:44:36 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\framedynos.dll
[2012/12/15 22:44:36 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\framedyn.dll
[2012/12/15 22:44:36 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\miutils.dll
[2012/12/15 22:44:36 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wmidcom.dll
[2012/12/15 22:44:36 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WsmAuto.dll
[2012/12/15 22:44:36 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wmitomi.dll
[2012/12/15 22:44:36 | 000,124,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wmidcom.dll
[2012/12/15 22:44:36 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wevtfwd.dll
[2012/12/15 22:44:36 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winrscmd.dll
[2012/12/15 22:44:36 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mi.dll
[2012/12/15 22:44:36 | 000,105,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wecutil.exe
[2012/12/15 22:44:36 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mi.dll
[2012/12/15 22:44:36 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wecapi.dll
[2012/12/15 22:44:36 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\prvdmofcomp.dll
[2012/12/15 22:44:36 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WSManMigrationPlugin.dll
[2012/12/15 22:44:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WsmRes.dll
[2012/12/15 22:44:36 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\prvdmofcomp.dll
[2012/12/15 22:44:36 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pwrshplugin.dll
[2012/12/15 22:44:36 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ncobjapi.dll
[2012/12/15 22:44:36 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\PSModuleDiscoveryProvider.dll
[2012/12/15 22:44:36 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winrs.exe
[2012/12/15 22:44:36 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ncobjapi.dll
[2012/12/15 22:44:36 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012/12/15 22:44:36 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wsmprovhost.exe
[2012/12/15 22:44:36 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WSManHTTPConfig.exe
[2012/12/15 22:44:36 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WsmAgent.dll
[2012/12/15 22:44:36 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winrshost.exe
[2012/12/15 22:44:36 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wsmplpxy.dll
[2012/12/15 22:44:36 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\Register-CimProvider.exe
[2012/12/15 22:44:36 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winrssrv.dll
[2012/12/15 22:44:36 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\Register-CimProvider.exe
[2012/12/15 22:44:36 | 000,004,675 | ---- | M] () -- C:\windows\SysNative\wsmanconfig_schema.xml
[2012/12/15 22:44:36 | 000,004,148 | ---- | M] () -- C:\windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/15 22:44:36 | 000,001,536 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winrsmgr.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/28 02:25:47 | 000,000,501 | ---- | C] () -- C:\Users\Ondřej\Desktop\ComboFix.lnk
[2012/12/28 01:51:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/12/28 01:51:28 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/12/28 01:51:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/12/28 01:51:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/12/28 01:51:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/12/28 01:20:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/23 10:40:00 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat
[2012/12/23 10:40:00 | 000,006,576 | ---- | C] () -- \bootsqm.dat
[2012/12/15 22:44:45 | 000,204,105 | ---- | C] () -- C:\windows\SysWow64\winrm.vbs
[2012/12/15 22:44:45 | 000,004,675 | ---- | C] () -- C:\windows\SysWow64\wsmanconfig_schema.xml
[2012/12/15 22:44:36 | 000,204,105 | ---- | C] () -- C:\windows\SysNative\winrm.vbs
[2012/12/15 22:44:36 | 000,004,675 | ---- | C] () -- C:\windows\SysNative\wsmanconfig_schema.xml
[2012/12/15 22:44:36 | 000,004,148 | ---- | C] () -- C:\windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/15 17:26:25 | 004,956,368 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/20 15:23:19 | 000,000,736 | ---- | C] () -- C:\ProgramData\profile.xml
[2012/08/20 15:10:48 | 000,016,648 | ---- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2012/08/19 23:53:42 | 000,007,680 | ---- | C] () -- C:\Users\Ondřej\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/25 19:26:12 | 000,001,495 | ---- | C] () -- \user.js
[2012/02/11 10:40:06 | 001,604,058 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/24 19:47:30 | 000,001,258 | RHS- | C] () -- C:\Users\Ondřej\ntuser.pol
[2012/01/01 19:15:53 | 000,234,768 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/01/01 19:15:48 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011/12/14 00:35:33 | 2103,332,863 | -HS- | C] () -- \hiberfil.sys
[2011/09/27 15:39:24 | 004,122,624 | ---- | C] () -- C:\windows\SysWow64\x264vfw.dll
[2011/09/25 17:56:26 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll
[2011/08/23 19:58:26 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/08/23 19:58:26 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/08/23 19:43:20 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/08/23 19:43:20 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/08/23 19:43:20 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/08/23 19:43:20 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/08/23 19:43:16 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/08/23 19:33:32 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe
[2011/08/23 19:33:32 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2011/08/23 19:33:32 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini
[2011/08/23 19:33:32 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini
[2011/08/23 19:33:32 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini
[2011/08/23 19:33:32 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini
[2011/08/23 19:28:56 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/08/23 19:20:32 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/08/23 19:18:14 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011/08/23 19:16:46 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/08/23 19:13:52 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/08/23 19:13:51 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/08/23 19:13:51 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/07/12 16:56:50 | 000,074,752 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011/01/04 14:28:18 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2007/11/07 07:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI
[2007/11/07 07:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab
[2007/11/07 07:03:18 | 000,097,296 | ---- | C] () -- \install.res.1036.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | C] () -- \install.res.3082.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | C] () -- \install.res.1031.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | C] () -- \install.res.1040.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | C] () -- \install.res.1033.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | C] () -- \install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | C] () -- \install.res.1042.dll
[2007/11/07 07:03:18 | 000,076,304 | ---- | C] () -- \install.res.1028.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | C] () -- \install.res.2052.dll
[2007/11/07 07:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp
[2007/11/07 07:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini
[2007/11/07 07:00:40 | 000,000,843 | ---- | C] () -- \install.ini
[2006/12/01 22:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/12/15 22:44:36 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/15 22:44:36 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/12/15 22:44:36 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/09/16 16:35:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\APN
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012/05/14 17:59:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ask
[2012/10/08 14:58:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2012/12/13 20:30:15 | 000,000,000 | ---D | M] -- C:\Users\All Users\Babylon
[2012/04/19 12:45:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\boost_interprocess
[2012/08/19 18:28:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Conexant
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2012/12/27 23:15:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\Desura
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2012/08/21 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts
[2012/02/20 08:59:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Energy Management
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2012/11/25 18:52:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Hi-Rez Studios
[2012/12/26 19:32:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\ICQ
[2012/12/05 09:15:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\IObit
[2012/10/13 09:52:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\MAGIX
[2011/12/24 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nexon
[2011/12/24 20:35:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\NexonEU
[2012/10/26 13:35:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\NexonUS
[2011/08/23 19:50:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\OneKey Recovery
[2012/01/24 21:21:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\Partner
[2012/12/14 21:26:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\PMB Files
[2012/04/25 19:32:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe
[2012/04/28 23:52:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2012/09/15 16:23:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\Studio14Trial
[2012/12/28 01:02:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\Tarma Installer
[2012/12/28 00:18:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2012/12/28 12:29:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\VeriFace
[2012/04/28 23:52:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\Win7codecs
[2012/11/24 10:51:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\ZalmanInstaller_otshot
[2012/11/11 12:41:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\~Browser Manager
[2009/07/14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2011/08/23 19:50:52 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2011/08/23 19:37:47 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2012/12/28 02:13:27 | 000,000,000 | ---D | M] -- C:\Users\Ondrej\AppData
[2012/09/29 12:55:47 | 000,000,000 | ---D | M] -- C:\Users\Ondrej\Start Menu
[2012/05/10 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\Ondøej\AppData
[2012/04/17 22:08:08 | 000,000,000 | ---D | M] -- C:\Users\Ondøej\Videos
[2012/05/08 14:01:21 | 000,000,000 | ---D | M] -- C:\Users\Ondýej\AppData
[2012/12/13 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\.swt
[2011/12/13 23:40:58 | 000,000,000 | -H-D | M] -- C:\Users\Ondřej\AppData
[2012/08/21 10:51:21 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Contacts
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Data aplikací
[2012/12/28 13:04:42 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Desktop
[2012/12/10 23:35:55 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Documents
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Dokumenty
[2012/12/28 13:03:46 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Downloads
[2012/11/10 21:46:22 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\DSS DJ Data
[2012/10/10 13:44:11 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Favorites
[2012/08/21 10:51:22 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Links
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Local Settings
[2012/08/21 10:51:22 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Music
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Nabídka Start
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Okolní síť
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Okolní tiskárny
[2012/11/04 19:29:35 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\PC_Hot.Wheels.World.Race -(direct.play)-(ToeD)
[2012/09/15 16:48:04 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Pictures
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Poslední
[2012/08/21 10:51:22 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Saved Games
[2012/08/21 10:51:22 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Searches
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\SendTo
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Soubory cookie
[2012/11/10 21:52:14 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\Tracing
[2012/12/19 20:54:12 | 000,000,000 | R--D | M] -- C:\Users\Ondřej\Videos
[2011/12/13 23:40:58 | 000,000,000 | -HSD | M] -- C:\Users\Ondřej\Šablony
[2012/12/28 02:16:21 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2012/12/28 01:20:22 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2012/11/10 21:26:35 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2012/04/17 19:55:33 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2012/04/28 23:52:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2012/04/28 23:52:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2012/04/28 12:35:25 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2012/04/28 23:52:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Users\All Users\Temp:D1B5B4F1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
Re: Facebook vir SSL/TSL poštovní klient a jeho vypnutí
Extras bude taky na dvě části:
OTL Extras logfile created on: 12/28/2012 1:09:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ondřej\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7.95 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 71.81% Memory free
15.89 Gb Paging File | 13.32 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 139.44 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.47 Gb Free Space | 91.29% Space Free | Partition Type: NTFS
Computer Name: ONDREJ-PC | User Name: Ondřej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
========== Extra Registry (All) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB773F9-015A-4636-972D-08542CBE4D95}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{12EB7708-4DBE-4CD6-BE16-76B371079DB6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{181EB47E-2E9B-4259-8938-0E8FE19A4E09}" = rport=139 | protocol=6 | dir=out | app=system |
"{29D5E169-9EB0-46D1-9CE5-7AAB18A07972}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B425979-BE5C-4054-9A35-1B063629C424}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D198271-9286-4F4B-BB47-B72E8D11E2E6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4194BC34-7805-4F4C-90FC-79B4D87FB720}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45634C62-EAB5-42DE-BF25-6E2D05A2EEF2}" = rport=445 | protocol=6 | dir=out | app=system |
"{4C0321F1-0584-4C43-9A3C-B8FA699458A7}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D42DFF5-3DC2-4CD6-92B8-F79C2192387A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{536A7566-50C3-4853-886A-F3A1F221FD5C}" = rport=138 | protocol=17 | dir=out | app=system |
"{58BE44AC-AAF0-4447-B751-40A6F5B9F00B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{61DDAA63-D2A1-4E3D-8691-CA3840431333}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7406AFEB-E591-4B90-BC4C-61F10BAFC0C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E0FEA32-D9BB-4F20-B16A-C08FBB1446F8}" = rport=137 | protocol=17 | dir=out | app=system |
"{8ADFAAFD-449F-4BCA-805B-AEF411E45CF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A29E023C-0CDB-4C5F-AC40-B8600C7F462F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2D970D2-99E8-4A15-A2DE-B3473F15BCDF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A399BB56-A4C5-45A4-948E-E3D775699CAD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A7F916D5-2290-4A50-833E-94DD6F98EC9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B88F6EE0-31AC-428D-8DA6-39AF3EB6D5CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF55E5D8-6D31-44E5-8599-899EE1707E0C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA0CC187-6DE9-4C23-97B6-605966A802B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF681A64-0A85-402F-B012-6E06DE6A10CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D06BB25B-8BF2-4F7B-B688-0F48C9787FDB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D16B5F45-521E-4E1B-BFCE-9865D245C37D}" = lport=445 | protocol=6 | dir=in | app=system |
"{D1CE5453-283F-4EE3-A306-9200DFCFCD01}" = lport=137 | protocol=17 | dir=in | app=system |
"{DE026DB5-0462-4260-B03F-C6E2D9368B67}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F076E441-5DFD-4F76-9740-2A7251FD87D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDA5D072-8721-40E7-846F-07715EA2BA15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE1824DB-6BC4-4BD9-8F22-29BEF5873852}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01561381-4F35-4D32-A09C-3C63BC3C651E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0523D510-27EB-4050-B5AB-DB721706233D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{0C6618F1-3DA0-4F6E-82F7-9E29B05057C2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0D673974-36D6-474D-A2BA-EE6E809B4133}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EB88F8C-36C7-45CC-8B8F-E0492F58DE1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10E82C6C-0CEF-4900-B736-7618F26B10CE}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{14C6ED5C-6E89-4AA2-84F1-0078FBB013F3}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"{15536839-5401-45C6-B1CA-305E4A1119FB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{155B8945-60FA-41FF-B5BB-E9F41BA5DDFC}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\appsvc.exe |
"{19292604-9791-45F6-BACE-576B9B79D096}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{1AEFB8C9-2148-4871-90E4-43D78E50A951}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{1D4CA1C2-BF2C-4078-819E-E0DB3107D845}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1E8876CB-06E0-485D-A1B9-BEA1123A0C60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{23C273FD-48C4-427B-BED4-53D8A363338C}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{26C44A1B-3366-45E6-8394-6118FFB01BD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28573CCF-8D8F-4BAB-881D-BE794C457EFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{32ABBCE8-6C1B-4383-9A7A-11278F7CCA88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{367339F2-1BF5-414B-B715-57CFBB396081}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CDE6B92-38C6-4C34-A39C-E87833BC6BBC}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{3E5D9034-94EF-4953-9C5D-E6DCDF7CB843}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{416DD1B6-438C-440C-9548-638702F9ABCC}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\readycomm.exe |
"{479D3096-7594-4F89-BF72-ADC86834CADF}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{49FD48D3-F6A5-4E65-9758-E4554A83E83D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4A03CF37-74C0-43BE-9689-943F39384A37}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{4D537014-2DDC-45DA-8173-176A974BA387}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{501AD5ED-55E6-47B2-AED0-A6586F1C0C0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52A82AA5-A1AE-4C50-A61C-E1398769A8FB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{53418A00-819A-4829-85CE-67AB81CE16A8}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{538B84F6-55F6-4740-A3F2-38B259C2915C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{554D8478-A34A-430A-A020-249A668ADDBF}" = protocol=6 | dir=out | app=system |
"{5707EFC1-694C-4509-9A95-1EE550F621EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5A90F32D-5796-4EE8-AA0F-C18356F3CBB3}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{606DBE54-C271-446B-86D8-94D5F285AA8D}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{611F4D1C-5885-481D-9F5B-510BA08AD602}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{66D80086-C704-46D4-B04F-8CDB36BB974D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{692221BC-87C8-4E30-8F99-D4EDFFCAD4DD}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{69CC11DE-ACEA-40DC-BB2F-F8F95A42819A}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\appsvc.exe |
"{6D95A0B8-CC58-41CF-A536-446C881C11F2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{718603E2-E26D-49FC-930A-2B19AE512410}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A08B3BE-B1C3-440B-B074-03E28D552E36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D658DE5-343A-4FFD-8921-46A44ADC2E75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{7E6480C0-5BB6-47E5-BB2D-D24F1572917B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{83A8F6B6-D411-47AE-A9F9-98E3604955A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{874CB004-EACA-4593-B73A-AFF8792F524F}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\connsvc.exe |
"{8834283A-9773-4980-B7A1-AC1555DC8233}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\connsvc.exe |
"{89047DE8-26FC-4E70-9553-4904F4CC2A27}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8DE95AA1-D913-44AB-8C2C-90840CD297D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
OTL Extras logfile created on: 12/28/2012 1:09:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ondřej\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7.95 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 71.81% Memory free
15.89 Gb Paging File | 13.32 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 139.44 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.47 Gb Free Space | 91.29% Space Free | Partition Type: NTFS
Computer Name: ONDREJ-PC | User Name: Ondřej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
========== Extra Registry (All) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB773F9-015A-4636-972D-08542CBE4D95}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{12EB7708-4DBE-4CD6-BE16-76B371079DB6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{181EB47E-2E9B-4259-8938-0E8FE19A4E09}" = rport=139 | protocol=6 | dir=out | app=system |
"{29D5E169-9EB0-46D1-9CE5-7AAB18A07972}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B425979-BE5C-4054-9A35-1B063629C424}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D198271-9286-4F4B-BB47-B72E8D11E2E6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4194BC34-7805-4F4C-90FC-79B4D87FB720}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45634C62-EAB5-42DE-BF25-6E2D05A2EEF2}" = rport=445 | protocol=6 | dir=out | app=system |
"{4C0321F1-0584-4C43-9A3C-B8FA699458A7}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D42DFF5-3DC2-4CD6-92B8-F79C2192387A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{536A7566-50C3-4853-886A-F3A1F221FD5C}" = rport=138 | protocol=17 | dir=out | app=system |
"{58BE44AC-AAF0-4447-B751-40A6F5B9F00B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{61DDAA63-D2A1-4E3D-8691-CA3840431333}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7406AFEB-E591-4B90-BC4C-61F10BAFC0C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E0FEA32-D9BB-4F20-B16A-C08FBB1446F8}" = rport=137 | protocol=17 | dir=out | app=system |
"{8ADFAAFD-449F-4BCA-805B-AEF411E45CF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A29E023C-0CDB-4C5F-AC40-B8600C7F462F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2D970D2-99E8-4A15-A2DE-B3473F15BCDF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A399BB56-A4C5-45A4-948E-E3D775699CAD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A7F916D5-2290-4A50-833E-94DD6F98EC9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B88F6EE0-31AC-428D-8DA6-39AF3EB6D5CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF55E5D8-6D31-44E5-8599-899EE1707E0C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA0CC187-6DE9-4C23-97B6-605966A802B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF681A64-0A85-402F-B012-6E06DE6A10CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D06BB25B-8BF2-4F7B-B688-0F48C9787FDB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D16B5F45-521E-4E1B-BFCE-9865D245C37D}" = lport=445 | protocol=6 | dir=in | app=system |
"{D1CE5453-283F-4EE3-A306-9200DFCFCD01}" = lport=137 | protocol=17 | dir=in | app=system |
"{DE026DB5-0462-4260-B03F-C6E2D9368B67}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F076E441-5DFD-4F76-9740-2A7251FD87D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDA5D072-8721-40E7-846F-07715EA2BA15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE1824DB-6BC4-4BD9-8F22-29BEF5873852}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01561381-4F35-4D32-A09C-3C63BC3C651E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0523D510-27EB-4050-B5AB-DB721706233D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{0C6618F1-3DA0-4F6E-82F7-9E29B05057C2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0D673974-36D6-474D-A2BA-EE6E809B4133}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EB88F8C-36C7-45CC-8B8F-E0492F58DE1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10E82C6C-0CEF-4900-B736-7618F26B10CE}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{14C6ED5C-6E89-4AA2-84F1-0078FBB013F3}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"{15536839-5401-45C6-B1CA-305E4A1119FB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{155B8945-60FA-41FF-B5BB-E9F41BA5DDFC}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\appsvc.exe |
"{19292604-9791-45F6-BACE-576B9B79D096}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{1AEFB8C9-2148-4871-90E4-43D78E50A951}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{1D4CA1C2-BF2C-4078-819E-E0DB3107D845}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1E8876CB-06E0-485D-A1B9-BEA1123A0C60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{23C273FD-48C4-427B-BED4-53D8A363338C}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{26C44A1B-3366-45E6-8394-6118FFB01BD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28573CCF-8D8F-4BAB-881D-BE794C457EFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{32ABBCE8-6C1B-4383-9A7A-11278F7CCA88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{367339F2-1BF5-414B-B715-57CFBB396081}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CDE6B92-38C6-4C34-A39C-E87833BC6BBC}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{3E5D9034-94EF-4953-9C5D-E6DCDF7CB843}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{416DD1B6-438C-440C-9548-638702F9ABCC}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\readycomm.exe |
"{479D3096-7594-4F89-BF72-ADC86834CADF}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{49FD48D3-F6A5-4E65-9758-E4554A83E83D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4A03CF37-74C0-43BE-9689-943F39384A37}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{4D537014-2DDC-45DA-8173-176A974BA387}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{501AD5ED-55E6-47B2-AED0-A6586F1C0C0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52A82AA5-A1AE-4C50-A61C-E1398769A8FB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{53418A00-819A-4829-85CE-67AB81CE16A8}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{538B84F6-55F6-4740-A3F2-38B259C2915C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{554D8478-A34A-430A-A020-249A668ADDBF}" = protocol=6 | dir=out | app=system |
"{5707EFC1-694C-4509-9A95-1EE550F621EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5A90F32D-5796-4EE8-AA0F-C18356F3CBB3}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{606DBE54-C271-446B-86D8-94D5F285AA8D}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{611F4D1C-5885-481D-9F5B-510BA08AD602}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{66D80086-C704-46D4-B04F-8CDB36BB974D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{692221BC-87C8-4E30-8F99-D4EDFFCAD4DD}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{69CC11DE-ACEA-40DC-BB2F-F8F95A42819A}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\appsvc.exe |
"{6D95A0B8-CC58-41CF-A536-446C881C11F2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{718603E2-E26D-49FC-930A-2B19AE512410}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A08B3BE-B1C3-440B-B074-03E28D552E36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D658DE5-343A-4FFD-8921-46A44ADC2E75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{7E6480C0-5BB6-47E5-BB2D-D24F1572917B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{83A8F6B6-D411-47AE-A9F9-98E3604955A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{874CB004-EACA-4593-B73A-AFF8792F524F}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\connsvc.exe |
"{8834283A-9773-4980-B7A1-AC1555DC8233}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\connsvc.exe |
"{89047DE8-26FC-4E70-9553-4904F4CC2A27}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8DE95AA1-D913-44AB-8C2C-90840CD297D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
Re: Facebook vir SSL/TSL poštovní klient a jeho vypnutí
"{8FC32AC4-FED2-4CA1-8F4B-8A144A4CA0CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{999DFB6A-5B99-490F-9543-43F9A77B7DF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AEB593D-CE7B-4AA5-B840-14C85B674027}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A0D6308B-96CE-400E-AC17-117290EB480A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A0E067C0-2A8D-441E-9636-B8CE0720BE9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{ABCF7A99-C4EA-478B-9A34-CE7278AA72D5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{AE229685-579C-4D81-981A-85BA74278CCC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B3BFE379-9472-4E89-B700-DBB9C059AA66}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B4C85A63-450B-4972-8EA4-70A8965B743F}" = dir=in | app=c:\users\ondřej\downloads\skypeportable\skypeportable\app\skype\phone\skype.exe |
"{BA4EDE30-FE8C-4C40-A364-3668E086B2D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C35A5E8F-7E36-46B6-BF91-C8BAD4412DD8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C4DE6F6F-32B1-4BD6-A6D8-A773F5CE8BA4}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{C549E2C1-3F5A-4CB5-B281-C28413C8944B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C560EF9D-0D9E-4656-9F97-E34EE816C732}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{CA195F56-1D87-4F4C-82C1-E7EBE08028F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CA953125-0EF8-49C5-B1A2-3B3FC449E7C3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DA2D176C-ADAE-4A00-B6B9-536C7A55740F}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{DBB88D70-224B-464E-BBE2-EE3D2A60B3F8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E271C686-2A49-42A8-8809-15230A947C50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{E57763FA-1EA0-4C1A-A554-962EA8D53E34}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{E6A0798E-6429-4F50-843B-EAF1680A4879}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E9768EC3-1152-4D1A-BF13-727B3E7D8228}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EB244606-BAF0-4199-BFDF-1EC1CB09D5E9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F15D64D4-0E09-4B5C-BF79-5A491D8C48A0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F5EE2BE6-DFCA-4AFF-B5BA-F7601C1656B4}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{F9065A15-7701-4805-B225-0308E6FC4B54}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"{F97CB49D-8B98-4BED-851D-06F66207CFB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0948F36D-BC19-45C1-BE8D-29F29C2ABC04}C:\program files (x86)\mk-games cliente 5.0 alpha 1.0\metin2client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mk-games cliente 5.0 alpha 1.0\metin2client.exe |
"TCP Query User{2AE31D47-9B03-4E93-911E-679AF497537D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{3BD712E9-D296-48C5-BC9C-E71236C294BF}C:\program files (x86)\quadcorem2\pack\core.bin" = protocol=6 | dir=in | app=c:\program files (x86)\quadcorem2\pack\core.bin |
"TCP Query User{3C3654F3-0D75-4327-B55C-7709538B3869}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{5C2E9644-318C-415C-8556-2FEE9F96AFAE}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{6CA6232B-01AF-4330-A3AA-6475DFBCA8E6}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{72B677DD-0DA9-4AC7-8E3B-F74B384FEB1D}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{83E6F050-A6BB-4FD7-BAF0-F7799025CDCE}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{A1148C19-480D-4329-978B-6A2C5821F4F3}C:\program files (x86)\quadcorem2\pack\core.bin" = protocol=6 | dir=in | app=c:\program files (x86)\quadcorem2\pack\core.bin |
"TCP Query User{B6CD9420-829E-4F69-80C2-533E9F3D5632}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{DB957E22-BFF3-4233-B4BB-EBB1F7006ABD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{F52FC2E0-4C63-4DE6-994E-FAEEBC0B9CC7}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{1D3A9273-CFBD-4567-873C-056E83767E96}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{28A084B2-F935-4A3F-8382-7F38AAFA77BF}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{3EE3C88F-3B62-4398-BD64-A91295D6838A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{407370D0-1DC7-4B0F-A18E-B590B0A468CA}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{6371196A-4B0A-4191-A456-1E8760EB5959}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{640734E7-349D-4984-A7EA-79587B0EA0D3}C:\program files (x86)\quadcorem2\pack\core.bin" = protocol=17 | dir=in | app=c:\program files (x86)\quadcorem2\pack\core.bin |
"UDP Query User{77F02739-F10D-487B-9C0B-9427341D84BF}C:\program files (x86)\quadcorem2\pack\core.bin" = protocol=17 | dir=in | app=c:\program files (x86)\quadcorem2\pack\core.bin |
"UDP Query User{9287081C-1BDA-49B5-88D0-9A87260226B8}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{A0468A90-1D9E-4BA1-B18C-BC30362A8328}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{A0640D90-432D-47DD-B813-FE43808FFC1B}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{AE18200A-C126-4CBA-B222-3823A6A7A954}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{F1CBE9B9-7094-49DC-9CFA-DC92A80D1001}C:\program files (x86)\mk-games cliente 5.0 alpha 1.0\metin2client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mk-games cliente 5.0 alpha 1.0\metin2client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2A21DA0C-F50D-DF54-70AD-C0826158FBF2}" = ccc-utility64
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6502B973-9DB9-683F-2BE3-4B83F54F78FF}" = WMV9/VC-1 Video Playback
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A324DC11-FF02-3CE8-9D6F-67EBC006D970}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3E6E2B5-DEB5-235A-4999-4D424C11788B}" = ATI Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client CS-CZ Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0389A677-241F-6EEC-54B0-2D07F620776E}" = Catalyst Control Center Localization All
"{03D98FB6-0E27-5614-864A-961248BD89E8}" = CCC Help Danish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{19555808-AF6B-9E99-366C-A2D8C6FB3D07}" = CCC Help English
"{19643FA2-3DDD-1C05-A474-E4FB28638F65}" = Catalyst Control Center InstallProxy
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{271B24E3-1505-B13A-BF3E-282CF0C54B68}" = PX Profile Update
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29172463-C766-9812-F399-82380F03761A}" = CCC Help Korean
"{2E6D4F14-C94C-758B-46E4-9AD21852108F}" = CCC Help Portuguese
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3DBFE2A1-945C-9F14-17F6-1F74CB4F82A5}" = CCC Help Japanese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4504861F-2770-D8F2-F0B1-B723FADF315F}" = CCC Help Polish
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Mazlíčci
"{50210E48-FB67-0045-3853-C3FBEB470127}" = CCC Help French
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{5035C1F3-6147-3C83-3C39-37B6DBDAC163}" = CCC Help Thai
"{5148E9E4-312A-4B18-A007-777348932321}" = Hama Keyboard and Mouse driver V6.0
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Pro Teenagery Kolekce
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F1DD61A-0C22-E924-3A81-DFFCC14A5A97}" = CCC Help Russian
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Koupelny a kuchyně Interiérový design Kolekce
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A2BF2A-E7E5-BA48-7525-02BD5B7425C7}" = CCC Help Chinese Standard
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{744C5097-94C7-DE34-5B1F-43EDFDBD5E35}" = CCC Help Dutch
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{795062B9-1B7A-7ACA-1C7D-7B3D61F4116A}" = ccc-core-static
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D5B0DA2-9AAE-3ADF-B692-685EA3DC64C6}" = CCC Help Italian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC173F3-DBEC-ED42-68EF-49BCB95FC49F}" = CCC Help Swedish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_HOMESTUDENTR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_HOMESTUDENTR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_HOMESTUDENTR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96A84750-A54D-C7C3-44AA-5C28C36C5640}" = CCC Help German
"{96B17AEC-9C54-0969-5613-4C9B33BFEAFF}" = CCC Help Chinese Traditional
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994359E8-D614-4CC6-84DB-415C27D2BA12}" = MAGIX Screenshare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1751DF-188D-591B-3887-1825F597007A}" = CCC Help Spanish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A44B2324-CB46-A9F9-7FDC-7FD087AEC7FC}" = Catalyst Control Center Profiles Mobile
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B34E1065-711C-7B9E-C77D-9E071DAAFC31}" = CCC Help Finnish
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA0F92C2-2012-0AF0-A2CE-62E220A0AF06}" = CCC Help Hungarian
"{BCFC4789-7C5E-B050-CBB1-8C6CA46990A8}" = CCC Help Greek
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C72D7008-266D-4DD8-BF3C-296B736127F6}" = Mafia
"{CCB6DF61-A144-02B4-EDC7-D7478AF7B27D}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF5B650A-3F45-4DEF-90B7-5AC4893CED28}" = QuadCoreM2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7FC3EAE-C6D8-92D1-B065-29DECFD5A8E7}" = Catalyst Control Center Graphics Previews Common
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBCB66BD-328F-421C-96BA-8E66C7B69336}" = MAGIX Speed burnR (MSI)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{f168afc5-b8c9-4165-a23e-e3ea1be5531e}_is1" = Psi Ops
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Noční život
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8B2AA7F-956F-D943-F1C0-42843041B108}" = CCC Help Czech
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FC2C6FBD-01DC-36D8-5F4B-7033B00C9963}" = CCC Help Turkish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 2.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"AIMP3" = AIMP3
"aTube Catcher" = aTube Catcher
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Arms EU" = Combat Arms EU
"Desura" = Desura
"DivX Setup" = DivX Setup
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5148E9E4-312A-4B18-A007-777348932321}" = Hama Keyboard and Mouse driver V6.0
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Kolaveri FB Chat" = Kolaveri FB Chat
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.70.0.1100
"MK-Games Cliente 5.0 Alpha 1.0" = MK-Games Cliente 5.0 Alpha 1.0
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Steam App 17080" = Tribes: Ascend
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 50130" = Mafia II
"Steam App 550" = Left 4 Dead 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VeriFace" = VeriFace
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Your Product1.0" = Your Product
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoArtist 2" = BenVista PhotoArtist 2.0.6
"QuadCoreM2" = QuadCoreM2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
[ Media Center Events ]
Error - 5/5/2012 10:02:17 AM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 16:02:11 - Chyba při připojování k Internetu 16:02:11 - Nelze kontaktovat
server..
Error - 5/5/2012 11:05:40 AM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 17:05:40 - Chyba při připojování k Internetu 17:05:40 - Nelze kontaktovat
server..
Error - 5/5/2012 11:05:45 AM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 17:05:45 - Chyba při připojování k Internetu 17:05:45 - Nelze kontaktovat
server..
Error - 8/20/2012 12:17:30 PM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 18:17:30 - Chyba při připojování k Internetu 18:17:30 - Nelze kontaktovat
server..
Error - 8/20/2012 12:17:41 PM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 18:17:35 - Chyba při připojování k Internetu 18:17:35 - Nelze kontaktovat
server..
Error - 9/9/2012 6:25:10 AM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 12:25:10 - Chyba při připojování k Internetu 12:25:10 - Nelze kontaktovat
server..
Error - 9/9/2012 6:25:22 AM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 12:25:16 - Chyba při připojování k Internetu 12:25:16 - Nelze kontaktovat
server..
Error - 9/9/2012 12:39:24 PM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 18:39:24 - Chyba při připojování k Internetu 18:39:24 - Nelze kontaktovat
server..
Error - 9/9/2012 12:39:33 PM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 18:39:29 - Chyba při připojování k Internetu 18:39:29 - Nelze kontaktovat
server..
Error - 9/25/2012 2:14:09 PM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 20:14:08 - Chyba při připojování k Internetu 20:14:08 - Nelze kontaktovat
server..
[ System Events ]
Error - 12/27/2012 8:56:00 PM | Computer Name = Ondřej-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12/27/2012 8:58:58 PM | Computer Name = Ondřej-PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.
Error - 12/27/2012 9:02:25 PM | Computer Name = Ondřej-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12/27/2012 9:06:39 PM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7000
Description = Služba ReadyComm.DirectRouter neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 12/27/2012 9:25:19 PM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7000
Description = Služba ReadyComm.DirectRouter neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 12/28/2012 6:58:38 AM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7000
Description = Služba ReadyComm.DirectRouter neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 12/28/2012 7:03:02 AM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7034
Description = Služba Skype C2C Service byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 12/28/2012 7:08:53 AM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12/28/2012 7:11:19 AM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12/28/2012 7:30:26 AM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7000
Description = Služba ReadyComm.DirectRouter neuspěla při spuštění v důsledku následující
chyby: %%2
< End of report >
"{999DFB6A-5B99-490F-9543-43F9A77B7DF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AEB593D-CE7B-4AA5-B840-14C85B674027}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A0D6308B-96CE-400E-AC17-117290EB480A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A0E067C0-2A8D-441E-9636-B8CE0720BE9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{ABCF7A99-C4EA-478B-9A34-CE7278AA72D5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{AE229685-579C-4D81-981A-85BA74278CCC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B3BFE379-9472-4E89-B700-DBB9C059AA66}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B4C85A63-450B-4972-8EA4-70A8965B743F}" = dir=in | app=c:\users\ondřej\downloads\skypeportable\skypeportable\app\skype\phone\skype.exe |
"{BA4EDE30-FE8C-4C40-A364-3668E086B2D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C35A5E8F-7E36-46B6-BF91-C8BAD4412DD8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C4DE6F6F-32B1-4BD6-A6D8-A773F5CE8BA4}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{C549E2C1-3F5A-4CB5-B281-C28413C8944B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C560EF9D-0D9E-4656-9F97-E34EE816C732}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{CA195F56-1D87-4F4C-82C1-E7EBE08028F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CA953125-0EF8-49C5-B1A2-3B3FC449E7C3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DA2D176C-ADAE-4A00-B6B9-536C7A55740F}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{DBB88D70-224B-464E-BBE2-EE3D2A60B3F8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E271C686-2A49-42A8-8809-15230A947C50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{E57763FA-1EA0-4C1A-A554-962EA8D53E34}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{E6A0798E-6429-4F50-843B-EAF1680A4879}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E9768EC3-1152-4D1A-BF13-727B3E7D8228}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EB244606-BAF0-4199-BFDF-1EC1CB09D5E9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F15D64D4-0E09-4B5C-BF79-5A491D8C48A0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F5EE2BE6-DFCA-4AFF-B5BA-F7601C1656B4}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{F9065A15-7701-4805-B225-0308E6FC4B54}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"{F97CB49D-8B98-4BED-851D-06F66207CFB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0948F36D-BC19-45C1-BE8D-29F29C2ABC04}C:\program files (x86)\mk-games cliente 5.0 alpha 1.0\metin2client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mk-games cliente 5.0 alpha 1.0\metin2client.exe |
"TCP Query User{2AE31D47-9B03-4E93-911E-679AF497537D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{3BD712E9-D296-48C5-BC9C-E71236C294BF}C:\program files (x86)\quadcorem2\pack\core.bin" = protocol=6 | dir=in | app=c:\program files (x86)\quadcorem2\pack\core.bin |
"TCP Query User{3C3654F3-0D75-4327-B55C-7709538B3869}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{5C2E9644-318C-415C-8556-2FEE9F96AFAE}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{6CA6232B-01AF-4330-A3AA-6475DFBCA8E6}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{72B677DD-0DA9-4AC7-8E3B-F74B384FEB1D}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{83E6F050-A6BB-4FD7-BAF0-F7799025CDCE}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{A1148C19-480D-4329-978B-6A2C5821F4F3}C:\program files (x86)\quadcorem2\pack\core.bin" = protocol=6 | dir=in | app=c:\program files (x86)\quadcorem2\pack\core.bin |
"TCP Query User{B6CD9420-829E-4F69-80C2-533E9F3D5632}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{DB957E22-BFF3-4233-B4BB-EBB1F7006ABD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{F52FC2E0-4C63-4DE6-994E-FAEEBC0B9CC7}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{1D3A9273-CFBD-4567-873C-056E83767E96}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{28A084B2-F935-4A3F-8382-7F38AAFA77BF}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{3EE3C88F-3B62-4398-BD64-A91295D6838A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{407370D0-1DC7-4B0F-A18E-B590B0A468CA}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{6371196A-4B0A-4191-A456-1E8760EB5959}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{640734E7-349D-4984-A7EA-79587B0EA0D3}C:\program files (x86)\quadcorem2\pack\core.bin" = protocol=17 | dir=in | app=c:\program files (x86)\quadcorem2\pack\core.bin |
"UDP Query User{77F02739-F10D-487B-9C0B-9427341D84BF}C:\program files (x86)\quadcorem2\pack\core.bin" = protocol=17 | dir=in | app=c:\program files (x86)\quadcorem2\pack\core.bin |
"UDP Query User{9287081C-1BDA-49B5-88D0-9A87260226B8}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{A0468A90-1D9E-4BA1-B18C-BC30362A8328}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{A0640D90-432D-47DD-B813-FE43808FFC1B}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{AE18200A-C126-4CBA-B222-3823A6A7A954}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{F1CBE9B9-7094-49DC-9CFA-DC92A80D1001}C:\program files (x86)\mk-games cliente 5.0 alpha 1.0\metin2client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mk-games cliente 5.0 alpha 1.0\metin2client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2A21DA0C-F50D-DF54-70AD-C0826158FBF2}" = ccc-utility64
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6502B973-9DB9-683F-2BE3-4B83F54F78FF}" = WMV9/VC-1 Video Playback
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A324DC11-FF02-3CE8-9D6F-67EBC006D970}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3E6E2B5-DEB5-235A-4999-4D424C11788B}" = ATI Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client CS-CZ Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0389A677-241F-6EEC-54B0-2D07F620776E}" = Catalyst Control Center Localization All
"{03D98FB6-0E27-5614-864A-961248BD89E8}" = CCC Help Danish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{19555808-AF6B-9E99-366C-A2D8C6FB3D07}" = CCC Help English
"{19643FA2-3DDD-1C05-A474-E4FB28638F65}" = Catalyst Control Center InstallProxy
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{271B24E3-1505-B13A-BF3E-282CF0C54B68}" = PX Profile Update
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29172463-C766-9812-F399-82380F03761A}" = CCC Help Korean
"{2E6D4F14-C94C-758B-46E4-9AD21852108F}" = CCC Help Portuguese
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3DBFE2A1-945C-9F14-17F6-1F74CB4F82A5}" = CCC Help Japanese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4504861F-2770-D8F2-F0B1-B723FADF315F}" = CCC Help Polish
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Mazlíčci
"{50210E48-FB67-0045-3853-C3FBEB470127}" = CCC Help French
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{5035C1F3-6147-3C83-3C39-37B6DBDAC163}" = CCC Help Thai
"{5148E9E4-312A-4B18-A007-777348932321}" = Hama Keyboard and Mouse driver V6.0
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Pro Teenagery Kolekce
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F1DD61A-0C22-E924-3A81-DFFCC14A5A97}" = CCC Help Russian
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Koupelny a kuchyně Interiérový design Kolekce
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A2BF2A-E7E5-BA48-7525-02BD5B7425C7}" = CCC Help Chinese Standard
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{744C5097-94C7-DE34-5B1F-43EDFDBD5E35}" = CCC Help Dutch
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{795062B9-1B7A-7ACA-1C7D-7B3D61F4116A}" = ccc-core-static
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D5B0DA2-9AAE-3ADF-B692-685EA3DC64C6}" = CCC Help Italian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC173F3-DBEC-ED42-68EF-49BCB95FC49F}" = CCC Help Swedish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_HOMESTUDENTR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_HOMESTUDENTR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_HOMESTUDENTR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96A84750-A54D-C7C3-44AA-5C28C36C5640}" = CCC Help German
"{96B17AEC-9C54-0969-5613-4C9B33BFEAFF}" = CCC Help Chinese Traditional
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994359E8-D614-4CC6-84DB-415C27D2BA12}" = MAGIX Screenshare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1751DF-188D-591B-3887-1825F597007A}" = CCC Help Spanish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A44B2324-CB46-A9F9-7FDC-7FD087AEC7FC}" = Catalyst Control Center Profiles Mobile
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B34E1065-711C-7B9E-C77D-9E071DAAFC31}" = CCC Help Finnish
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA0F92C2-2012-0AF0-A2CE-62E220A0AF06}" = CCC Help Hungarian
"{BCFC4789-7C5E-B050-CBB1-8C6CA46990A8}" = CCC Help Greek
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C72D7008-266D-4DD8-BF3C-296B736127F6}" = Mafia
"{CCB6DF61-A144-02B4-EDC7-D7478AF7B27D}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF5B650A-3F45-4DEF-90B7-5AC4893CED28}" = QuadCoreM2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7FC3EAE-C6D8-92D1-B065-29DECFD5A8E7}" = Catalyst Control Center Graphics Previews Common
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBCB66BD-328F-421C-96BA-8E66C7B69336}" = MAGIX Speed burnR (MSI)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{f168afc5-b8c9-4165-a23e-e3ea1be5531e}_is1" = Psi Ops
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Noční život
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8B2AA7F-956F-D943-F1C0-42843041B108}" = CCC Help Czech
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FC2C6FBD-01DC-36D8-5F4B-7033B00C9963}" = CCC Help Turkish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 2.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"AIMP3" = AIMP3
"aTube Catcher" = aTube Catcher
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Arms EU" = Combat Arms EU
"Desura" = Desura
"DivX Setup" = DivX Setup
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5148E9E4-312A-4B18-A007-777348932321}" = Hama Keyboard and Mouse driver V6.0
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Kolaveri FB Chat" = Kolaveri FB Chat
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.70.0.1100
"MK-Games Cliente 5.0 Alpha 1.0" = MK-Games Cliente 5.0 Alpha 1.0
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Steam App 17080" = Tribes: Ascend
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 50130" = Mafia II
"Steam App 550" = Left 4 Dead 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VeriFace" = VeriFace
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Your Product1.0" = Your Product
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoArtist 2" = BenVista PhotoArtist 2.0.6
"QuadCoreM2" = QuadCoreM2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 12/14/2012 6:09:44 PM | Computer Name = Ondřej-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
[ Media Center Events ]
Error - 5/5/2012 10:02:17 AM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 16:02:11 - Chyba při připojování k Internetu 16:02:11 - Nelze kontaktovat
server..
Error - 5/5/2012 11:05:40 AM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 17:05:40 - Chyba při připojování k Internetu 17:05:40 - Nelze kontaktovat
server..
Error - 5/5/2012 11:05:45 AM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 17:05:45 - Chyba při připojování k Internetu 17:05:45 - Nelze kontaktovat
server..
Error - 8/20/2012 12:17:30 PM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 18:17:30 - Chyba při připojování k Internetu 18:17:30 - Nelze kontaktovat
server..
Error - 8/20/2012 12:17:41 PM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 18:17:35 - Chyba při připojování k Internetu 18:17:35 - Nelze kontaktovat
server..
Error - 9/9/2012 6:25:10 AM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 12:25:10 - Chyba při připojování k Internetu 12:25:10 - Nelze kontaktovat
server..
Error - 9/9/2012 6:25:22 AM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 12:25:16 - Chyba při připojování k Internetu 12:25:16 - Nelze kontaktovat
server..
Error - 9/9/2012 12:39:24 PM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 18:39:24 - Chyba při připojování k Internetu 18:39:24 - Nelze kontaktovat
server..
Error - 9/9/2012 12:39:33 PM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 18:39:29 - Chyba při připojování k Internetu 18:39:29 - Nelze kontaktovat
server..
Error - 9/25/2012 2:14:09 PM | Computer Name = Ondřej-PC | Source = MCUpdate | ID = 0
Description = 20:14:08 - Chyba při připojování k Internetu 20:14:08 - Nelze kontaktovat
server..
[ System Events ]
Error - 12/27/2012 8:56:00 PM | Computer Name = Ondřej-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12/27/2012 8:58:58 PM | Computer Name = Ondřej-PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.
Error - 12/27/2012 9:02:25 PM | Computer Name = Ondřej-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12/27/2012 9:06:39 PM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7000
Description = Služba ReadyComm.DirectRouter neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 12/27/2012 9:25:19 PM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7000
Description = Služba ReadyComm.DirectRouter neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 12/28/2012 6:58:38 AM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7000
Description = Služba ReadyComm.DirectRouter neuspěla při spuštění v důsledku následující
chyby: %%2
Error - 12/28/2012 7:03:02 AM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7034
Description = Služba Skype C2C Service byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 12/28/2012 7:08:53 AM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12/28/2012 7:11:19 AM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12/28/2012 7:30:26 AM | Computer Name = Ondoej-PC | Source = Service Control Manager | ID = 7000
Description = Služba ReadyComm.DirectRouter neuspěla při spuštění v důsledku následující
chyby: %%2
< End of report >
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Facebook vir SSL/TSL poštovní klient a jeho vypnutí
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/Opravy do okénka vlož následující text, zobrazený zeleně:
Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Pod Vlastní skenování/Opravy do okénka vlož následující text, zobrazený zeleně:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=112670 ... df9ae0f6f0
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112670 ... df9ae0f6f0
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=116775&tt=5012_4&babsrc=SP_ss&mntrId=deaaa6da000000000000d0df9ae0f6f0
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{883674A6-5ADC-4050-AA73-E8D1A8D6D83F}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=^T8&apn_dtid=^zzz001^YY^CZ&apn_uid=71952e84-cad6-4038-b0b1-84782856cfc8&apn_sauid=8617D1AD-0766-4177-A8D0-BE87F7722BAD
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{8D14CA2A-5D75-4928-B1A1-4501CA140311}: "URL" = http://search.phpnuke.org/?lang=en&q={searchTerms}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/hypercam/{2832F12C-68C5-47D6-B6F4-C5725F922E24}?q={searchTerms}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={4D693C3B-2B77-11E2-9F84-3859F9FB4E77}
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
CHR - homepage: http://search.babylon.com/?affID=116775 ... df9ae0f6f0
CHR - homepage: http://search.babylon.com/?affID=116775 ... df9ae0f6f0
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2474961657-317684504-2190628562-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - Startup: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue otshot Installation.lnk = C:\Users\Ondřej\Downloads\Otshot_installer71.exe
@Alternate Data Stream - 121 bytes -> C:\Users\All Users\Temp:D1B5B4F1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D1B5B4F1
:Services
:Files
C:\Users\Ondřej\Downloads\Otshot_installer71.exe
C:\Program Files (x86)\ICQ6Toolbar
C:\Users\Ondřej\Desktop\ComboFix.lnk
C:\windows\PEV.exe
C:\windows\MBR.exe
C:\windows\sed.exe
C:\windows\grep.exe
C:\windows\zip.exe
C:\Users\All Users\Ask
C:\Users\All Users\Babylon
C:\Users\Ondřej\.swt
C:\windows\SWREG.exe
C:\windows\SWSC.exe
C:\windows\NIRCMD.exe
C:\Qoobox
c:\program files (x86)\Google\Update
c:\programdata\Browser Manager
c:\users\Ondřej\AppData\Roaming\ICQ Search
c:\program files (x86)\ICQ6Toolbar
c:\users\Ondřej\AppData\Roaming\Babylon
c:\programdata\Babylon
c:\users\Ondřej\.swt
c:\program files\Babylon
c:\program files (x86)\Babylon
C:\Program Files (x86)\Google\Google Toolbar
C:\Program Files (x86)\Yontoo
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\system32\SET*.tmp
C:\Recycler
C:\$RECYCLE.BIN
C:\RECYCLER
C:\Windows\tasks\*.job
:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
:Commands
[resethosts]
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Facebook vir SSL/TSL poštovní klient a jeho vypnutí
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\BrowserMngr Start Page| /E : value set successfully!
HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{883674A6-5ADC-4050-AA73-E8D1A8D6D83F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{883674A6-5ADC-4050-AA73-E8D1A8D6D83F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8D14CA2A-5D75-4928-B1A1-4501CA140311}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D14CA2A-5D75-4928-B1A1-4501CA140311}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File move failed. C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue otshot Installation.lnk scheduled to be moved on reboot.
C:\Users\Ondřej\Downloads\Otshot_installer71.exe moved successfully.
ADS C:\Users\All Users\Temp:D1B5B4F1 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:D1B5B4F1 .
========== SERVICES/DRIVERS ==========
========== FILES ==========
File\Folder C:\Users\Ondřej\Downloads\Otshot_installer71.exe not found.
C:\Program Files (x86)\ICQ6Toolbar folder moved successfully.
C:\Users\Ondřej\Desktop\ComboFix.lnk moved successfully.
C:\windows\PEV.exe moved successfully.
C:\windows\MBR.exe moved successfully.
C:\windows\sed.exe moved successfully.
C:\windows\grep.exe moved successfully.
C:\windows\zip.exe moved successfully.
C:\Users\All Users\Ask\APN-Stub\ATU3\Local folder moved successfully.
C:\Users\All Users\Ask\APN-Stub\ATU3 folder moved successfully.
C:\Users\All Users\Ask\APN-Stub folder moved successfully.
C:\Users\All Users\Ask folder moved successfully.
C:\Users\All Users\Babylon folder moved successfully.
C:\Users\Ondřej\.swt\lib\win32\x86 folder moved successfully.
C:\Users\Ondřej\.swt\lib\win32 folder moved successfully.
C:\Users\Ondřej\.swt\lib folder moved successfully.
C:\Users\Ondřej\.swt folder moved successfully.
C:\windows\SWREG.exe moved successfully.
C:\windows\SWSC.exe moved successfully.
C:\windows\NIRCMD.exe moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\Windows folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Ondřej folder moved successfully.
C:\Qoobox\Quarantine\C\Users folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Your Product\Uninstall folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Your Product folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86) folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
C:\Qoobox folder moved successfully.
c:\program files (x86)\Google\Update\Offline\{9D986FD6-E26A-4847-99D0-9248294ED03E} folder moved successfully.
c:\program files (x86)\Google\Update\Offline folder moved successfully.
c:\program files (x86)\Google\Update\Install folder moved successfully.
c:\program files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.4.3607.2246 folder moved successfully.
c:\program files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{820F49E2-085F-452D-9B1A-40A99F768590} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0 folder moved successfully.
c:\program files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.97 folder moved successfully.
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125 folder moved successfully.
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\0.0.0.0 folder moved successfully.
c:\program files (x86)\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88} folder moved successfully.
c:\program files (x86)\Google\Update\Download folder moved successfully.
c:\program files (x86)\Google\Update\1.3.21.124 folder moved successfully.
c:\program files (x86)\Google\Update folder moved successfully.
File\Folder c:\programdata\Browser Manager not found.
c:\users\Ondřej\AppData\Roaming\ICQ Search folder moved successfully.
File\Folder c:\program files (x86)\ICQ6Toolbar not found.
c:\users\Ondřej\AppData\Roaming\Babylon folder moved successfully.
File\Folder c:\programdata\Babylon not found.
File\Folder c:\users\Ondřej\.swt not found.
c:\program files\Babylon folder moved successfully.
c:\program files (x86)\Babylon\Babylon-Pro\Utils folder moved successfully.
c:\program files (x86)\Babylon\Babylon-Pro folder moved successfully.
c:\program files (x86)\Babylon folder moved successfully.
File\Folder C:\Program Files (x86)\Google\Google Toolbar not found.
File\Folder C:\Program Files (x86)\Yontoo not found.
C:\WINDOWS\msdownld.tmp folder moved successfully.
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\tasks\SA.DAT moved successfully.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\Recycler not found.
C:\$RECYCLE.BIN\S-1-5-21-2474961657-317684504-2190628562-1000 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
File\Folder C:\RECYCLER not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ondrej
->Temp folder emptied: 0 bytes
User: Ondøej
User: Ondýej
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Ondřej
->Temp folder emptied: 1141 bytes
->Temporary Internet Files folder emptied: 9636516 bytes
->Google Chrome cache emptied: 397622230 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27258 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68045 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 388.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Ondrej
User: Ondøej
User: Ondýej
User: Ondřej
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12282012_140616
Files\Folders moved on Reboot...
File\Folder C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue otshot Installation.lnk not found!
File\Folder C:\Qoobox\BackEnv not found!
C:\Users\Ondřej\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
No active process named explorer.exe was found!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\BrowserMngr Start Page| /E : value set successfully!
HKU\S-1-5-21-2474961657-317684504-2190628562-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{883674A6-5ADC-4050-AA73-E8D1A8D6D83F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{883674A6-5ADC-4050-AA73-E8D1A8D6D83F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8D14CA2A-5D75-4928-B1A1-4501CA140311}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D14CA2A-5D75-4928-B1A1-4501CA140311}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2474961657-317684504-2190628562-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File move failed. C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue otshot Installation.lnk scheduled to be moved on reboot.
C:\Users\Ondřej\Downloads\Otshot_installer71.exe moved successfully.
ADS C:\Users\All Users\Temp:D1B5B4F1 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:D1B5B4F1 .
========== SERVICES/DRIVERS ==========
========== FILES ==========
File\Folder C:\Users\Ondřej\Downloads\Otshot_installer71.exe not found.
C:\Program Files (x86)\ICQ6Toolbar folder moved successfully.
C:\Users\Ondřej\Desktop\ComboFix.lnk moved successfully.
C:\windows\PEV.exe moved successfully.
C:\windows\MBR.exe moved successfully.
C:\windows\sed.exe moved successfully.
C:\windows\grep.exe moved successfully.
C:\windows\zip.exe moved successfully.
C:\Users\All Users\Ask\APN-Stub\ATU3\Local folder moved successfully.
C:\Users\All Users\Ask\APN-Stub\ATU3 folder moved successfully.
C:\Users\All Users\Ask\APN-Stub folder moved successfully.
C:\Users\All Users\Ask folder moved successfully.
C:\Users\All Users\Babylon folder moved successfully.
C:\Users\Ondřej\.swt\lib\win32\x86 folder moved successfully.
C:\Users\Ondřej\.swt\lib\win32 folder moved successfully.
C:\Users\Ondřej\.swt\lib folder moved successfully.
C:\Users\Ondřej\.swt folder moved successfully.
C:\windows\SWREG.exe moved successfully.
C:\windows\SWSC.exe moved successfully.
C:\windows\NIRCMD.exe moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\Windows folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Ondřej folder moved successfully.
C:\Qoobox\Quarantine\C\Users folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Your Product\Uninstall folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Your Product folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86) folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
C:\Qoobox folder moved successfully.
c:\program files (x86)\Google\Update\Offline\{9D986FD6-E26A-4847-99D0-9248294ED03E} folder moved successfully.
c:\program files (x86)\Google\Update\Offline folder moved successfully.
c:\program files (x86)\Google\Update\Install folder moved successfully.
c:\program files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.4.3607.2246 folder moved successfully.
c:\program files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{820F49E2-085F-452D-9B1A-40A99F768590} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0 folder moved successfully.
c:\program files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.97 folder moved successfully.
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125 folder moved successfully.
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D} folder moved successfully.
c:\program files (x86)\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\0.0.0.0 folder moved successfully.
c:\program files (x86)\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88} folder moved successfully.
c:\program files (x86)\Google\Update\Download folder moved successfully.
c:\program files (x86)\Google\Update\1.3.21.124 folder moved successfully.
c:\program files (x86)\Google\Update folder moved successfully.
File\Folder c:\programdata\Browser Manager not found.
c:\users\Ondřej\AppData\Roaming\ICQ Search folder moved successfully.
File\Folder c:\program files (x86)\ICQ6Toolbar not found.
c:\users\Ondřej\AppData\Roaming\Babylon folder moved successfully.
File\Folder c:\programdata\Babylon not found.
File\Folder c:\users\Ondřej\.swt not found.
c:\program files\Babylon folder moved successfully.
c:\program files (x86)\Babylon\Babylon-Pro\Utils folder moved successfully.
c:\program files (x86)\Babylon\Babylon-Pro folder moved successfully.
c:\program files (x86)\Babylon folder moved successfully.
File\Folder C:\Program Files (x86)\Google\Google Toolbar not found.
File\Folder C:\Program Files (x86)\Yontoo not found.
C:\WINDOWS\msdownld.tmp folder moved successfully.
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\tasks\SA.DAT moved successfully.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\Recycler not found.
C:\$RECYCLE.BIN\S-1-5-21-2474961657-317684504-2190628562-1000 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
File\Folder C:\RECYCLER not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ondrej
->Temp folder emptied: 0 bytes
User: Ondøej
User: Ondýej
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Ondřej
->Temp folder emptied: 1141 bytes
->Temporary Internet Files folder emptied: 9636516 bytes
->Google Chrome cache emptied: 397622230 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27258 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68045 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 388.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Ondrej
User: Ondøej
User: Ondýej
User: Ondřej
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12282012_140616
Files\Folders moved on Reboot...
File\Folder C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue otshot Installation.lnk not found!
File\Folder C:\Qoobox\BackEnv not found!
C:\Users\Ondřej\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti