ComboFix 13-01-05.01 - Petr 06.01.2013 22:14:11.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4061.2911 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688509633-907158759-1882346922-1001Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688509633-907158759-1882346922-1001UA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1688509633-907158759-1882346922-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1688509633-907158759-1882346922-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\McAfee
c:\programdata\McAfee\MCLOGS\McUICnt\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release\SecurityScan_Release000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\programdata\McAfee\MCLOGS\SecurityScanner\McUicnt\McUicnt000.log
c:\users\Petr\AppData\Local\Facebook\Update
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\Petr\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\Petr\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\users\Petr\AppData\Local\Google\Update
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\GoogleCrashHandler.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\GoogleCrashHandler64.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\GoogleUpdate.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\GoogleUpdateBroker.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\GoogleUpdateHelper.msi
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\GoogleUpdateOnDemand.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\GoogleUpdateSetup.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdate.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_am.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_ar.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_bg.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_bn.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_ca.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_cs.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_da.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_de.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_el.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_en-GB.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_en.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_es-419.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_es.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_et.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_fa.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_fi.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_fil.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_fr.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_gu.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_hi.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_hr.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_hu.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_id.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_is.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_it.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_iw.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_ja.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_kn.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_ko.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_lt.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_lv.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_ml.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_mr.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_ms.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_nl.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_no.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_pl.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_pt-BR.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_pt-PT.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_ro.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_ru.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_sk.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_sl.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_sr.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_sv.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_sw.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_ta.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_te.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_th.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_tr.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_uk.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_ur.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_vi.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_zh-CN.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\goopdateres_zh-TW.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\psmachine.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.129\psuser.dll
c:\users\Petr\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.97\23.0.1271.97_23.0.1271.95_chrome_updater.exe
c:\users\Petr\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.97\23.0.1271.97_chrome_installer.exe
c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688509633-907158759-1882346922-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688509633-907158759-1882346922-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1688509633-907158759-1882346922-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1688509633-907158759-1882346922-1001UA.job
.
c:\windows\SysWow64\drivers\ntfs.sys . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-06 do 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-06 21:26 . 2013-01-06 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-06 21:26 . 2013-01-06 21:26 -------- d-----w- c:\users\apache2triad\AppData\Local\temp
2013-01-06 21:26 . 2013-01-06 21:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-06 18:25 . 2013-01-06 18:25 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-01-06 14:00 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F4DB2B7-DE59-4F80-AFF1-5D5B03CACED6}\mpengine.dll
2013-01-05 17:43 . 2013-01-05 17:43 -------- d-----w- c:\users\Petr\AppData\Local\Apple Computer
2013-01-05 16:50 . 2013-01-05 16:50 -------- d-----w- c:\users\Petr\AppData\Local\Adobe
2013-01-05 09:30 . 2013-01-05 09:30 -------- d-----w- c:\users\Petr\AppData\Local\ATI
2013-01-05 09:14 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-05 08:52 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-03 16:13 . 2013-01-03 16:13 -------- d-----w- c:\program files (x86)\Red Sky
2013-01-03 12:51 . 2013-01-03 12:51 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2013-01-03 12:48 . 2013-01-03 12:48 -------- d-----w- c:\programdata\Malwarebytes
2013-01-03 10:03 . 2012-01-20 13:14 18816 ----a-w- c:\windows\system32\roboot64.exe
2013-01-03 10:03 . 2013-01-03 10:57 -------- d-----w- c:\users\Petr\AppData\Roaming\systweak
2013-01-03 10:01 . 2013-01-03 10:01 -------- d-----w- c:\programdata\BrowserProtect
2012-12-24 12:17 . 2012-12-24 12:17 53248 ----a-w- c:\windows\SysWow64\unrar.dll
2012-12-20 20:59 . 2012-12-20 20:59 -------- d-----w- c:\users\Petr\AppData\Local\Macromedia
2012-12-20 08:23 . 2012-12-20 08:23 -------- d-----w- c:\users\Petr\AppData\Local\Chromium
2012-12-18 22:40 . 2012-12-18 22:40 -------- d-----w- c:\users\Petr\AppData\Local\Mozilla
2012-12-18 22:39 . 2012-12-18 22:39 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-20 20:25 . 2012-05-30 14:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-20 20:25 . 2012-05-30 14:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-29 10:04 . 2012-11-29 10:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED633884-9FAA-4DD0-9F1E-AC91554B8D74}\gapaengine.dll
2012-11-15 23:53 . 2012-05-30 21:36 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-08 17:59 . 2012-11-29 10:04 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-06 14:06 . 2012-11-06 14:06 167936 ----a-w- c:\windows\tosbtapi.dll
2012-11-06 12:48 . 2012-11-06 12:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-06 12:48 . 2012-11-06 12:48 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-18 18:25 . 2012-11-15 19:41 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-10-12 07:19 . 2012-11-06 08:42 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31E0589A-0FF6-43D6-AA33-88A692B6428A}\mpengine.dll
2012-10-12 06:34 . 2012-11-19 11:48 100864 ----a-w- c:\windows\system32\pdfcmon.dll
2012-10-09 18:17 . 2012-11-15 19:41 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 19:41 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 19:41 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 19:41 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 60928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~2\261040~1.25\{c16c1~1\browse~1.dll c:\progra~3\browse~2\261040~1.25\{c16c1~1\browserprotect.dll c:\progra~3\browse~2\261040~1.25\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-31 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-30 834544]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2012-12-25 2547816]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [2010-03-11 16384]
S2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-03 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-12-25 76112]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-12-25 20304]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2009-12-25 12112]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2009-11-02 25088]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2009-11-02 14336]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-26 174680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-03-16 685672]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-11 10051616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010006&st=12&barid={C75A8F47-14D9-4ED2-8B50-CAABFAF79B59}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 75.127.10.103:8080
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=quicksearch_6826&q=
FF - prefs.js: network.proxy.http - 75.127.85.2
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\schtasks.exe
d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2013-01-06 22:33:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-06 21:33
ComboFix2.txt 2013-01-06 13:55
.
Před spuštěním: Volných bajtů: 21 407 027 200
Po spuštění: Volných bajtů: 21 139 943 424
.
- - End Of File - - 7042B2156C77DDB5BD29C96D560A766A
Prosím o kontrolu logu + Vyřešeno
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:23, on 6.1.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\Documents\Dokumenty\proti virum\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 75.127.10.103:8080
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: Seznam.cz - {EA837F48-5AD1-443e-AE34-FFE03CBF3099} - (no file)
O3 - Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~2\261040~1.25\{c16c1~1\browse~1.dll c:\progra~3\browse~2\261040~1.25\{c16c1~1\browserprotect.dll c:\progra~3\browse~2\261040~1.25\{c16c1~1\browserprotect.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GeniusMouseService - Unknown owner - C:\Genius\ioCentre\GMouseService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8019 bytes
Scan saved at 22:40:23, on 6.1.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\Documents\Dokumenty\proti virum\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 75.127.10.103:8080
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: Seznam.cz - {EA837F48-5AD1-443e-AE34-FFE03CBF3099} - (no file)
O3 - Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~2\261040~1.25\{c16c1~1\browse~1.dll c:\progra~3\browse~2\261040~1.25\{c16c1~1\browserprotect.dll c:\progra~3\browse~2\261040~1.25\{c16c1~1\browserprotect.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GeniusMouseService - Unknown owner - C:\Genius\ioCentre\GMouseService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8019 bytes
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:23, on 6.1.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\Documents\Dokumenty\proti virum\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 75.127.10.103:8080
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: Seznam.cz - {EA837F48-5AD1-443e-AE34-FFE03CBF3099} - (no file)
O3 - Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~2\261040~1.25\{c16c1~1\browse~1.dll c:\progra~3\browse~2\261040~1.25\{c16c1~1\browserprotect.dll c:\progra~3\browse~2\261040~1.25\{c16c1~1\browserprotect.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GeniusMouseService - Unknown owner - C:\Genius\ioCentre\GMouseService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8019 bytes
Scan saved at 22:40:23, on 6.1.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\Documents\Dokumenty\proti virum\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 75.127.10.103:8080
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: Seznam.cz - {EA837F48-5AD1-443e-AE34-FFE03CBF3099} - (no file)
O3 - Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~2\261040~1.25\{c16c1~1\browse~1.dll c:\progra~3\browse~2\261040~1.25\{c16c1~1\browserprotect.dll c:\progra~3\browse~2\261040~1.25\{c16c1~1\browserprotect.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GeniusMouseService - Unknown owner - C:\Genius\ioCentre\GMouseService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8019 bytes
Re: Prosím o kontrolu logu
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-06 22:42:22
-----------------------------
22:42:22.119 OS Version: Windows x64 6.1.7601 Service Pack 1
22:42:22.119 Number of processors: 2 586 0x170A
22:42:22.120 ComputerName: PETR-PC UserName: Petr
22:42:22.770 Initialize success
22:42:31.327 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
22:42:31.330 Disk 0 Vendor: WDC_WD3200BEVT-26ZCT0 12.01A12 Size: 305245MB BusType: 11
22:42:31.340 Disk 0 MBR read successfully
22:42:31.344 Disk 0 MBR scan
22:42:31.348 Disk 0 Windows 7 default MBR code
22:42:31.364 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:42:31.385 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152622 MB offset 3074048
22:42:31.409 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 151122 MB offset 315643904
22:42:31.445 Disk 0 scanning C:\Windows\system32\drivers
22:42:38.690 Service scanning
22:42:51.370 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:42:56.511 Modules scanning
22:42:56.525 Disk 0 trace - called modules:
22:42:56.535
22:42:56.873 Scan finished successfully
22:43:04.541 Disk 0 MBR has been saved successfully to "C:\Users\Petr\Desktop\MBR.dat"
22:43:04.547 The log file has been saved successfully to "C:\Users\Petr\Desktop\aswMBR.txt"
Run date: 2013-01-06 22:42:22
-----------------------------
22:42:22.119 OS Version: Windows x64 6.1.7601 Service Pack 1
22:42:22.119 Number of processors: 2 586 0x170A
22:42:22.120 ComputerName: PETR-PC UserName: Petr
22:42:22.770 Initialize success
22:42:31.327 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
22:42:31.330 Disk 0 Vendor: WDC_WD3200BEVT-26ZCT0 12.01A12 Size: 305245MB BusType: 11
22:42:31.340 Disk 0 MBR read successfully
22:42:31.344 Disk 0 MBR scan
22:42:31.348 Disk 0 Windows 7 default MBR code
22:42:31.364 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:42:31.385 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152622 MB offset 3074048
22:42:31.409 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 151122 MB offset 315643904
22:42:31.445 Disk 0 scanning C:\Windows\system32\drivers
22:42:38.690 Service scanning
22:42:51.370 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:42:56.511 Modules scanning
22:42:56.525 Disk 0 trace - called modules:
22:42:56.535
22:42:56.873 Scan finished successfully
22:43:04.541 Disk 0 MBR has been saved successfully to "C:\Users\Petr\Desktop\MBR.dat"
22:43:04.547 The log file has been saved successfully to "C:\Users\Petr\Desktop\aswMBR.txt"
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
FF - prefs.js: network.proxy.http - 75.127.85.2
FF - prefs.js: network.proxy.http_port – 3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 75.127.10.103:8080
ty porty sis otevřel sám??
Návod
Kód: Vybrat vše
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Seznam.cz - {EA837F48-5AD1-443e-AE34-FFE03CBF3099} - (no file)
O3 - Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
KillAll::
File::
c:\windows\_MSRSTRT.EXE
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
FF - prefs.js: network.proxy.http - 75.127.85.2
FF - prefs.js: network.proxy.http_port – 3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 75.127.10.103:8080
ty porty sis otevřel sám??
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
ComboFix 13-01-05.01 - Petr 10.01.2013 21:06:27.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4061.2758 [GMT 1:00]
Spuštěný z: c:\users\Petr\Documents\Dokumenty\proti virum\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
FILE ::
"c:\windows\_MSRSTRT.EXE"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-10 do 2013-01-10 )))))))))))))))))))))))))))))))
.
.
2013-01-10 20:07 . 2013-01-10 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-10 20:07 . 2013-01-10 20:07 -------- d-----w- c:\users\apache2triad\AppData\Local\temp
2013-01-10 20:07 . 2013-01-10 20:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-09 10:19 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8D06FBC-2C94-4002-9092-CCD24C5CF5D2}\mpengine.dll
2013-01-08 07:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-06 18:25 . 2013-01-06 18:25 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-01-05 17:43 . 2013-01-05 17:43 -------- d-----w- c:\users\Petr\AppData\Local\Apple Computer
2013-01-05 16:50 . 2013-01-05 16:50 -------- d-----w- c:\users\Petr\AppData\Local\Adobe
2013-01-05 09:30 . 2013-01-05 09:30 -------- d-----w- c:\users\Petr\AppData\Local\ATI
2013-01-05 09:14 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-03 16:13 . 2013-01-03 16:13 -------- d-----w- c:\program files (x86)\Red Sky
2013-01-03 12:51 . 2013-01-03 12:51 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2013-01-03 12:48 . 2013-01-03 12:48 -------- d-----w- c:\programdata\Malwarebytes
2013-01-03 10:03 . 2012-01-20 13:14 18816 ----a-w- c:\windows\system32\roboot64.exe
2013-01-03 10:03 . 2013-01-03 10:57 -------- d-----w- c:\users\Petr\AppData\Roaming\systweak
2012-12-24 12:17 . 2012-12-24 12:17 53248 ----a-w- c:\windows\SysWow64\unrar.dll
2012-12-20 20:59 . 2012-12-20 20:59 -------- d-----w- c:\users\Petr\AppData\Local\Macromedia
2012-12-20 08:23 . 2012-12-20 08:23 -------- d-----w- c:\users\Petr\AppData\Local\Chromium
2012-12-18 22:40 . 2012-12-18 22:40 -------- d-----w- c:\users\Petr\AppData\Local\Mozilla
2012-12-18 22:39 . 2012-12-18 22:39 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-20 20:25 . 2012-05-30 14:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-20 20:25 . 2012-05-30 14:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-29 10:04 . 2012-11-29 10:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED633884-9FAA-4DD0-9F1E-AC91554B8D74}\gapaengine.dll
2012-11-15 23:53 . 2012-05-30 21:36 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-08 17:59 . 2012-11-29 10:04 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-06 14:06 . 2012-11-06 14:06 167936 ----a-w- c:\windows\tosbtapi.dll
2012-11-06 12:48 . 2012-11-06 12:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-06 12:48 . 2012-11-06 12:48 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-18 18:25 . 2012-11-15 19:41 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 60928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-31 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-30 834544]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [2010-03-11 16384]
S2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-03 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-12-25 76112]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-12-25 20304]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2009-12-25 12112]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2009-11-02 25088]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2009-11-02 14336]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-26 174680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-03-16 685672]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-11 10051616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010006&st=12&barid={C75A8F47-14D9-4ED2-8B50-CAABFAF79B59}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 50.23.4.2:3128
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=quicksearch_6826&q=
FF - prefs.js: network.proxy.http - 75.127.85.2
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
.
**************************************************************************
.
Celkový čas: 2013-01-10 21:13:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-10 20:13
ComboFix2.txt 2013-01-06 13:55
.
Před spuštěním: Volných bajtů: 21 790 199 808
Po spuštění: Volných bajtů: 21 490 626 560
.
- - End Of File - - 6396586043F97E93F9194ED4DABB592B
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4061.2758 [GMT 1:00]
Spuštěný z: c:\users\Petr\Documents\Dokumenty\proti virum\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
FILE ::
"c:\windows\_MSRSTRT.EXE"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-10 do 2013-01-10 )))))))))))))))))))))))))))))))
.
.
2013-01-10 20:07 . 2013-01-10 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-10 20:07 . 2013-01-10 20:07 -------- d-----w- c:\users\apache2triad\AppData\Local\temp
2013-01-10 20:07 . 2013-01-10 20:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-09 10:19 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8D06FBC-2C94-4002-9092-CCD24C5CF5D2}\mpengine.dll
2013-01-08 07:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-06 18:25 . 2013-01-06 18:25 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-01-05 17:43 . 2013-01-05 17:43 -------- d-----w- c:\users\Petr\AppData\Local\Apple Computer
2013-01-05 16:50 . 2013-01-05 16:50 -------- d-----w- c:\users\Petr\AppData\Local\Adobe
2013-01-05 09:30 . 2013-01-05 09:30 -------- d-----w- c:\users\Petr\AppData\Local\ATI
2013-01-05 09:14 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-03 16:13 . 2013-01-03 16:13 -------- d-----w- c:\program files (x86)\Red Sky
2013-01-03 12:51 . 2013-01-03 12:51 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2013-01-03 12:48 . 2013-01-03 12:48 -------- d-----w- c:\programdata\Malwarebytes
2013-01-03 10:03 . 2012-01-20 13:14 18816 ----a-w- c:\windows\system32\roboot64.exe
2013-01-03 10:03 . 2013-01-03 10:57 -------- d-----w- c:\users\Petr\AppData\Roaming\systweak
2012-12-24 12:17 . 2012-12-24 12:17 53248 ----a-w- c:\windows\SysWow64\unrar.dll
2012-12-20 20:59 . 2012-12-20 20:59 -------- d-----w- c:\users\Petr\AppData\Local\Macromedia
2012-12-20 08:23 . 2012-12-20 08:23 -------- d-----w- c:\users\Petr\AppData\Local\Chromium
2012-12-18 22:40 . 2012-12-18 22:40 -------- d-----w- c:\users\Petr\AppData\Local\Mozilla
2012-12-18 22:39 . 2012-12-18 22:39 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-20 20:25 . 2012-05-30 14:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-20 20:25 . 2012-05-30 14:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-29 10:04 . 2012-11-29 10:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED633884-9FAA-4DD0-9F1E-AC91554B8D74}\gapaengine.dll
2012-11-15 23:53 . 2012-05-30 21:36 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-08 17:59 . 2012-11-29 10:04 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-06 14:06 . 2012-11-06 14:06 167936 ----a-w- c:\windows\tosbtapi.dll
2012-11-06 12:48 . 2012-11-06 12:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-06 12:48 . 2012-11-06 12:48 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-18 18:25 . 2012-11-15 19:41 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 60928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-31 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-30 834544]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [2010-03-11 16384]
S2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-03 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-12-25 76112]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-12-25 20304]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2009-12-25 12112]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2009-11-02 25088]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2009-11-02 14336]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-26 174680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-03-16 685672]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-11 10051616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010006&st=12&barid={C75A8F47-14D9-4ED2-8B50-CAABFAF79B59}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 50.23.4.2:3128
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=quicksearch_6826&q=
FF - prefs.js: network.proxy.http - 75.127.85.2
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
.
**************************************************************************
.
Celkový čas: 2013-01-10 21:13:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-10 20:13
ComboFix2.txt 2013-01-06 13:55
.
Před spuštěním: Volných bajtů: 21 790 199 808
Po spuštění: Volných bajtů: 21 490 626 560
.
- - End Of File - - 6396586043F97E93F9194ED4DABB592B
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Odpovídej na dotazy...
Odkud ten Combofix spouštíš? Máš jej mít na ploše!
jaro3 píše:FF - prefs.js: network.proxy.http - 75.127.85.2
FF - prefs.js: network.proxy.http_port – 3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 75.127.10.103:8080
ty porty sis otevřel sám??
Odkud ten Combofix spouštíš? Máš jej mít na ploše!
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu
Odpověděl jsem ,ale koukám , že to tu nikde není, nepouštěl jsem si nic.
Měl jsem teď plno práce. Mám tedy spustit znovu combofix? na ploše jsem ho neměl.
Měl jsem teď plno práce. Mám tedy spustit znovu combofix? na ploše jsem ho neměl.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
memphisto píše:Odpovídej na dotazy...jaro3 píše:FF - prefs.js: network.proxy.http - 75.127.85.2
FF - prefs.js: network.proxy.http_port – 3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 75.127.10.103:8080
ty porty sis otevřel sám??
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
OTL logfile created on: 16.1.2013 9:49:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petr\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,97 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,68% Memory free
7,93 Gb Paging File | 6,60 Gb Available in Paging File | 83,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 20,12 Gb Free Space | 13,50% Space Free | Partition Type: NTFS
Drive D: | 147,58 Gb Total Space | 101,30 Gb Free Space | 68,64% Space Free | Partition Type: NTFS
Computer Name: PETR-PC | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Petr\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV - (MBAMService) -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GeniusMouseService) -- C:\Genius\ioCentre\GMouseService.exe ()
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (GFI Software)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (gMouUsb) -- C:\Windows\SysNative\drivers\gMouUsb.sys ()
DRV:64bit: - (gHidPnp) -- C:\Windows\SysNative\drivers\gHidPnp.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006&st=12&barid={C75A8F47-14D9-4ED2-8B50-CAABFAF79B59}
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 6&st=12&q={searchTerms}&barid={C75A8F47-14D9-4ED2-8B50-CAABFAF79B59}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=110227&tt=0113_2&babsrc=SP_ss&mntrId=b4c9fd780000000000000024d2d9cb2e
IE - HKCU\..\SearchScopes\{399a1442-7377-49e7-8d77-6dc9ed5968c1}: "URL" = http://www.zbozi.cz/?q={searchTerms}&sourceid=quicksearch_6826
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=vmn&t ... 2_0yach&q={searchTerms}&ei=UTF-8
IE - HKCU\..\SearchScopes\{5cf5d387-d87c-4408-9a6b-301b0713d62a}: "URL" = http://www.mapy.cz/?query={searchTerms}&sourceid=quicksearch_6826
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3270697B-AF41-442B-9B68-B92658EC0456}&mid=d0ea625b9d4b47d0a970d16f64cbe7ff-b9877e41c588ee287fbf45f78c1202b7dcd5dce5&lang=cs&ds=is015&pr=sa&d=2012-05-31 17:53:18&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{eb97f7df-1773-4916-aae6-5af74da8c69d}: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 6&st=12&q={searchTerms}&barid={C75A8F47-14D9-4ED2-8B50-CAABFAF79B59}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 203.70.194.123:3128
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7Bea614400-e918-4741-9a97-7a972ff7c30b%7D:2.5.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://search.seznam.cz/?sourceid=quicksearch_6826&q="
FF - prefs.js..network.proxy.http: " 75.127.85.2"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Petr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Petr\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Petr\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Programy\Mozilla Firefox\components [2012.12.18 23:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2012.12.18 23:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petr\AppData\Roaming\Mozilla\Extensions
[2013.01.05 16:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2013.01.05 16:59:32 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2012.12.20 09:22:28 | 000,000,000 | ---D | M] (Yandex.Bar) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru
[2012.11.19 12:49:36 | 000,002,514 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\browsemngr.xml
[2012.11.19 12:49:36 | 000,002,514 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\BrowserProtect.xml
[2012.12.20 09:23:03 | 000,001,946 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ybqs-firmy.xml
[2012.12.20 09:23:03 | 000,002,040 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ybqs-mapy.xml
[2012.12.20 09:23:03 | 000,002,126 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ybqs-seznam.xml
[2012.12.20 09:23:03 | 000,001,951 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ybqs-sz_vidia.xml
[2012.12.20 09:23:03 | 000,002,096 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ybqs-zbozi.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Petr\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Petr\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Petr\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Petr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - Extension: SweetIM for Facebook = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
O1 HOSTS File: ([2013.01.10 21:08:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found.
O2 - BHO: (no name) - {EA837F48-5AD1-443e-AE34-FFE03CBF3099} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe ()
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 147.229.191.143 147.229.190.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C0C2ABC-0964-4FC3-8811-86B2A3156D4E}: DhcpNameServer = 147.229.191.143 147.229.190.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{796E2F6A-316B-418D-BE19-940759B2188E}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.16 09:45:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
[2013.01.16 09:43:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.12 15:18:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.01.11 13:57:27 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XeroBank
[2013.01.10 21:13:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.10 11:17:09 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.01.06 19:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ST Proxy Switcher
[2013.01.06 19:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free IP Switcher
[2013.01.06 15:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IP Changer Premium
[2013.01.06 14:27:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.05 18:43:44 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Apple Computer
[2013.01.05 17:50:00 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Adobe
[2013.01.05 10:30:16 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\ATI
[2013.01.05 10:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.05 10:14:53 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.03 17:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2013.01.03 13:51:20 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\Malwarebytes
[2013.01.03 13:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.03 11:03:27 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013.01.03 11:03:20 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\systweak
[2012.12.29 22:18:10 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\stranky
[2012.12.28 19:59:19 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\matika
[2012.12.24 13:19:33 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.12.24 13:18:49 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cossacks - Back To War
[2012.12.24 13:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cossacks - Back To War
[2012.12.20 21:59:59 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Macromedia
[2012.12.20 09:23:00 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Chromium
[2012.12.18 23:40:56 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Mozilla
[2012.12.18 23:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.18 23:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
========== Files - Modified Within 30 Days ==========
[2013.01.16 09:53:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 09:53:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 09:46:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.16 09:46:04 | 3193,597,952 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 09:45:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
[2013.01.16 09:25:48 | 001,470,062 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.16 09:25:48 | 000,631,292 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.01.16 09:25:48 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.16 09:25:48 | 000,121,914 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.01.16 09:25:48 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.11 13:57:28 | 000,000,664 | ---- | M] () -- C:\Users\Petr\Desktop\xB Browser.lnk
[2013.01.10 21:08:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.06 19:33:26 | 000,000,727 | ---- | M] () -- C:\Users\Petr\Desktop\ST Proxy Switcher.lnk
[2013.01.06 19:25:16 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013.01.05 10:15:01 | 000,000,735 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.27 13:54:29 | 000,020,881 | ---- | M] () -- C:\Users\Petr\Desktop\486233_3905893415216_1826655106_n.jpg
[2012.12.27 13:53:20 | 000,052,018 | ---- | M] () -- C:\Users\Petr\Desktop\380938_3665669575260_2078965074_n.jpg
[2012.12.27 13:50:42 | 000,053,795 | ---- | M] () -- C:\Users\Petr\Desktop\68939_401120353302200_1662750166_n.jpg
[2012.12.27 13:50:38 | 000,050,205 | ---- | M] () -- C:\Users\Petr\Desktop\525049_401120313302204_165243609_n.jpg
[2012.12.27 13:50:34 | 000,048,919 | ---- | M] () -- C:\Users\Petr\Desktop\224804_401120263302209_1667772696_n.jpg
[2012.12.27 13:50:30 | 000,096,769 | ---- | M] () -- C:\Users\Petr\Desktop\68960_401120386635530_1850416278_n.jpg
[2012.12.24 13:17:23 | 000,053,248 | ---- | M] () -- C:\Windows\SysWow64\unrar.dll
[2012.12.24 13:14:22 | 000,000,000 | -H-- | M] () -- C:\Users\Petr\Documents\Default.rdp
[2012.12.20 21:25:54 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.20 21:25:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013.01.11 13:57:28 | 000,000,664 | ---- | C] () -- C:\Users\Petr\Desktop\xB Browser.lnk
[2013.01.06 19:33:26 | 000,000,727 | ---- | C] () -- C:\Users\Petr\Desktop\ST Proxy Switcher.lnk
[2013.01.06 19:25:00 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013.01.05 10:15:01 | 000,000,735 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.27 13:54:27 | 000,020,881 | ---- | C] () -- C:\Users\Petr\Desktop\486233_3905893415216_1826655106_n.jpg
[2012.12.27 13:53:20 | 000,052,018 | ---- | C] () -- C:\Users\Petr\Desktop\380938_3665669575260_2078965074_n.jpg
[2012.12.27 13:50:42 | 000,053,795 | ---- | C] () -- C:\Users\Petr\Desktop\68939_401120353302200_1662750166_n.jpg
[2012.12.27 13:50:38 | 000,050,205 | ---- | C] () -- C:\Users\Petr\Desktop\525049_401120313302204_165243609_n.jpg
[2012.12.27 13:50:34 | 000,048,919 | ---- | C] () -- C:\Users\Petr\Desktop\224804_401120263302209_1667772696_n.jpg
[2012.12.27 13:50:29 | 000,096,769 | ---- | C] () -- C:\Users\Petr\Desktop\68960_401120386635530_1850416278_n.jpg
[2012.12.24 13:17:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.12.24 13:14:22 | 000,000,000 | -H-- | C] () -- C:\Users\Petr\Documents\Default.rdp
[2012.12.18 23:39:43 | 000,000,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.07 12:30:26 | 000,000,110 | ---- | C] () -- C:\Windows\amapro.dat
[2012.10.28 17:38:29 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012.05.31 12:02:26 | 000,018,432 | ---- | C] () -- C:\Windows\ss3unstl.exe
[2012.05.31 11:41:34 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2012.05.30 15:49:11 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2012.05.30 14:50:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.21 21:54:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2012.03.21 21:54:22 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.07.12 17:35:30 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Autodesk
[2012.11.19 12:48:57 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Babylon
[2012.05.31 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\BSD
[2012.07.12 16:51:12 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\DAEMON Tools Lite
[2012.05.31 17:22:26 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\driveridentifier
[2012.10.22 10:51:41 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\GHISLER
[2012.05.31 17:12:35 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\HydraMouse
[2012.10.28 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\IN-MEDIAKG
[2012.09.26 10:52:05 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\KompoZer
[2012.10.28 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\mresreg
[2012.11.19 12:51:08 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\pdfforge
[2012.05.30 16:12:05 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\QIP
[2013.01.03 16:46:11 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\QipGuard
[2013.01.05 09:54:11 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Seznam.cz
[2013.01.03 11:57:01 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\systweak
[2012.11.06 15:25:37 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Toshiba
[2012.11.06 14:57:52 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Toshiba Drivers Update Utility
[2012.05.30 20:05:24 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\WinBatch
[2012.12.20 09:22:35 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Yandex
========== Purity Check ==========
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petr\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,97 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,68% Memory free
7,93 Gb Paging File | 6,60 Gb Available in Paging File | 83,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 20,12 Gb Free Space | 13,50% Space Free | Partition Type: NTFS
Drive D: | 147,58 Gb Total Space | 101,30 Gb Free Space | 68,64% Space Free | Partition Type: NTFS
Computer Name: PETR-PC | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Petr\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV - (MBAMService) -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GeniusMouseService) -- C:\Genius\ioCentre\GMouseService.exe ()
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (GFI Software)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (gMouUsb) -- C:\Windows\SysNative\drivers\gMouUsb.sys ()
DRV:64bit: - (gHidPnp) -- C:\Windows\SysNative\drivers\gHidPnp.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006&st=12&barid={C75A8F47-14D9-4ED2-8B50-CAABFAF79B59}
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 6&st=12&q={searchTerms}&barid={C75A8F47-14D9-4ED2-8B50-CAABFAF79B59}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=110227&tt=0113_2&babsrc=SP_ss&mntrId=b4c9fd780000000000000024d2d9cb2e
IE - HKCU\..\SearchScopes\{399a1442-7377-49e7-8d77-6dc9ed5968c1}: "URL" = http://www.zbozi.cz/?q={searchTerms}&sourceid=quicksearch_6826
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=vmn&t ... 2_0yach&q={searchTerms}&ei=UTF-8
IE - HKCU\..\SearchScopes\{5cf5d387-d87c-4408-9a6b-301b0713d62a}: "URL" = http://www.mapy.cz/?query={searchTerms}&sourceid=quicksearch_6826
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3270697B-AF41-442B-9B68-B92658EC0456}&mid=d0ea625b9d4b47d0a970d16f64cbe7ff-b9877e41c588ee287fbf45f78c1202b7dcd5dce5&lang=cs&ds=is015&pr=sa&d=2012-05-31 17:53:18&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{eb97f7df-1773-4916-aae6-5af74da8c69d}: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 6&st=12&q={searchTerms}&barid={C75A8F47-14D9-4ED2-8B50-CAABFAF79B59}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 203.70.194.123:3128
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7Bea614400-e918-4741-9a97-7a972ff7c30b%7D:2.5.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://search.seznam.cz/?sourceid=quicksearch_6826&q="
FF - prefs.js..network.proxy.http: " 75.127.85.2"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Petr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Petr\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Petr\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Programy\Mozilla Firefox\components [2012.12.18 23:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2012.12.18 23:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petr\AppData\Roaming\Mozilla\Extensions
[2013.01.05 16:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2013.01.05 16:59:32 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2012.12.20 09:22:28 | 000,000,000 | ---D | M] (Yandex.Bar) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru
[2012.11.19 12:49:36 | 000,002,514 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\browsemngr.xml
[2012.11.19 12:49:36 | 000,002,514 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\BrowserProtect.xml
[2012.12.20 09:23:03 | 000,001,946 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ybqs-firmy.xml
[2012.12.20 09:23:03 | 000,002,040 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ybqs-mapy.xml
[2012.12.20 09:23:03 | 000,002,126 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ybqs-seznam.xml
[2012.12.20 09:23:03 | 000,001,951 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ybqs-sz_vidia.xml
[2012.12.20 09:23:03 | 000,002,096 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ybqs-zbozi.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Petr\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Petr\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Petr\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = D:\Programy\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Petr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - Extension: SweetIM for Facebook = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
O1 HOSTS File: ([2013.01.10 21:08:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found.
O2 - BHO: (no name) - {EA837F48-5AD1-443e-AE34-FFE03CBF3099} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe ()
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 147.229.191.143 147.229.190.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C0C2ABC-0964-4FC3-8811-86B2A3156D4E}: DhcpNameServer = 147.229.191.143 147.229.190.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{796E2F6A-316B-418D-BE19-940759B2188E}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.16 09:45:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
[2013.01.16 09:43:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.12 15:18:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.01.11 13:57:27 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XeroBank
[2013.01.10 21:13:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.10 11:17:09 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.01.06 19:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ST Proxy Switcher
[2013.01.06 19:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free IP Switcher
[2013.01.06 15:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IP Changer Premium
[2013.01.06 14:27:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.05 18:43:44 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Apple Computer
[2013.01.05 17:50:00 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Adobe
[2013.01.05 10:30:16 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\ATI
[2013.01.05 10:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.05 10:14:53 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.03 17:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2013.01.03 13:51:20 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\Malwarebytes
[2013.01.03 13:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.03 11:03:27 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013.01.03 11:03:20 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\systweak
[2012.12.29 22:18:10 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\stranky
[2012.12.28 19:59:19 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\matika
[2012.12.24 13:19:33 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.12.24 13:18:49 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cossacks - Back To War
[2012.12.24 13:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cossacks - Back To War
[2012.12.20 21:59:59 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Macromedia
[2012.12.20 09:23:00 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Chromium
[2012.12.18 23:40:56 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Mozilla
[2012.12.18 23:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.18 23:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
========== Files - Modified Within 30 Days ==========
[2013.01.16 09:53:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 09:53:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 09:46:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.16 09:46:04 | 3193,597,952 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 09:45:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
[2013.01.16 09:25:48 | 001,470,062 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.16 09:25:48 | 000,631,292 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.01.16 09:25:48 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.16 09:25:48 | 000,121,914 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.01.16 09:25:48 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.11 13:57:28 | 000,000,664 | ---- | M] () -- C:\Users\Petr\Desktop\xB Browser.lnk
[2013.01.10 21:08:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.06 19:33:26 | 000,000,727 | ---- | M] () -- C:\Users\Petr\Desktop\ST Proxy Switcher.lnk
[2013.01.06 19:25:16 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013.01.05 10:15:01 | 000,000,735 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.27 13:54:29 | 000,020,881 | ---- | M] () -- C:\Users\Petr\Desktop\486233_3905893415216_1826655106_n.jpg
[2012.12.27 13:53:20 | 000,052,018 | ---- | M] () -- C:\Users\Petr\Desktop\380938_3665669575260_2078965074_n.jpg
[2012.12.27 13:50:42 | 000,053,795 | ---- | M] () -- C:\Users\Petr\Desktop\68939_401120353302200_1662750166_n.jpg
[2012.12.27 13:50:38 | 000,050,205 | ---- | M] () -- C:\Users\Petr\Desktop\525049_401120313302204_165243609_n.jpg
[2012.12.27 13:50:34 | 000,048,919 | ---- | M] () -- C:\Users\Petr\Desktop\224804_401120263302209_1667772696_n.jpg
[2012.12.27 13:50:30 | 000,096,769 | ---- | M] () -- C:\Users\Petr\Desktop\68960_401120386635530_1850416278_n.jpg
[2012.12.24 13:17:23 | 000,053,248 | ---- | M] () -- C:\Windows\SysWow64\unrar.dll
[2012.12.24 13:14:22 | 000,000,000 | -H-- | M] () -- C:\Users\Petr\Documents\Default.rdp
[2012.12.20 21:25:54 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.20 21:25:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013.01.11 13:57:28 | 000,000,664 | ---- | C] () -- C:\Users\Petr\Desktop\xB Browser.lnk
[2013.01.06 19:33:26 | 000,000,727 | ---- | C] () -- C:\Users\Petr\Desktop\ST Proxy Switcher.lnk
[2013.01.06 19:25:00 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013.01.05 10:15:01 | 000,000,735 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.27 13:54:27 | 000,020,881 | ---- | C] () -- C:\Users\Petr\Desktop\486233_3905893415216_1826655106_n.jpg
[2012.12.27 13:53:20 | 000,052,018 | ---- | C] () -- C:\Users\Petr\Desktop\380938_3665669575260_2078965074_n.jpg
[2012.12.27 13:50:42 | 000,053,795 | ---- | C] () -- C:\Users\Petr\Desktop\68939_401120353302200_1662750166_n.jpg
[2012.12.27 13:50:38 | 000,050,205 | ---- | C] () -- C:\Users\Petr\Desktop\525049_401120313302204_165243609_n.jpg
[2012.12.27 13:50:34 | 000,048,919 | ---- | C] () -- C:\Users\Petr\Desktop\224804_401120263302209_1667772696_n.jpg
[2012.12.27 13:50:29 | 000,096,769 | ---- | C] () -- C:\Users\Petr\Desktop\68960_401120386635530_1850416278_n.jpg
[2012.12.24 13:17:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.12.24 13:14:22 | 000,000,000 | -H-- | C] () -- C:\Users\Petr\Documents\Default.rdp
[2012.12.18 23:39:43 | 000,000,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.07 12:30:26 | 000,000,110 | ---- | C] () -- C:\Windows\amapro.dat
[2012.10.28 17:38:29 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012.05.31 12:02:26 | 000,018,432 | ---- | C] () -- C:\Windows\ss3unstl.exe
[2012.05.31 11:41:34 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2012.05.30 15:49:11 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2012.05.30 14:50:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.21 21:54:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2012.03.21 21:54:22 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.07.12 17:35:30 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Autodesk
[2012.11.19 12:48:57 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Babylon
[2012.05.31 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\BSD
[2012.07.12 16:51:12 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\DAEMON Tools Lite
[2012.05.31 17:22:26 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\driveridentifier
[2012.10.22 10:51:41 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\GHISLER
[2012.05.31 17:12:35 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\HydraMouse
[2012.10.28 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\IN-MEDIAKG
[2012.09.26 10:52:05 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\KompoZer
[2012.10.28 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\mresreg
[2012.11.19 12:51:08 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\pdfforge
[2012.05.30 16:12:05 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\QIP
[2013.01.03 16:46:11 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\QipGuard
[2013.01.05 09:54:11 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Seznam.cz
[2013.01.03 11:57:01 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\systweak
[2012.11.06 15:25:37 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Toshiba
[2012.11.06 14:57:52 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Toshiba Drivers Update Utility
[2012.05.30 20:05:24 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\WinBatch
[2012.12.20 09:22:35 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Yandex
========== Purity Check ==========
< End of report >
Re: Prosím o kontrolu logu
OTL Extras logfile created on: 16.1.2013 9:49:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petr\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,97 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,68% Memory free
7,93 Gb Paging File | 6,60 Gb Available in Paging File | 83,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 20,12 Gb Free Space | 13,50% Space Free | Partition Type: NTFS
Drive D: | 147,58 Gb Total Space | 101,30 Gb Free Space | 68,64% Space Free | Partition Type: NTFS
Computer Name: PETR-PC | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\ProgramY\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\ProgramY\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AFB39F-CA18-4A86-B6FD-C1614F11F442}" = rport=138 | protocol=17 | dir=out | app=system |
"{117D5230-6794-4D4B-8C94-959F2D631AD0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=sdílení souborů a tiskáren (služba zařazování tisku – rpc-epmap) |
"{1EE2E250-9751-4F45-9ECC-5987B0546F9B}" = rport=139 | protocol=6 | dir=out | app=system |
"{264B9B7A-069A-40FC-9E56-ABA71D775A8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5B94528C-204A-4722-9200-3CCECD8A04DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{894650E4-8B05-476A-8937-1BB59B9690F9}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A9BD11A-2A8B-4937-9360-9974D2A36BA4}" = lport=445 | protocol=6 | dir=in | app=system |
"{915448A6-C8FD-4115-B3EA-5F8F4B838478}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{987DE5DE-C149-4F54-BF06-AD437C08B69E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9912A3B0-67FC-4C56-95D6-3C2C6BE91C81}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF323FC4-C04C-42F9-94A0-B98057B0F070}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0D0AEDC-6AAA-4F0A-ADA8-CFF2CBF23C0F}" = lport=139 | protocol=6 | dir=in | app=system |
"{C1F3ED2E-3D21-4674-B125-D846BB9A466B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DEE07FB6-7C18-4DA9-8677-E91F098BACB5}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF9B63D6-D2DE-42AF-B0DD-FF50A02DFD35}" = rport=445 | protocol=6 | dir=out | app=system |
"{F5F12062-5889-4A44-93D0-67CCABDA763D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02789106-4834-45CA-B48A-9EEF625A1238}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2strm.exe |
"{0294C173-2402-4132-9985-70CD00C27B0D}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsinfo.exe |
"{030EFB8F-F212-446E-8726-A51F2967F3F7}" = dir=in | app=d:\programy\orcad\\tools\dfii\bin\skill.exe |
"{0542FBF7-7DEC-4981-A5E4-D97B0727A7C6}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jusched.exe |
"{059A16AD-4761-4321-A281-6AD1EBD0D7CB}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qhelpgenerator.exe |
"{08683996-69BE-4804-B9AB-090D86974E7B}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\keytool.exe |
"{086EAE0C-A355-4221-8B5E-50527D4D5992}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2strm.exe |
"{0A03A300-F6C2-4547-A727-ECAB2E353683}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\kinit.exe |
"{0AA4C368-52DC-49AA-AD5E-2E20AF8A82FC}" = protocol=17 | dir=in | app=d:\programy\mozilla firefox\firefox.exe |
"{0AEAAE13-54E5-4AE8-96DD-43CCCB375534}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsmps.exe |
"{0B486683-D816-420D-A074-B7AF239538D1}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspiceenc.exe |
"{0E33DBA2-63BA-45DE-8BD8-B61E1B1D99FE}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\cdnshelpindexer.exe |
"{0F80ACD6-4D3E-46EF-941F-8E3B119172DA}" = dir=in | app=d:\programy\orcad\\tools\bin\consmgr.exe |
"{0FEB1144-D773-43C2-8C65-C28D8EB0131C}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\wish.exe |
"{139BC095-E3BC-4A97-B7D5-432FA63CB043}" = dir=in | app=d:\programy\orcad\\tools\bin\cdszip.exe |
"{13CB1743-DBFB-448E-B1DA-E923D975B3EC}" = dir=in | app=d:\programy\orcad\\tools\bin\switchversion.exe |
"{14B50930-739D-4A24-B44D-A56B5F2FB2B6}" = protocol=17 | dir=in | app=d:\hry\cossacks - back to war\dmcr.exe |
"{15A07058-46C5-4E7F-995C-CCDE242AE16F}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\klist.exe |
"{1667F28E-989A-45FE-844B-5C121478B5EF}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qtdemo.exe |
"{166BD640-3D3F-4989-A62B-F11333FC538C}" = dir=in | app=d:\programy\orcad\\tools\pspice\mrksrvr.exe |
"{1724F7F6-3646-4C79-8E05-0D611423F114}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\orbd.exe |
"{1792C414-E584-4C81-AA74-6AF38E741488}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\keytool.exe |
"{17B20593-1260-42C5-B38E-9C42A89B68B7}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsmps.exe |
"{17D36E88-9E87-4B4E-9FE5-32C4A20F4461}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\tclsh.exe |
"{17E69D76-45CC-4521-824A-7F0D1ED3C364}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\uic3.exe |
"{18650A3B-F562-47C2-AE46-A45F2B05986B}" = dir=in | app=d:\programy\orcad\\tools\bin\emsmkerror.exe |
"{18AC4A09-8A02-4ED6-8E58-05A4330D4354}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\rmid.exe |
"{1943F847-1B6D-477B-B8B3-073732A438A8}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lupdate.exe |
"{196368F3-A8EC-410D-9698-79AE102A40DE}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\lef2oa.exe |
"{19BC1FD5-966B-491F-8678-B9A59E789BAE}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jureg.exe |
"{19FEF625-B312-4DF1-9422-0C32F93DE210}" = dir=in | app=d:\programy\orcad\\tools\bin\emschecker.exe |
"{1A9CF4C9-CA58-4B2A-AD41-D4F6891C4AF7}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\_cdnshelp.exe |
"{1ADB69AD-D37C-4C5F-BA5F-270F01B088C0}" = dir=in | app=d:\programy\orcad\\tools\pcb\bin\sys_root.exe |
"{1BE43640-8CD3-46E6-80C7-470142217553}" = dir=in | app=d:\programy\orcad\\tools\pspice\mrksrvr.exe |
"{1C79783A-D64B-49F4-83AB-6DDBEE250CF7}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspice.exe |
"{20F34573-8152-40F6-94A4-0741002A5E27}" = protocol=1 | dir=out | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv4-out) |
"{22F99773-6211-41DF-BAA5-1A334D978B9A}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\orbd.exe |
"{240234AE-0A50-4751-8727-A313D1A0DE97}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\assistant_adp.exe |
"{254AF3ED-194F-4C60-8E11-40BD2552BF2F}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2spef.exe |
"{2629E0EF-A957-4169-9948-F620F8D6255E}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javaws.exe |
"{2696F552-12EF-47C7-8595-A1D34A52BE9A}" = dir=in | app=d:\programy\orcad\\tools\bin\nmp.exe |
"{27EDE8B4-BEBD-420D-A893-573B1302A693}" = dir=in | app=d:\programy\orcad\\tools\bin\clu.exe |
"{2806AC0D-C0A1-47D8-B0CE-E2F406B9EE3B}" = dir=in | app=d:\programy\orcad\\tools\capture\pcadi.exe |
"{281404FE-654F-4FC5-8DCA-8C8772C2104A}" = dir=in | app=d:\programy\orcad\\tools\bin\cdswhich.exe |
"{28D3BD1A-1872-47CB-A0F9-0B9A617A90EE}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\tclsh84.exe |
"{29F063B4-0E2D-4398-877F-59B15C683F41}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\pixeltool.exe |
"{2A878011-177B-4A28-AF91-AE4317DD8E56}" = dir=in | app=d:\programy\orcad\\tools\pcb\bin\sys_root.exe |
"{2AD66A3C-C204-4D2A-9F2D-827929697EC8}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\designer.exe |
"{2B5DAC56-8A0F-4B92-B324-22EDD2FAD950}" = protocol=6 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"{2D56D647-54E9-4FAE-91CB-CCEFB8465CF9}" = dir=in | app=d:\programy\orcad\\tools\bin\cdnshelp.exe |
"{2E8B7F81-B17D-464A-AE6F-4EB4966C7E02}" = dir=in | app=d:\programy\orcad\\tools\capture\tutorial\captutor.exe |
"{2FA88C55-6C44-4641-A824-FFE8C8D3EB95}" = protocol=6 | dir=in | app=c:\users\petr\appdata\local\google\chrome\application\chrome.exe |
"{2FFDDCE3-FDDC-4F45-AE6B-650F339E4439}" = dir=in | app=d:\programy\orcad\\tools\capture\capture.exe |
"{30ACD37D-A005-4870-A3D7-BB50D97CF7B1}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qcollectiongenerator.exe |
"{31C7174B-CE63-4CD0-9ADE-6C3DF6019CD6}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsrunhidden.exe |
"{3218756A-9820-4B0B-8C19-B1D5F19118F7}" = protocol=17 | dir=in | app=c:\users\petr\appdata\local\google\chrome\application\chrome.exe |
"{33D1994D-DE33-4EDA-9C81-7EFB6C037F0C}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2spef.exe |
"{3667C191-898F-439B-8B96-95712315B6C3}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{36C7CA84-AE1A-4CC5-BC39-9E7151588A77}" = dir=in | app=d:\programy\orcad\\tools\capture\tutorial\captutor.exe |
"{3ABBAF4D-46F5-4049-91B9-67D58DCE9E04}" = dir=in | app=d:\programy\orcad\\tools\bin\cds_root.exe |
"{3B4F004B-5124-4DB9-8082-95B5BEB6B527}" = dir=in | app=d:\programy\orcad\\tools\bin\versionviewer.exe |
"{3B8EF3FF-4164-4F64-BFF3-1088D1BD51C8}" = dir=in | app=d:\programy\orcad\\tools\bin\regsvr32.exe |
"{3EA8BFF6-D882-40D0-9BE3-2000464511D3}" = dir=in | app=d:\programy\orcad\\tools\pspice\indicefilegeneration.exe |
"{3FBE38DF-4A02-4C96-86DB-71D64ABE2E83}" = dir=in | app=d:\programy\orcad\\tools\bin\clsbd.exe |
"{402B1ACC-2703-4C6B-BB38-388CC8F1CFD0}" = dir=in | app=d:\programy\orcad\\tools\capture\pcadi.exe |
"{40393056-D01F-40E3-B7BF-6F187A748900}" = dir=in | app=d:\programy\orcad\\tools\bin\nmp.exe |
"{40E4938F-932E-4E39-9254-62AE7D2ABF7B}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\idc.exe |
"{40E86C56-F873-438D-89CD-06BDFC49E6C9}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\strm2oa.exe |
"{427C1399-8D4E-41A5-A4BD-5E6AA941F44F}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\ktab.exe |
"{427DBB4E-C2CF-4B83-B0A4-1635989C9DA0}" = dir=in | app=d:\programy\orcad\\tools\bin\msghelp.exe |
"{42E23385-1D6C-43B2-B4D0-A57AF0BCB042}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\java-rmi.exe |
"{447B4E0F-BA96-429F-8C71-720690DCF707}" = dir=in | app=d:\programy\orcad\\tools\pspice\indicefilegeneration.exe |
"{44BBE165-D0AD-4B47-B954-8CA15687706D}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{4A5F5384-7B3E-4529-93FC-8B0858EE3AC7}" = dir=in | app=d:\programy\orcad\\tools\bin\regsvr32.exe |
"{4A935B6C-396F-426C-A704-256713F24F43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4C1BA58C-B93C-4B9C-9F35-D2EF592E44BA}" = dir=in | app=d:\programy\orcad\\tools\bin\cdnshelp.exe |
"{4C89BE14-CA2B-4EE3-B736-DF7749614987}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\verilogannotate.exe |
"{4D9728CC-A035-490D-8F2A-8E44E4471229}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\servertool.exe |
"{4DC51F46-9E43-4E06-AF0C-3DF592DEBAAC}" = dir=in | app=c:\users\petr\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{4EC0AB2C-5732-4C30-AAA3-59D92623458D}" = protocol=17 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"{4FA695EB-7B07-4AA6-A925-D0B44CBCA5A3}" = dir=in | app=d:\programy\orcad\\tools\capture\comp16.exe |
"{4FD7B5DB-BA9F-477B-83B1-7B7FC7A941A1}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qhelpgenerator.exe |
"{50E78EAC-6A55-43A2-B0F0-D53956124BD0}" = dir=in | app=d:\programy\orcad\\tools\bin\clu.exe |
"{51527657-4148-44C3-81ED-289B2834CF75}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qmake.exe |
"{51E43A8E-F727-4EC5-940E-21D9738B7C44}" = dir=in | app=d:\programy\orcad\\tools\pspice\magneticdesigner.exe |
"{53E420A8-150D-4FAA-A447-127B94685FA9}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsmsgserver.exe |
"{5462FEDC-241C-4621-8973-E1ADB914B91D}" = dir=in | app=d:\programy\orcad\\tools\bin\emsmkerror.exe |
"{55951606-F53F-41E8-B23D-8D8D70041DEB}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2lef.exe |
"{56FE1324-4718-442E-94AD-3991BE09F919}" = dir=in | app=d:\programy\orcad\\tools\capture\comp16.exe |
"{57025FB6-6E6B-4F34-B76F-C53D5183814B}" = dir=in | app=d:\programy\orcad\\tools\bin\emschecker.exe |
"{575D8EAC-20F0-48D6-A6DE-9431D049DEA3}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qcollectiongenerator.exe |
"{57A96846-DF29-4D94-BD4D-5026D1F2A162}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{57B2208F-745C-4E05-AA7E-BB658742C86E}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\rcc.exe |
"{59B5E980-2BC5-4C72-B65A-B1DF6EE4D76B}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\linguist.exe |
"{5AA503E1-DDE7-431C-9C2B-850406799666}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspiceenc.exe |
"{5B030C85-33B1-4523-86E4-8815ED74AF7A}" = protocol=6 | dir=in | app=d:\hry\cossacks - back to war\dmcr.exe |
"{5B3DFEE0-9DC4-4E57-B1B5-13149F6BD789}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\lef2oa.exe |
"{5D5690B0-4FDC-4C7D-9EEE-9B2751529396}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qhelpconverter.exe |
"{5E2DEAAA-B8D6-4471-A255-3D16D3D6FCF3}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oagetversion.exe |
"{61938000-9B2F-4540-88FC-ED072D4B0145}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{61CB2CA9-D351-48EE-89B9-CC3461CF9068}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\policytool.exe |
"{62ED9A27-58BD-49E2-A3AD-B23199F61043}" = dir=in | app=d:\programy\orcad\\tools\bin\cdszip.exe |
"{655D83A3-3068-4102-9AA1-BEBD799065C4}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\wish84.exe |
"{65A3F1B0-F95C-4210-8C29-C0FB7C9E56D0}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\tagtest.exe |
"{6636B88F-FC9F-41F5-B433-36CD77E903CC}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\spef2oa.exe |
"{67B4B7DD-F9CA-4134-8ACB-BAB89EFCD67F}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\rmid.exe |
"{67EBDD2D-9E7C-4CD8-B6CF-5E636090AF85}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qhelpconverter.exe |
"{69168DEE-77E8-449F-BD94-CDC0520E1588}" = dir=in | app=d:\programy\orcad\\tools\bin\pspiceexplorersrvr.exe |
"{6A7D529A-C8FF-42F1-905F-6A21AC456D8C}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qmake.exe |
"{6E0094B1-A556-43E3-A714-635A498A6F8F}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qt3to4.exe |
"{6EA342C8-5396-431F-89F4-B67F173C97C6}" = protocol=17 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"{7057FE2A-81A8-4274-B35D-2A758E6E035A}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\def2oa.exe |
"{70BDFE8B-F524-4C91-A127-C927A2098F55}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\pixeltool.exe |
"{71DF893A-A5E7-4DE0-94D4-316450C2E63D}" = dir=in | app=d:\programy\orcad\\tools\bin\consmgr.exe |
"{724DCDC0-ABFB-4152-8A11-86D07905DCFA}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oadmturboserver.exe |
"{7352ADB7-BE24-4E1F-940F-CAB674466349}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\cdnshelpindexer.exe |
"{73BAD1D4-A6D2-492A-8ED6-A30A8A8C99FF}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\verilogannotate.exe |
"{75C1B358-4EAB-4714-AD66-C0D5C79542C3}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\moc.exe |
"{777D763F-5A80-45EB-A3AE-C3C01D080CAD}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\topicgen.exe |
"{7862260F-DE93-44EF-998B-CC2ADE0B1229}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\dumpcpp.exe |
"{79932581-75BD-404C-86DE-8897EC8FEEC9}" = dir=in | app=d:\programy\orcad\\tools\pspice\simsrvr.exe |
"{79D5A39A-5666-42A1-B9EE-CCF4B1EB2A88}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsservipc.exe |
"{7A6084DC-8E62-4D9A-A9B1-E5620F042D76}" = dir=in | app=d:\programy\orcad\\tools\bin\xcon2project.exe |
"{7CF907E9-EFCF-45FD-A446-A7BF0F114C51}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lconvert.exe |
"{7DFF2FD2-7CC3-4CCF-952A-89A02E2FA27C}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsremote.exe |
"{804388DA-DCC2-47DA-8978-275D04358652}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javaw.exe |
"{8045BB2C-15FC-4847-8215-8B7212B57BD6}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2verilog.exe |
"{835FDE44-0B39-4E9E-B0FE-F4B1EEF3C033}" = protocol=58 | dir=out | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv6-out) |
"{84BB3905-6884-4991-90AA-4800713CD84D}" = dir=in | app=d:\programy\orcad\\tools\dfii\bin\skill.exe |
"{85A1BF84-6C8C-424B-BDDD-A3088BBE4E9D}" = dir=in | app=d:\programy\orcad\\tools\pspice\psp_cmd.exe |
"{8632F49A-BA2F-4B86-8D13-A310E0E8BD91}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lrelease.exe |
"{879FD255-01D3-4162-9257-3EE52AD8B015}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8996D481-2C11-4630-8A2F-93CB051EBB11}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\indexer.exe |
"{8B80A823-2E47-4CCC-816A-629D318AD7FF}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\assistant.exe |
"{8C1A720D-E8B2-4BA2-9AB5-C1599F116DAE}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javacpl.exe |
"{8D3F46F8-B46E-4E43-8E85-D5AC07D0988C}" = protocol=6 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"{8D8D9EB1-609D-4F70-9912-8BD3ADCBD2EB}" = dir=in | app=d:\programy\orcad\\tools\pspice\simmgr.exe |
"{8DE875D2-914A-42AE-8975-C896D7816982}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsremshclient.exe |
"{8E5B30AF-E5F8-48B8-8F09-C20EB6C61A75}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\uic.exe |
"{8F0B1AA0-5A78-42B7-B2ED-911A2C8828DE}" = dir=in | app=d:\programy\orcad\\tools\bin\nmppath.exe |
"{8F521F1D-AEAC-4D02-B504-693D152AC896}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jucheck.exe |
"{905B9C29-FA65-437E-AFB0-8B7A275DF55A}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2verilog.exe |
"{90F83CE2-EF6B-433D-BB2D-4B70D48AB1A4}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\rmiregistry.exe |
"{91BE5842-7896-4ECA-B759-2BE00E39C404}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lconvert.exe |
"{92FC0AD0-AEBA-49A2-9D96-07D94399EFA1}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\cdnshelp.exe |
"{9388BB9C-382E-4260-BF8C-CD591343351F}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\klist.exe |
"{941A1937-EA6D-4DDD-8E49-449E2B7ADA80}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\kinit.exe |
"{954EC58D-C04E-411B-B4B6-1CE003383B40}" = dir=in | app=d:\programy\orcad\\tools\capture\capture.exe |
"{95A871F3-DEF5-4DF9-9EC9-E68F16EAAD35}" = dir=in | app=d:\programy\orcad\\tools\capture\pstswp.exe |
"{95B87F50-3975-4C1F-900A-282ED6051B2D}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oadmturboserver.exe |
"{96175284-0715-446E-8352-B23EB506A7B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{965AF2A9-252D-4A10-A2CD-9EFBEE08B7F1}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsinfo.exe |
"{97FBCD07-AC79-4F42-B73F-0D8A543219BF}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javaw.exe |
"{99925835-DB76-4506-B275-AD722A3323DD}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\tnameserv.exe |
"{9A3792FF-B0A7-4C55-97CC-858EC8B2020A}" = dir=in | app=d:\programy\orcad\\tools\pspice\psp_cmd.exe |
"{9A8D22DF-5CC2-439D-9B0F-78E797570E9C}" = dir=in | app=c:\users\petr\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9B1E535F-1A92-41E1-97C0-3FB64F9F0CA9}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\verilog2oa.exe |
"{9BA45E49-3ECF-4345-A1D1-F35F12BBC2E3}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsnameserver.exe |
"{9C281364-AE28-4EAD-A23D-B99BDDBC586F}" = dir=in | app=d:\programy\orcad\\tools\pspice\modeled.exe |
"{9C57D929-ED55-44C3-9B6F-D2A84A4B82A1}" = dir=in | app=d:\programy\orcad\\tools\bin\van.exe |
"{9DDCD57E-BD42-467C-B88C-E87BFD969401}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\linguist.exe |
"{9E0740CE-9CB9-49A5-B5BC-751B6106A3D4}" = dir=in | app=d:\programy\orcad\\tools\bin\msghelp.exe |
"{9F62139A-DB8C-4144-8B16-232A77168BE2}" = dir=in | app=d:\programy\orcad\\tools\bin\pspiceexplorersrvr.exe |
"{A065D900-B24D-45B2-8CEF-12189FAFA102}" = dir=in | app=d:\programy\orcad\\tools\pspice\stmed.exe |
"{A096B8C0-2365-4C63-ACD6-1FD4DFEB8446}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{A0E4DC7F-4E91-41BD-A3DA-2361C0AC22A6}" = dir=in | app=d:\programy\orcad\\tools\bin\versionviewer.exe |
"{A21A997D-CF41-4B95-B992-DCFCFA4F8C6B}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jucheck.exe |
"{A4F24685-D195-45E2-837E-9A538BC51934}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\rmiregistry.exe |
"{A5EBB234-3A9A-4E7B-B6AE-7A3241496ED1}" = dir=in | app=d:\programy\orcad\\tools\bin\clsadmintool.exe |
"{A663B691-55D4-42C5-87B3-1AF16E7A1967}" = dir=in | app=d:\programy\orcad\\tools\pspice\magneticdesigner.exe |
"{A6B2EA78-AAA1-4F71-B1C7-8F4A74D5BB0C}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsmsgserver.exe |
"{A6D79F6D-813B-4547-8F45-F19395A29376}" = dir=in | app=d:\programy\orcad\\tools\bin\sipdiffviewer.exe |
"{A7A24D39-405D-4E7B-A523-622243C1975E}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\ktab.exe |
"{A85A3332-7800-475A-86EB-DC0061A22157}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2def.exe |
"{A8AE2B7D-3982-4F2A-BD1C-425E5A65813C}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\tclsh.exe |
"{AA55D2CE-D494-484D-B9FF-63B14D3FAFAD}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsremote.exe |
"{AC0A8684-E75E-43E0-969A-EAA07AA4BBC7}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2def.exe |
"{ACAE3F02-6E18-433D-8FE4-636B2A3C6CF4}" = dir=in | app=d:\programy\orcad\\tools\tcltk\tcl\bin\wish80.exe |
"{AD076D6D-94E2-4842-AEE1-78C7DF73E66D}" = dir=in | app=d:\programy\orcad\\tools\bin\dregprint.exe |
"{AD5FB1ED-62AC-49EB-85EC-94CCFFBBF1B5}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\indexer.exe |
"{AD6C5E98-E870-4747-8EE5-E73A4646089F}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\java.exe |
"{ADE8B00B-F626-4A72-84FC-62F3EAE6E339}" = dir=in | app=d:\programy\orcad\\tools\pspice\modeled.exe |
"{AE249A58-4FC0-4480-BCA2-F48B2325A8A0}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2lef.exe |
"{B214601A-EF5E-4765-8C98-93264BB40933}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsrunhidden.exe |
"{B25B4274-C52B-446E-AA6E-659F8897622A}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\ssvagent.exe |
"{B3E9D95B-6860-4E66-88FC-D5AC6DA9E37B}" = dir=in | app=d:\programy\orcad\\tools\bin\clsbd.exe |
"{B498C84F-E66F-42D5-B6F0-AF933CC9B4B2}" = dir=in | app=d:\programy\orcad\\tools\pspice\simmgr.exe |
"{B53F87D1-528A-445B-8182-D432C11CBDC0}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lrelease.exe |
"{B53F8D1C-D930-4D14-B924-38DA04190AB0}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{B5ADE0FC-4855-4460-B419-10B242C28F9E}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\java.exe |
"{B6313A18-2DCD-446B-B903-081462D46316}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jusched.exe |
"{B757553F-0B01-42FC-8A73-C0D3FC9F4DA0}" = dir=in | app=d:\programy\orcad\\tools\bin\cdswhich.exe |
"{B8328E5F-1472-4E41-9B62-8F298DA3C49B}" = dir=in | app=d:\programy\orcad\\tools\capture\sch2cap.exe |
"{B8895705-4DEA-4173-BBAC-6A84CD2717F1}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsunzip.exe |
"{B8B72254-ED5E-4B86-BC6F-C3B4F1C8D0E7}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\unpack200.exe |
"{BA0C6079-9932-4F52-90C2-7006A3FC1846}" = dir=in | app=d:\programy\orcad\\tools\bin\mpsinfo.exe |
"{BB624E99-EA41-4ABC-8886-48B9C34708C1}" = dir=in | app=d:\programy\orcad\\tools\bin\dregprint.exe |
"{BBA9FB98-1A02-439E-8296-FEF49D83AC6E}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\cdnshelp.exe |
"{BD43DCDE-6DB8-4C40-941C-2939B2036C83}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\tclsh84.exe |
"{BDDCCF2B-B49F-496B-87D5-FDA41C6379FB}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jureg.exe |
"{BDF97CDF-FDFB-4E80-9612-C23F244E8676}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsoapathutil.exe |
"{C17978CF-E7A6-4164-B5B0-1D55C9C953FD}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\dumpcpp.exe |
"{C1F905C4-91D5-4030-80F7-299D2A6A154C}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\uic3.exe |
"{C223C4F5-3948-45A5-B81B-BBE927C5BA4B}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspiceaa.exe |
"{C4B92B3D-AF84-4AE3-868F-D368D10C1BA0}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\_cdnshelp.exe |
"{C794DB90-8882-4C0C-B16C-E8EAC6850283}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\topicgen.exe |
"{C7C8D158-E6F9-4FD3-8273-2401A5588C1D}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\tnameserv.exe |
"{C92AE1A1-03C3-44E9-A3EE-F9F57A9D02C4}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qtdemo.exe |
"{C9A8469C-E2D2-4D8E-BF1F-38B4E6B16BF9}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspice.exe |
"{CC033C4C-CDD7-4666-A048-3B8F83A99CE2}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\verilog2oa.exe |
"{CDE4942D-9E43-4DFC-B7A6-D63D7C46089F}" = dir=in | app=d:\programy\orcad\\tools\capture\pstswp.exe |
"{D20B9908-313C-405E-8D44-7CD31E822284}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\servertool.exe |
"{D38AFE67-9653-443F-9B3E-4C370E2F7D19}" = dir=in | app=d:\programy\orcad\\tools\bin\sipdiffviewer.exe |
"{D4607363-6AB3-44C0-84FF-0903FBC790D8}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\assistant_adp.exe |
"{D525783D-D6CE-4DFA-83DA-C89CA77E4718}" = protocol=1 | dir=in | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv4-in) |
"{D59D1020-AEA6-4324-8C05-29CAEC7E31AE}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\idc.exe |
"{D6BA4329-7203-4FB5-BD93-99C11A21CCD3}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\strm2oa.exe |
"{D7D1FD95-618C-46D4-AB61-176EB3D87FE5}" = dir=in | app=d:\programy\orcad\\tools\dfii\bin\skill_g.exe |
"{D855C6E7-10BA-468B-AB4C-E92D9136A7DD}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\ssvagent.exe |
"{D9C0D89C-0430-4C99-9D67-781202096FA2}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsoapathutil.exe |
"{DA82F386-0A71-49BD-87E6-20D135F54684}" = dir=in | app=d:\programy\orcad\\tools\bin\mpsinfo.exe |
"{DB722610-F316-4DE2-A70D-0A6F93D5D2F6}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspiceaa.exe |
"{DE3F6558-CDE7-4239-8F1E-433F0556E363}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\spef2oa.exe |
"{E0291D5C-FC45-40A7-AC53-BB9C68F03920}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\uic.exe |
"{E1718026-14C0-482B-B083-E91436455428}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oagetversion.exe |
"{E2598B31-037B-4901-80CE-B3D304FCD2D8}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\moc.exe |
"{E314F142-B3F1-443E-9BB9-797E08BB80A5}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsnameserver.exe |
"{E6C89577-57F7-47D5-8247-95592289C422}" = dir=in | app=d:\programy\orcad\\tools\bin\cds_root.exe |
"{E7E23332-2988-4806-8229-F43C732E25A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E8080BF1-3E62-4F64-BD83-469727810D8E}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oafslockd.exe |
"{E916A981-6473-4B49-AFFF-4056CA19A912}" = dir=in | app=d:\programy\orcad\\tools\bin\switchversion.exe |
"{E9E52D33-FEA5-4D5C-8352-2114CD42874D}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\designer.exe |
"{EA0505EF-5238-4FBC-A56A-0275B2DA61F2}" = dir=in | app=d:\programy\orcad\\tools\dfii\bin\skill_g.exe |
"{EA1D5C38-0BA9-4C0B-8369-CF6CAF5A1A60}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oafslockd.exe |
"{EA44CC87-E231-4018-98F6-7FEAC7A722A9}" = protocol=6 | dir=in | app=d:\programy\mozilla firefox\firefox.exe |
"{EC9BABF8-3827-4626-8F70-BAEC8249CE03}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsunzip.exe |
"{ECAF8893-391C-48D8-97EC-9E56F5323EA0}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsservipc.exe |
"{ED701FF0-43BE-4532-9E65-EB47B5853054}" = dir=in | app=d:\programy\orcad\\tools\bin\nmppath.exe |
"{EECF898E-C0A6-4BAD-B4EE-B751C4911F18}" = dir=in | app=d:\programy\orcad\\tools\pspice\simsrvr.exe |
"{EF384D78-5C3C-4AA9-8951-A95DB7FC2EB9}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lupdate.exe |
"{F04C155C-A99B-4AF6-9F45-DD1D5DBEE56C}" = dir=in | app=d:\programy\orcad\\tools\bin\clsadmintool.exe |
"{F075DD25-BB16-478E-B8EC-26FCCBFB4DF5}" = dir=in | app=d:\programy\orcad\\tools\fet\bin\mkdefcfg.exe |
"{F0D2861B-D4F1-4255-BD94-49331A53CFCC}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\tagtest.exe |
"{F224473A-85DA-4D4C-9AC3-F7C3915CEEA0}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsremshclient.exe |
"{F2637877-975C-492B-99CD-134523AA34D9}" = dir=in | app=d:\programy\orcad\\tools\bin\van.exe |
"{F31E4CEC-1290-4D8C-A5FA-2FEF9183863A}" = dir=in | app=d:\programy\orcad\\tools\bin\cmfeedback.exe |
"{F37BE809-BCF0-42C3-93A0-0ACAA495B5E2}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\policytool.exe |
"{F52D6E13-597B-467C-AFCC-F274C5FB8F47}" = dir=in | app=d:\programy\orcad\\tools\fet\bin\versiontool.exe |
"{F5686E96-9F6B-4A04-98E3-EAC29D65B9DF}" = dir=in | app=d:\programy\orcad\\tools\fet\bin\versiontool.exe |
"{F6ABA249-13E4-4297-8E8A-8294A379259A}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\pack200.exe |
"{F6BAC3BF-CF50-4189-98DD-86DB6267DEF0}" = dir=in | app=d:\programy\orcad\\tools\tcltk\tcl\bin\tclsh80.exe |
"{F712291D-438D-4B1D-BDB9-C964F35EC13B}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javacpl.exe |
"{F7242F6F-1DA2-43BF-A497-0C2D2EB7B362}" = protocol=58 | dir=in | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv6-in) |
"{F72AC577-CF03-4166-9A9B-3FB2AD9A5D24}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\xmlpatterns.exe |
"{F7535226-7AE5-46B3-89E6-17BA0DA3AA31}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qt3to4.exe |
"{F8555C5E-674A-4709-9BA7-EEA8FEEBFEC3}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\unpack200.exe |
"{F89E6261-3B63-49C9-B5C7-E4D7CE382C6A}" = dir=in | app=d:\programy\orcad\\tools\tcltk\tcl\bin\tclsh80.exe |
"{FA408240-5FDB-4745-8146-97AF38CFC6DF}" = dir=in | app=d:\programy\orcad\\tools\fet\bin\mkdefcfg.exe |
"{FA43F928-C450-4100-8C17-3FF5EA78E8D0}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javaws.exe |
"{FA9D2E5A-1EFB-492E-9814-91442369046D}" = dir=in | app=d:\programy\orcad\\tools\capture\sch2cap.exe |
"{FBDF7D67-6D15-4320-B25D-601BE94F64A5}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\rcc.exe |
"{FC758E94-70AC-41C8-85F0-42F02BB4C990}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\def2oa.exe |
"{FDE6A031-8520-4A11-8030-6086AF241F95}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\pack200.exe |
"{FDF38242-57E9-486F-AB3B-BFAE74A90B2F}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\assistant.exe |
"{FE4A09F2-9B11-495D-A87E-8D35C6A41321}" = dir=in | app=d:\programy\orcad\\tools\bin\cmfeedback.exe |
"{FE8C1056-CD4A-4DC7-B76B-E1088E4C5ECB}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\java-rmi.exe |
"{FEEB008F-FA4E-4405-BA37-D12D5613880D}" = dir=in | app=d:\programy\orcad\\tools\pspice\stmed.exe |
"{FEFFA68D-8FA6-42E0-A9EF-5C1A4B49B46C}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{0200724D-F577-451E-A273-149B2D3CCDF2}D:\programy\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\programy\videolan\vlc\vlc.exe |
"TCP Query User{647BE57E-9DD5-49CE-8D79-495AEFCB20DD}D:\hry\cossacks - back to war\dmcr.exe" = protocol=6 | dir=in | app=d:\hry\cossacks - back to war\dmcr.exe |
"TCP Query User{64A6C0C4-E67F-41A5-A4FE-BA25DDA9A9A1}C:\inet_srv\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\inet_srv\mysql\bin\mysqld.exe |
"TCP Query User{79079596-5159-4BE8-B248-B20C79C6FB8B}C:\inet_srv\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"TCP Query User{B273DCA9-42C6-4D78-8A23-07B4567D735C}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{C73679B7-50AF-4CF6-9ECC-6D27580A14B0}C:\users\petr\desktop\bulánci\bulanci.exe" = protocol=6 | dir=in | app=c:\users\petr\desktop\bulánci\bulanci.exe |
"TCP Query User{D57B5BAB-DFC9-47E6-953C-64F02D7D2D9E}C:\inet_srv\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"UDP Query User{0B936A4C-EE70-444E-8616-1074C8856961}D:\programy\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\programy\videolan\vlc\vlc.exe |
"UDP Query User{0E64688E-24CD-4B68-8D5A-F836736E431C}D:\hry\cossacks - back to war\dmcr.exe" = protocol=17 | dir=in | app=d:\hry\cossacks - back to war\dmcr.exe |
"UDP Query User{3DD3F782-0FEB-4CFF-9CE3-6A78DDABAB3C}C:\inet_srv\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"UDP Query User{4A077C40-1778-40D3-AC87-2EC5BDA08541}C:\inet_srv\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\inet_srv\mysql\bin\mysqld.exe |
"UDP Query User{4A8FA630-D91D-421D-BCF1-3AD1FF61DE0D}C:\users\petr\desktop\bulánci\bulanci.exe" = protocol=17 | dir=in | app=c:\users\petr\desktop\bulánci\bulanci.exe |
"UDP Query User{74702079-DBE1-4A05-A162-D5D55CBE724A}C:\inet_srv\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"UDP Query User{8A63CCA1-5087-4EDE-BAD9-092DD2B7B272}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4572399F-5B78-3C50-7281-4AB6248FC1F0}" = AMD Catalyst Install Manager
"{4713fdb0-2117-4d26-9e12-bbb11350a47f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5473360E-2990-4134-A38B-5575A76C8620}" = AOEMView 2009
"{5783F2D6-7028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2009
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{734BB935-6F4E-27BB-16EB-BFF2843373AD}" = ccc-utility64
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7F4DD591-1300-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2009
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"9201E5BD02AE4540AF31E8A23F8E4A0A8FEFB31C" = ENE CIR Receiver Driver
"AOEMView 2009" = AOEMView 2009
"Autodesk Inventor Professional 2009" = Autodesk Inventor Professional 2009
"D4A8747CBFDA2813EA8AAD6CD3ED712B97970C43" = Balíček ovladače systému Windows - Intel System (01/21/2009 9.1.1.1013)
"DWG TrueView 2009" = DWG TrueView 2009
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TNod" = TNod User & Password Finder
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002C0EFC-6D28-1740-C633-9762D8D823A1}" = Catalyst Control Center Core Implementation
"{00476F3E-3C4D-4E02-B8BB-125350157EB9}" = Windows Live Mail
"{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
"{0C45734A-4776-0437-2A1F-0673B270C037}" = CCC Help Finnish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{139303FD-A877-D219-DFDE-1FED7BC8E707}" = CCC Help Hungarian
"{146A78DF-CB21-913E-9E4B-F015B07D96DC}" = CCC Help Danish
"{20F91DE6-B502-3896-A66C-5B6961875EA1}" = CCC Help Russian
"{21744B1A-8222-2565-0BF4-91933F37CD32}" = Catalyst Control Center Graphics Full Existing
"{25BE0917-2374-4921-7C83-4DEDFE47E6BE}" = CCC Help Turkish
"{2E13E16A-5E1F-FEB8-6329-EBEEDC34B016}" = CCC Help Chinese Standard
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3205D813-07EB-B6B5-AE8F-9472FA3AACEB}" = CCC Help Polish
"{3A9ECD64-DE00-4779-A89E-C878513B2B37}" = Windows Live Writer Resources
"{3D4735F0-2BB9-0D3E-68EB-7444AE09A850}" = CCC Help Greek
"{41ECCDB3-5898-4EDF-2937-E5A328DF4BD3}" = CCC Help English
"{42B6C7E0-0DAE-488D-8DAF-838898102F19}" = Windows Live Writer
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{522B2AFF-08BC-AAE9-C074-6072857415E7}" = CCC Help Swedish
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5C4B623D-4F3A-4609-F666-DBD36BFDF8B1}" = CCC Help Korean
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{65DD52E5-5BAB-26CB-66DB-0A2C27CE2242}" = CCC Help French
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B65AA2D-C096-34DE-22C9-F82BE3F7E492}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{719015FD-7256-F9CD-A6CF-014B3F9D75BE}" = Catalyst Control Center Graphics Full New
"{784FA7D9-FD7E-491A-A289-3AD8C1D9813C}_is1" = ST Proxy Switcher version 3.0.48
"{839D40C8-00B2-338C-63E6-46E9F03AE114}" = CCC Help Czech
"{85906B1C-FD0E-417A-BE43-C3A4E10CFAA0}" = Adobe Illustrator 10 CE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B2F2B38-E334-4DF1-3268-197213425B8D}" = CCC Help Chinese Traditional
"{8B3953E3-C79C-88AF-CBB7-7C9687557408}" = CCC Help German
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{971CCF2C-4767-7FDA-BD9F-5C1B84FD274F}" = CCC Help Norwegian
"{9763F0A1-05D2-3B8B-69E9-863CBC2BBDC9}" = CCC Help Spanish
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9B7923E7-A4B7-672E-17D0-1B9C12CADA88}" = Catalyst Control Center Graphics Light
"{9BB7E2D9-E744-D21F-94D0-ED9DC47B85C3}" = CCC Help Portuguese
"{A035950F-15BA-41C0-9D8F-165FC0536012}" = Movie Maker
"{A04FB5AC-FB39-B5CE-BBB4-3E2AA569B6EC}" = CCC Help Japanese
"{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}" = Fotogalerie
"{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}" = ioCentre
"{A6F90342-311E-FE77-2461-5B398D395C07}" = Catalyst Control Center Graphics Previews Common
"{A794ED96-BF39-99BD-ADB4-EE899BAB1275}" = CCC Help Thai
"{A95654B2-4E5B-E98D-C3AA-34037DEBDE65}" = CCC Help Italian
"{AA891DD9-E2ED-D5FE-F303-CD8D1DD5DC4E}" = Catalyst Control Center Localization All
"{AC76BA86-7AD7-1029-7B44-A90000000001}" = Adobe Reader 9 - Czech
"{B01E17BB-55FE-E2DA-7594-63201FC82A21}" = Catalyst Control Center Graphics Previews Vista
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{EB91007A-0110-42A6-B869-2709955A9B2A}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F9FABC27-A955-4EDC-7732-F5BADB80F546}" = ccc-core-static
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIMP2" = AIMP2
"Audacity_is1" = Audacity 1.2.3
"Cossacks : Back To War" = Cossacks - Back To War
"Dawn of the Dead - Screensaver 2" = Dawn of the Dead - Screensaver 2
"inet_srv_is1" = Intranetový server
"InstallShield_{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 cs)" = Mozilla Firefox 17.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.1.2013 16:00:46 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.1.2013 6:39:28 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.1.2013 8:08:34 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.1.2013 10:27:15 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.1.2013 7:02:29 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.1.2013 3:58:32 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.1.2013 10:49:30 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.1.2013 6:41:39 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.1.2013 4:21:15 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.1.2013 4:47:56 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 14.10.2012 15:46:45 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :0 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 15:49:00 | Computer Name = Petr-PC | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{2C0C2ABC-0964-4FC3-8811-86B2A3156D4E},
protože jiný počítač v síti má stejný název. Server nelze spustit.
Error - 14.10.2012 15:49:00 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :0 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 15:49:00 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :20 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 16:18:00 | Computer Name = Petr-PC | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{2C0C2ABC-0964-4FC3-8811-86B2A3156D4E},
protože jiný počítač v síti má stejný název. Server nelze spustit.
Error - 14.10.2012 16:18:00 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :0 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 16:18:00 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :20 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 16:20:14 | Computer Name = Petr-PC | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{2C0C2ABC-0964-4FC3-8811-86B2A3156D4E},
protože jiný počítač v síti má stejný název. Server nelze spustit.
Error - 14.10.2012 16:20:14 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :20 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 16:20:15 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :0 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petr\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,97 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,68% Memory free
7,93 Gb Paging File | 6,60 Gb Available in Paging File | 83,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 20,12 Gb Free Space | 13,50% Space Free | Partition Type: NTFS
Drive D: | 147,58 Gb Total Space | 101,30 Gb Free Space | 68,64% Space Free | Partition Type: NTFS
Computer Name: PETR-PC | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\ProgramY\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\ProgramY\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AFB39F-CA18-4A86-B6FD-C1614F11F442}" = rport=138 | protocol=17 | dir=out | app=system |
"{117D5230-6794-4D4B-8C94-959F2D631AD0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=sdílení souborů a tiskáren (služba zařazování tisku – rpc-epmap) |
"{1EE2E250-9751-4F45-9ECC-5987B0546F9B}" = rport=139 | protocol=6 | dir=out | app=system |
"{264B9B7A-069A-40FC-9E56-ABA71D775A8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5B94528C-204A-4722-9200-3CCECD8A04DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{894650E4-8B05-476A-8937-1BB59B9690F9}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A9BD11A-2A8B-4937-9360-9974D2A36BA4}" = lport=445 | protocol=6 | dir=in | app=system |
"{915448A6-C8FD-4115-B3EA-5F8F4B838478}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{987DE5DE-C149-4F54-BF06-AD437C08B69E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9912A3B0-67FC-4C56-95D6-3C2C6BE91C81}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF323FC4-C04C-42F9-94A0-B98057B0F070}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0D0AEDC-6AAA-4F0A-ADA8-CFF2CBF23C0F}" = lport=139 | protocol=6 | dir=in | app=system |
"{C1F3ED2E-3D21-4674-B125-D846BB9A466B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DEE07FB6-7C18-4DA9-8677-E91F098BACB5}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF9B63D6-D2DE-42AF-B0DD-FF50A02DFD35}" = rport=445 | protocol=6 | dir=out | app=system |
"{F5F12062-5889-4A44-93D0-67CCABDA763D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02789106-4834-45CA-B48A-9EEF625A1238}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2strm.exe |
"{0294C173-2402-4132-9985-70CD00C27B0D}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsinfo.exe |
"{030EFB8F-F212-446E-8726-A51F2967F3F7}" = dir=in | app=d:\programy\orcad\\tools\dfii\bin\skill.exe |
"{0542FBF7-7DEC-4981-A5E4-D97B0727A7C6}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jusched.exe |
"{059A16AD-4761-4321-A281-6AD1EBD0D7CB}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qhelpgenerator.exe |
"{08683996-69BE-4804-B9AB-090D86974E7B}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\keytool.exe |
"{086EAE0C-A355-4221-8B5E-50527D4D5992}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2strm.exe |
"{0A03A300-F6C2-4547-A727-ECAB2E353683}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\kinit.exe |
"{0AA4C368-52DC-49AA-AD5E-2E20AF8A82FC}" = protocol=17 | dir=in | app=d:\programy\mozilla firefox\firefox.exe |
"{0AEAAE13-54E5-4AE8-96DD-43CCCB375534}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsmps.exe |
"{0B486683-D816-420D-A074-B7AF239538D1}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspiceenc.exe |
"{0E33DBA2-63BA-45DE-8BD8-B61E1B1D99FE}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\cdnshelpindexer.exe |
"{0F80ACD6-4D3E-46EF-941F-8E3B119172DA}" = dir=in | app=d:\programy\orcad\\tools\bin\consmgr.exe |
"{0FEB1144-D773-43C2-8C65-C28D8EB0131C}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\wish.exe |
"{139BC095-E3BC-4A97-B7D5-432FA63CB043}" = dir=in | app=d:\programy\orcad\\tools\bin\cdszip.exe |
"{13CB1743-DBFB-448E-B1DA-E923D975B3EC}" = dir=in | app=d:\programy\orcad\\tools\bin\switchversion.exe |
"{14B50930-739D-4A24-B44D-A56B5F2FB2B6}" = protocol=17 | dir=in | app=d:\hry\cossacks - back to war\dmcr.exe |
"{15A07058-46C5-4E7F-995C-CCDE242AE16F}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\klist.exe |
"{1667F28E-989A-45FE-844B-5C121478B5EF}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qtdemo.exe |
"{166BD640-3D3F-4989-A62B-F11333FC538C}" = dir=in | app=d:\programy\orcad\\tools\pspice\mrksrvr.exe |
"{1724F7F6-3646-4C79-8E05-0D611423F114}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\orbd.exe |
"{1792C414-E584-4C81-AA74-6AF38E741488}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\keytool.exe |
"{17B20593-1260-42C5-B38E-9C42A89B68B7}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsmps.exe |
"{17D36E88-9E87-4B4E-9FE5-32C4A20F4461}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\tclsh.exe |
"{17E69D76-45CC-4521-824A-7F0D1ED3C364}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\uic3.exe |
"{18650A3B-F562-47C2-AE46-A45F2B05986B}" = dir=in | app=d:\programy\orcad\\tools\bin\emsmkerror.exe |
"{18AC4A09-8A02-4ED6-8E58-05A4330D4354}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\rmid.exe |
"{1943F847-1B6D-477B-B8B3-073732A438A8}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lupdate.exe |
"{196368F3-A8EC-410D-9698-79AE102A40DE}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\lef2oa.exe |
"{19BC1FD5-966B-491F-8678-B9A59E789BAE}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jureg.exe |
"{19FEF625-B312-4DF1-9422-0C32F93DE210}" = dir=in | app=d:\programy\orcad\\tools\bin\emschecker.exe |
"{1A9CF4C9-CA58-4B2A-AD41-D4F6891C4AF7}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\_cdnshelp.exe |
"{1ADB69AD-D37C-4C5F-BA5F-270F01B088C0}" = dir=in | app=d:\programy\orcad\\tools\pcb\bin\sys_root.exe |
"{1BE43640-8CD3-46E6-80C7-470142217553}" = dir=in | app=d:\programy\orcad\\tools\pspice\mrksrvr.exe |
"{1C79783A-D64B-49F4-83AB-6DDBEE250CF7}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspice.exe |
"{20F34573-8152-40F6-94A4-0741002A5E27}" = protocol=1 | dir=out | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv4-out) |
"{22F99773-6211-41DF-BAA5-1A334D978B9A}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\orbd.exe |
"{240234AE-0A50-4751-8727-A313D1A0DE97}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\assistant_adp.exe |
"{254AF3ED-194F-4C60-8E11-40BD2552BF2F}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2spef.exe |
"{2629E0EF-A957-4169-9948-F620F8D6255E}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javaws.exe |
"{2696F552-12EF-47C7-8595-A1D34A52BE9A}" = dir=in | app=d:\programy\orcad\\tools\bin\nmp.exe |
"{27EDE8B4-BEBD-420D-A893-573B1302A693}" = dir=in | app=d:\programy\orcad\\tools\bin\clu.exe |
"{2806AC0D-C0A1-47D8-B0CE-E2F406B9EE3B}" = dir=in | app=d:\programy\orcad\\tools\capture\pcadi.exe |
"{281404FE-654F-4FC5-8DCA-8C8772C2104A}" = dir=in | app=d:\programy\orcad\\tools\bin\cdswhich.exe |
"{28D3BD1A-1872-47CB-A0F9-0B9A617A90EE}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\tclsh84.exe |
"{29F063B4-0E2D-4398-877F-59B15C683F41}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\pixeltool.exe |
"{2A878011-177B-4A28-AF91-AE4317DD8E56}" = dir=in | app=d:\programy\orcad\\tools\pcb\bin\sys_root.exe |
"{2AD66A3C-C204-4D2A-9F2D-827929697EC8}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\designer.exe |
"{2B5DAC56-8A0F-4B92-B324-22EDD2FAD950}" = protocol=6 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"{2D56D647-54E9-4FAE-91CB-CCEFB8465CF9}" = dir=in | app=d:\programy\orcad\\tools\bin\cdnshelp.exe |
"{2E8B7F81-B17D-464A-AE6F-4EB4966C7E02}" = dir=in | app=d:\programy\orcad\\tools\capture\tutorial\captutor.exe |
"{2FA88C55-6C44-4641-A824-FFE8C8D3EB95}" = protocol=6 | dir=in | app=c:\users\petr\appdata\local\google\chrome\application\chrome.exe |
"{2FFDDCE3-FDDC-4F45-AE6B-650F339E4439}" = dir=in | app=d:\programy\orcad\\tools\capture\capture.exe |
"{30ACD37D-A005-4870-A3D7-BB50D97CF7B1}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qcollectiongenerator.exe |
"{31C7174B-CE63-4CD0-9ADE-6C3DF6019CD6}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsrunhidden.exe |
"{3218756A-9820-4B0B-8C19-B1D5F19118F7}" = protocol=17 | dir=in | app=c:\users\petr\appdata\local\google\chrome\application\chrome.exe |
"{33D1994D-DE33-4EDA-9C81-7EFB6C037F0C}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2spef.exe |
"{3667C191-898F-439B-8B96-95712315B6C3}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{36C7CA84-AE1A-4CC5-BC39-9E7151588A77}" = dir=in | app=d:\programy\orcad\\tools\capture\tutorial\captutor.exe |
"{3ABBAF4D-46F5-4049-91B9-67D58DCE9E04}" = dir=in | app=d:\programy\orcad\\tools\bin\cds_root.exe |
"{3B4F004B-5124-4DB9-8082-95B5BEB6B527}" = dir=in | app=d:\programy\orcad\\tools\bin\versionviewer.exe |
"{3B8EF3FF-4164-4F64-BFF3-1088D1BD51C8}" = dir=in | app=d:\programy\orcad\\tools\bin\regsvr32.exe |
"{3EA8BFF6-D882-40D0-9BE3-2000464511D3}" = dir=in | app=d:\programy\orcad\\tools\pspice\indicefilegeneration.exe |
"{3FBE38DF-4A02-4C96-86DB-71D64ABE2E83}" = dir=in | app=d:\programy\orcad\\tools\bin\clsbd.exe |
"{402B1ACC-2703-4C6B-BB38-388CC8F1CFD0}" = dir=in | app=d:\programy\orcad\\tools\capture\pcadi.exe |
"{40393056-D01F-40E3-B7BF-6F187A748900}" = dir=in | app=d:\programy\orcad\\tools\bin\nmp.exe |
"{40E4938F-932E-4E39-9254-62AE7D2ABF7B}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\idc.exe |
"{40E86C56-F873-438D-89CD-06BDFC49E6C9}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\strm2oa.exe |
"{427C1399-8D4E-41A5-A4BD-5E6AA941F44F}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\ktab.exe |
"{427DBB4E-C2CF-4B83-B0A4-1635989C9DA0}" = dir=in | app=d:\programy\orcad\\tools\bin\msghelp.exe |
"{42E23385-1D6C-43B2-B4D0-A57AF0BCB042}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\java-rmi.exe |
"{447B4E0F-BA96-429F-8C71-720690DCF707}" = dir=in | app=d:\programy\orcad\\tools\pspice\indicefilegeneration.exe |
"{44BBE165-D0AD-4B47-B954-8CA15687706D}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{4A5F5384-7B3E-4529-93FC-8B0858EE3AC7}" = dir=in | app=d:\programy\orcad\\tools\bin\regsvr32.exe |
"{4A935B6C-396F-426C-A704-256713F24F43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4C1BA58C-B93C-4B9C-9F35-D2EF592E44BA}" = dir=in | app=d:\programy\orcad\\tools\bin\cdnshelp.exe |
"{4C89BE14-CA2B-4EE3-B736-DF7749614987}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\verilogannotate.exe |
"{4D9728CC-A035-490D-8F2A-8E44E4471229}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\servertool.exe |
"{4DC51F46-9E43-4E06-AF0C-3DF592DEBAAC}" = dir=in | app=c:\users\petr\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{4EC0AB2C-5732-4C30-AAA3-59D92623458D}" = protocol=17 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"{4FA695EB-7B07-4AA6-A925-D0B44CBCA5A3}" = dir=in | app=d:\programy\orcad\\tools\capture\comp16.exe |
"{4FD7B5DB-BA9F-477B-83B1-7B7FC7A941A1}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qhelpgenerator.exe |
"{50E78EAC-6A55-43A2-B0F0-D53956124BD0}" = dir=in | app=d:\programy\orcad\\tools\bin\clu.exe |
"{51527657-4148-44C3-81ED-289B2834CF75}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qmake.exe |
"{51E43A8E-F727-4EC5-940E-21D9738B7C44}" = dir=in | app=d:\programy\orcad\\tools\pspice\magneticdesigner.exe |
"{53E420A8-150D-4FAA-A447-127B94685FA9}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsmsgserver.exe |
"{5462FEDC-241C-4621-8973-E1ADB914B91D}" = dir=in | app=d:\programy\orcad\\tools\bin\emsmkerror.exe |
"{55951606-F53F-41E8-B23D-8D8D70041DEB}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2lef.exe |
"{56FE1324-4718-442E-94AD-3991BE09F919}" = dir=in | app=d:\programy\orcad\\tools\capture\comp16.exe |
"{57025FB6-6E6B-4F34-B76F-C53D5183814B}" = dir=in | app=d:\programy\orcad\\tools\bin\emschecker.exe |
"{575D8EAC-20F0-48D6-A6DE-9431D049DEA3}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qcollectiongenerator.exe |
"{57A96846-DF29-4D94-BD4D-5026D1F2A162}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{57B2208F-745C-4E05-AA7E-BB658742C86E}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\rcc.exe |
"{59B5E980-2BC5-4C72-B65A-B1DF6EE4D76B}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\linguist.exe |
"{5AA503E1-DDE7-431C-9C2B-850406799666}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspiceenc.exe |
"{5B030C85-33B1-4523-86E4-8815ED74AF7A}" = protocol=6 | dir=in | app=d:\hry\cossacks - back to war\dmcr.exe |
"{5B3DFEE0-9DC4-4E57-B1B5-13149F6BD789}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\lef2oa.exe |
"{5D5690B0-4FDC-4C7D-9EEE-9B2751529396}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qhelpconverter.exe |
"{5E2DEAAA-B8D6-4471-A255-3D16D3D6FCF3}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oagetversion.exe |
"{61938000-9B2F-4540-88FC-ED072D4B0145}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{61CB2CA9-D351-48EE-89B9-CC3461CF9068}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\policytool.exe |
"{62ED9A27-58BD-49E2-A3AD-B23199F61043}" = dir=in | app=d:\programy\orcad\\tools\bin\cdszip.exe |
"{655D83A3-3068-4102-9AA1-BEBD799065C4}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\wish84.exe |
"{65A3F1B0-F95C-4210-8C29-C0FB7C9E56D0}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\tagtest.exe |
"{6636B88F-FC9F-41F5-B433-36CD77E903CC}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\spef2oa.exe |
"{67B4B7DD-F9CA-4134-8ACB-BAB89EFCD67F}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\rmid.exe |
"{67EBDD2D-9E7C-4CD8-B6CF-5E636090AF85}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qhelpconverter.exe |
"{69168DEE-77E8-449F-BD94-CDC0520E1588}" = dir=in | app=d:\programy\orcad\\tools\bin\pspiceexplorersrvr.exe |
"{6A7D529A-C8FF-42F1-905F-6A21AC456D8C}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qmake.exe |
"{6E0094B1-A556-43E3-A714-635A498A6F8F}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qt3to4.exe |
"{6EA342C8-5396-431F-89F4-B67F173C97C6}" = protocol=17 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"{7057FE2A-81A8-4274-B35D-2A758E6E035A}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\def2oa.exe |
"{70BDFE8B-F524-4C91-A127-C927A2098F55}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\pixeltool.exe |
"{71DF893A-A5E7-4DE0-94D4-316450C2E63D}" = dir=in | app=d:\programy\orcad\\tools\bin\consmgr.exe |
"{724DCDC0-ABFB-4152-8A11-86D07905DCFA}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oadmturboserver.exe |
"{7352ADB7-BE24-4E1F-940F-CAB674466349}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\cdnshelpindexer.exe |
"{73BAD1D4-A6D2-492A-8ED6-A30A8A8C99FF}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\verilogannotate.exe |
"{75C1B358-4EAB-4714-AD66-C0D5C79542C3}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\moc.exe |
"{777D763F-5A80-45EB-A3AE-C3C01D080CAD}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\topicgen.exe |
"{7862260F-DE93-44EF-998B-CC2ADE0B1229}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\dumpcpp.exe |
"{79932581-75BD-404C-86DE-8897EC8FEEC9}" = dir=in | app=d:\programy\orcad\\tools\pspice\simsrvr.exe |
"{79D5A39A-5666-42A1-B9EE-CCF4B1EB2A88}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsservipc.exe |
"{7A6084DC-8E62-4D9A-A9B1-E5620F042D76}" = dir=in | app=d:\programy\orcad\\tools\bin\xcon2project.exe |
"{7CF907E9-EFCF-45FD-A446-A7BF0F114C51}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lconvert.exe |
"{7DFF2FD2-7CC3-4CCF-952A-89A02E2FA27C}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsremote.exe |
"{804388DA-DCC2-47DA-8978-275D04358652}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javaw.exe |
"{8045BB2C-15FC-4847-8215-8B7212B57BD6}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2verilog.exe |
"{835FDE44-0B39-4E9E-B0FE-F4B1EEF3C033}" = protocol=58 | dir=out | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv6-out) |
"{84BB3905-6884-4991-90AA-4800713CD84D}" = dir=in | app=d:\programy\orcad\\tools\dfii\bin\skill.exe |
"{85A1BF84-6C8C-424B-BDDD-A3088BBE4E9D}" = dir=in | app=d:\programy\orcad\\tools\pspice\psp_cmd.exe |
"{8632F49A-BA2F-4B86-8D13-A310E0E8BD91}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lrelease.exe |
"{879FD255-01D3-4162-9257-3EE52AD8B015}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8996D481-2C11-4630-8A2F-93CB051EBB11}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\indexer.exe |
"{8B80A823-2E47-4CCC-816A-629D318AD7FF}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\assistant.exe |
"{8C1A720D-E8B2-4BA2-9AB5-C1599F116DAE}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javacpl.exe |
"{8D3F46F8-B46E-4E43-8E85-D5AC07D0988C}" = protocol=6 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"{8D8D9EB1-609D-4F70-9912-8BD3ADCBD2EB}" = dir=in | app=d:\programy\orcad\\tools\pspice\simmgr.exe |
"{8DE875D2-914A-42AE-8975-C896D7816982}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsremshclient.exe |
"{8E5B30AF-E5F8-48B8-8F09-C20EB6C61A75}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\uic.exe |
"{8F0B1AA0-5A78-42B7-B2ED-911A2C8828DE}" = dir=in | app=d:\programy\orcad\\tools\bin\nmppath.exe |
"{8F521F1D-AEAC-4D02-B504-693D152AC896}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jucheck.exe |
"{905B9C29-FA65-437E-AFB0-8B7A275DF55A}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2verilog.exe |
"{90F83CE2-EF6B-433D-BB2D-4B70D48AB1A4}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\rmiregistry.exe |
"{91BE5842-7896-4ECA-B759-2BE00E39C404}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lconvert.exe |
"{92FC0AD0-AEBA-49A2-9D96-07D94399EFA1}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\cdnshelp.exe |
"{9388BB9C-382E-4260-BF8C-CD591343351F}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\klist.exe |
"{941A1937-EA6D-4DDD-8E49-449E2B7ADA80}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\kinit.exe |
"{954EC58D-C04E-411B-B4B6-1CE003383B40}" = dir=in | app=d:\programy\orcad\\tools\capture\capture.exe |
"{95A871F3-DEF5-4DF9-9EC9-E68F16EAAD35}" = dir=in | app=d:\programy\orcad\\tools\capture\pstswp.exe |
"{95B87F50-3975-4C1F-900A-282ED6051B2D}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oadmturboserver.exe |
"{96175284-0715-446E-8352-B23EB506A7B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{965AF2A9-252D-4A10-A2CD-9EFBEE08B7F1}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsinfo.exe |
"{97FBCD07-AC79-4F42-B73F-0D8A543219BF}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javaw.exe |
"{99925835-DB76-4506-B275-AD722A3323DD}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\tnameserv.exe |
"{9A3792FF-B0A7-4C55-97CC-858EC8B2020A}" = dir=in | app=d:\programy\orcad\\tools\pspice\psp_cmd.exe |
"{9A8D22DF-5CC2-439D-9B0F-78E797570E9C}" = dir=in | app=c:\users\petr\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9B1E535F-1A92-41E1-97C0-3FB64F9F0CA9}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\verilog2oa.exe |
"{9BA45E49-3ECF-4345-A1D1-F35F12BBC2E3}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsnameserver.exe |
"{9C281364-AE28-4EAD-A23D-B99BDDBC586F}" = dir=in | app=d:\programy\orcad\\tools\pspice\modeled.exe |
"{9C57D929-ED55-44C3-9B6F-D2A84A4B82A1}" = dir=in | app=d:\programy\orcad\\tools\bin\van.exe |
"{9DDCD57E-BD42-467C-B88C-E87BFD969401}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\linguist.exe |
"{9E0740CE-9CB9-49A5-B5BC-751B6106A3D4}" = dir=in | app=d:\programy\orcad\\tools\bin\msghelp.exe |
"{9F62139A-DB8C-4144-8B16-232A77168BE2}" = dir=in | app=d:\programy\orcad\\tools\bin\pspiceexplorersrvr.exe |
"{A065D900-B24D-45B2-8CEF-12189FAFA102}" = dir=in | app=d:\programy\orcad\\tools\pspice\stmed.exe |
"{A096B8C0-2365-4C63-ACD6-1FD4DFEB8446}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{A0E4DC7F-4E91-41BD-A3DA-2361C0AC22A6}" = dir=in | app=d:\programy\orcad\\tools\bin\versionviewer.exe |
"{A21A997D-CF41-4B95-B992-DCFCFA4F8C6B}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jucheck.exe |
"{A4F24685-D195-45E2-837E-9A538BC51934}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\rmiregistry.exe |
"{A5EBB234-3A9A-4E7B-B6AE-7A3241496ED1}" = dir=in | app=d:\programy\orcad\\tools\bin\clsadmintool.exe |
"{A663B691-55D4-42C5-87B3-1AF16E7A1967}" = dir=in | app=d:\programy\orcad\\tools\pspice\magneticdesigner.exe |
"{A6B2EA78-AAA1-4F71-B1C7-8F4A74D5BB0C}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsmsgserver.exe |
"{A6D79F6D-813B-4547-8F45-F19395A29376}" = dir=in | app=d:\programy\orcad\\tools\bin\sipdiffviewer.exe |
"{A7A24D39-405D-4E7B-A523-622243C1975E}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\ktab.exe |
"{A85A3332-7800-475A-86EB-DC0061A22157}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2def.exe |
"{A8AE2B7D-3982-4F2A-BD1C-425E5A65813C}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\tclsh.exe |
"{AA55D2CE-D494-484D-B9FF-63B14D3FAFAD}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsremote.exe |
"{AC0A8684-E75E-43E0-969A-EAA07AA4BBC7}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2def.exe |
"{ACAE3F02-6E18-433D-8FE4-636B2A3C6CF4}" = dir=in | app=d:\programy\orcad\\tools\tcltk\tcl\bin\wish80.exe |
"{AD076D6D-94E2-4842-AEE1-78C7DF73E66D}" = dir=in | app=d:\programy\orcad\\tools\bin\dregprint.exe |
"{AD5FB1ED-62AC-49EB-85EC-94CCFFBBF1B5}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\indexer.exe |
"{AD6C5E98-E870-4747-8EE5-E73A4646089F}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\java.exe |
"{ADE8B00B-F626-4A72-84FC-62F3EAE6E339}" = dir=in | app=d:\programy\orcad\\tools\pspice\modeled.exe |
"{AE249A58-4FC0-4480-BCA2-F48B2325A8A0}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oa2lef.exe |
"{B214601A-EF5E-4765-8C98-93264BB40933}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsrunhidden.exe |
"{B25B4274-C52B-446E-AA6E-659F8897622A}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\ssvagent.exe |
"{B3E9D95B-6860-4E66-88FC-D5AC6DA9E37B}" = dir=in | app=d:\programy\orcad\\tools\bin\clsbd.exe |
"{B498C84F-E66F-42D5-B6F0-AF933CC9B4B2}" = dir=in | app=d:\programy\orcad\\tools\pspice\simmgr.exe |
"{B53F87D1-528A-445B-8182-D432C11CBDC0}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lrelease.exe |
"{B53F8D1C-D930-4D14-B924-38DA04190AB0}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{B5ADE0FC-4855-4460-B419-10B242C28F9E}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\java.exe |
"{B6313A18-2DCD-446B-B903-081462D46316}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jusched.exe |
"{B757553F-0B01-42FC-8A73-C0D3FC9F4DA0}" = dir=in | app=d:\programy\orcad\\tools\bin\cdswhich.exe |
"{B8328E5F-1472-4E41-9B62-8F298DA3C49B}" = dir=in | app=d:\programy\orcad\\tools\capture\sch2cap.exe |
"{B8895705-4DEA-4173-BBAC-6A84CD2717F1}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsunzip.exe |
"{B8B72254-ED5E-4B86-BC6F-C3B4F1C8D0E7}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\unpack200.exe |
"{BA0C6079-9932-4F52-90C2-7006A3FC1846}" = dir=in | app=d:\programy\orcad\\tools\bin\mpsinfo.exe |
"{BB624E99-EA41-4ABC-8886-48B9C34708C1}" = dir=in | app=d:\programy\orcad\\tools\bin\dregprint.exe |
"{BBA9FB98-1A02-439E-8296-FEF49D83AC6E}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\cdnshelp.exe |
"{BD43DCDE-6DB8-4C40-941C-2939B2036C83}" = dir=in | app=d:\programy\orcad\\tools\tcltk\8.4\bin\tclsh84.exe |
"{BDDCCF2B-B49F-496B-87D5-FDA41C6379FB}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\jureg.exe |
"{BDF97CDF-FDFB-4E80-9612-C23F244E8676}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsoapathutil.exe |
"{C17978CF-E7A6-4164-B5B0-1D55C9C953FD}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\dumpcpp.exe |
"{C1F905C4-91D5-4030-80F7-299D2A6A154C}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\uic3.exe |
"{C223C4F5-3948-45A5-B81B-BBE927C5BA4B}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspiceaa.exe |
"{C4B92B3D-AF84-4AE3-868F-D368D10C1BA0}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\_cdnshelp.exe |
"{C794DB90-8882-4C0C-B16C-E8EAC6850283}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\topicgen.exe |
"{C7C8D158-E6F9-4FD3-8273-2401A5588C1D}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\tnameserv.exe |
"{C92AE1A1-03C3-44E9-A3EE-F9F57A9D02C4}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qtdemo.exe |
"{C9A8469C-E2D2-4D8E-BF1F-38B4E6B16BF9}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspice.exe |
"{CC033C4C-CDD7-4666-A048-3B8F83A99CE2}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\verilog2oa.exe |
"{CDE4942D-9E43-4DFC-B7A6-D63D7C46089F}" = dir=in | app=d:\programy\orcad\\tools\capture\pstswp.exe |
"{D20B9908-313C-405E-8D44-7CD31E822284}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\servertool.exe |
"{D38AFE67-9653-443F-9B3E-4C370E2F7D19}" = dir=in | app=d:\programy\orcad\\tools\bin\sipdiffviewer.exe |
"{D4607363-6AB3-44C0-84FF-0903FBC790D8}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\assistant_adp.exe |
"{D525783D-D6CE-4DFA-83DA-C89CA77E4718}" = protocol=1 | dir=in | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv4-in) |
"{D59D1020-AEA6-4324-8C05-29CAEC7E31AE}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\idc.exe |
"{D6BA4329-7203-4FB5-BD93-99C11A21CCD3}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\strm2oa.exe |
"{D7D1FD95-618C-46D4-AB61-176EB3D87FE5}" = dir=in | app=d:\programy\orcad\\tools\dfii\bin\skill_g.exe |
"{D855C6E7-10BA-468B-AB4C-E92D9136A7DD}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\ssvagent.exe |
"{D9C0D89C-0430-4C99-9D67-781202096FA2}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsoapathutil.exe |
"{DA82F386-0A71-49BD-87E6-20D135F54684}" = dir=in | app=d:\programy\orcad\\tools\bin\mpsinfo.exe |
"{DB722610-F316-4DE2-A70D-0A6F93D5D2F6}" = dir=in | app=d:\programy\orcad\\tools\pspice\pspiceaa.exe |
"{DE3F6558-CDE7-4239-8F1E-433F0556E363}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\spef2oa.exe |
"{E0291D5C-FC45-40A7-AC53-BB9C68F03920}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\uic.exe |
"{E1718026-14C0-482B-B083-E91436455428}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oagetversion.exe |
"{E2598B31-037B-4901-80CE-B3D304FCD2D8}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\moc.exe |
"{E314F142-B3F1-443E-9BB9-797E08BB80A5}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsnameserver.exe |
"{E6C89577-57F7-47D5-8247-95592289C422}" = dir=in | app=d:\programy\orcad\\tools\bin\cds_root.exe |
"{E7E23332-2988-4806-8229-F43C732E25A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E8080BF1-3E62-4F64-BD83-469727810D8E}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oafslockd.exe |
"{E916A981-6473-4B49-AFFF-4056CA19A912}" = dir=in | app=d:\programy\orcad\\tools\bin\switchversion.exe |
"{E9E52D33-FEA5-4D5C-8352-2114CD42874D}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\designer.exe |
"{EA0505EF-5238-4FBC-A56A-0275B2DA61F2}" = dir=in | app=d:\programy\orcad\\tools\dfii\bin\skill_g.exe |
"{EA1D5C38-0BA9-4C0B-8369-CF6CAF5A1A60}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\oafslockd.exe |
"{EA44CC87-E231-4018-98F6-7FEAC7A722A9}" = protocol=6 | dir=in | app=d:\programy\mozilla firefox\firefox.exe |
"{EC9BABF8-3827-4626-8F70-BAEC8249CE03}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsunzip.exe |
"{ECAF8893-391C-48D8-97EC-9E56F5323EA0}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsservipc.exe |
"{ED701FF0-43BE-4532-9E65-EB47B5853054}" = dir=in | app=d:\programy\orcad\\tools\bin\nmppath.exe |
"{EECF898E-C0A6-4BAD-B4EE-B751C4911F18}" = dir=in | app=d:\programy\orcad\\tools\pspice\simsrvr.exe |
"{EF384D78-5C3C-4AA9-8951-A95DB7FC2EB9}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\lupdate.exe |
"{F04C155C-A99B-4AF6-9F45-DD1D5DBEE56C}" = dir=in | app=d:\programy\orcad\\tools\bin\clsadmintool.exe |
"{F075DD25-BB16-478E-B8EC-26FCCBFB4DF5}" = dir=in | app=d:\programy\orcad\\tools\fet\bin\mkdefcfg.exe |
"{F0D2861B-D4F1-4255-BD94-49331A53CFCC}" = dir=in | app=d:\programy\orcad\\tools\cdnshelp\bin\tagtest.exe |
"{F224473A-85DA-4D4C-9AC3-F7C3915CEEA0}" = dir=in | app=d:\programy\orcad\\tools\bin\cdsremshclient.exe |
"{F2637877-975C-492B-99CD-134523AA34D9}" = dir=in | app=d:\programy\orcad\\tools\bin\van.exe |
"{F31E4CEC-1290-4D8C-A5FA-2FEF9183863A}" = dir=in | app=d:\programy\orcad\\tools\bin\cmfeedback.exe |
"{F37BE809-BCF0-42C3-93A0-0ACAA495B5E2}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\policytool.exe |
"{F52D6E13-597B-467C-AFCC-F274C5FB8F47}" = dir=in | app=d:\programy\orcad\\tools\fet\bin\versiontool.exe |
"{F5686E96-9F6B-4A04-98E3-EAC29D65B9DF}" = dir=in | app=d:\programy\orcad\\tools\fet\bin\versiontool.exe |
"{F6ABA249-13E4-4297-8E8A-8294A379259A}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\pack200.exe |
"{F6BAC3BF-CF50-4189-98DD-86DB6267DEF0}" = dir=in | app=d:\programy\orcad\\tools\tcltk\tcl\bin\tclsh80.exe |
"{F712291D-438D-4B1D-BDB9-C964F35EC13B}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javacpl.exe |
"{F7242F6F-1DA2-43BF-A497-0C2D2EB7B362}" = protocol=58 | dir=in | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv6-in) |
"{F72AC577-CF03-4166-9A9B-3FB2AD9A5D24}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\xmlpatterns.exe |
"{F7535226-7AE5-46B3-89E6-17BA0DA3AA31}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\qt3to4.exe |
"{F8555C5E-674A-4709-9BA7-EEA8FEEBFEC3}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\unpack200.exe |
"{F89E6261-3B63-49C9-B5C7-E4D7CE382C6A}" = dir=in | app=d:\programy\orcad\\tools\tcltk\tcl\bin\tclsh80.exe |
"{FA408240-5FDB-4745-8146-97AF38CFC6DF}" = dir=in | app=d:\programy\orcad\\tools\fet\bin\mkdefcfg.exe |
"{FA43F928-C450-4100-8C17-3FF5EA78E8D0}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\javaws.exe |
"{FA9D2E5A-1EFB-492E-9814-91442369046D}" = dir=in | app=d:\programy\orcad\\tools\capture\sch2cap.exe |
"{FBDF7D67-6D15-4320-B25D-601BE94F64A5}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\rcc.exe |
"{FC758E94-70AC-41C8-85F0-42F02BB4C990}" = dir=in | app=d:\programy\orcad\\openaccess\bin\win32\opt\def2oa.exe |
"{FDE6A031-8520-4A11-8030-6086AF241F95}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\pack200.exe |
"{FDF38242-57E9-486F-AB3B-BFAE74A90B2F}" = dir=in | app=d:\programy\orcad\\tools\qt\bin\assistant.exe |
"{FE4A09F2-9B11-495D-A87E-8D35C6A41321}" = dir=in | app=d:\programy\orcad\\tools\bin\cmfeedback.exe |
"{FE8C1056-CD4A-4DC7-B76B-E1088E4C5ECB}" = dir=in | app=d:\programy\orcad\\tools\jre\bin\java-rmi.exe |
"{FEEB008F-FA4E-4405-BA37-D12D5613880D}" = dir=in | app=d:\programy\orcad\\tools\pspice\stmed.exe |
"{FEFFA68D-8FA6-42E0-A9EF-5C1A4B49B46C}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{0200724D-F577-451E-A273-149B2D3CCDF2}D:\programy\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\programy\videolan\vlc\vlc.exe |
"TCP Query User{647BE57E-9DD5-49CE-8D79-495AEFCB20DD}D:\hry\cossacks - back to war\dmcr.exe" = protocol=6 | dir=in | app=d:\hry\cossacks - back to war\dmcr.exe |
"TCP Query User{64A6C0C4-E67F-41A5-A4FE-BA25DDA9A9A1}C:\inet_srv\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\inet_srv\mysql\bin\mysqld.exe |
"TCP Query User{79079596-5159-4BE8-B248-B20C79C6FB8B}C:\inet_srv\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"TCP Query User{B273DCA9-42C6-4D78-8A23-07B4567D735C}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{C73679B7-50AF-4CF6-9ECC-6D27580A14B0}C:\users\petr\desktop\bulánci\bulanci.exe" = protocol=6 | dir=in | app=c:\users\petr\desktop\bulánci\bulanci.exe |
"TCP Query User{D57B5BAB-DFC9-47E6-953C-64F02D7D2D9E}C:\inet_srv\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"UDP Query User{0B936A4C-EE70-444E-8616-1074C8856961}D:\programy\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\programy\videolan\vlc\vlc.exe |
"UDP Query User{0E64688E-24CD-4B68-8D5A-F836736E431C}D:\hry\cossacks - back to war\dmcr.exe" = protocol=17 | dir=in | app=d:\hry\cossacks - back to war\dmcr.exe |
"UDP Query User{3DD3F782-0FEB-4CFF-9CE3-6A78DDABAB3C}C:\inet_srv\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"UDP Query User{4A077C40-1778-40D3-AC87-2EC5BDA08541}C:\inet_srv\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\inet_srv\mysql\bin\mysqld.exe |
"UDP Query User{4A8FA630-D91D-421D-BCF1-3AD1FF61DE0D}C:\users\petr\desktop\bulánci\bulanci.exe" = protocol=17 | dir=in | app=c:\users\petr\desktop\bulánci\bulanci.exe |
"UDP Query User{74702079-DBE1-4A05-A162-D5D55CBE724A}C:\inet_srv\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\inet_srv\apache\bin\apache.exe |
"UDP Query User{8A63CCA1-5087-4EDE-BAD9-092DD2B7B272}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4572399F-5B78-3C50-7281-4AB6248FC1F0}" = AMD Catalyst Install Manager
"{4713fdb0-2117-4d26-9e12-bbb11350a47f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5473360E-2990-4134-A38B-5575A76C8620}" = AOEMView 2009
"{5783F2D6-7028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2009
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{734BB935-6F4E-27BB-16EB-BFF2843373AD}" = ccc-utility64
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7F4DD591-1300-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2009
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"9201E5BD02AE4540AF31E8A23F8E4A0A8FEFB31C" = ENE CIR Receiver Driver
"AOEMView 2009" = AOEMView 2009
"Autodesk Inventor Professional 2009" = Autodesk Inventor Professional 2009
"D4A8747CBFDA2813EA8AAD6CD3ED712B97970C43" = Balíček ovladače systému Windows - Intel System (01/21/2009 9.1.1.1013)
"DWG TrueView 2009" = DWG TrueView 2009
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TNod" = TNod User & Password Finder
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002C0EFC-6D28-1740-C633-9762D8D823A1}" = Catalyst Control Center Core Implementation
"{00476F3E-3C4D-4E02-B8BB-125350157EB9}" = Windows Live Mail
"{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
"{0C45734A-4776-0437-2A1F-0673B270C037}" = CCC Help Finnish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{139303FD-A877-D219-DFDE-1FED7BC8E707}" = CCC Help Hungarian
"{146A78DF-CB21-913E-9E4B-F015B07D96DC}" = CCC Help Danish
"{20F91DE6-B502-3896-A66C-5B6961875EA1}" = CCC Help Russian
"{21744B1A-8222-2565-0BF4-91933F37CD32}" = Catalyst Control Center Graphics Full Existing
"{25BE0917-2374-4921-7C83-4DEDFE47E6BE}" = CCC Help Turkish
"{2E13E16A-5E1F-FEB8-6329-EBEEDC34B016}" = CCC Help Chinese Standard
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3205D813-07EB-B6B5-AE8F-9472FA3AACEB}" = CCC Help Polish
"{3A9ECD64-DE00-4779-A89E-C878513B2B37}" = Windows Live Writer Resources
"{3D4735F0-2BB9-0D3E-68EB-7444AE09A850}" = CCC Help Greek
"{41ECCDB3-5898-4EDF-2937-E5A328DF4BD3}" = CCC Help English
"{42B6C7E0-0DAE-488D-8DAF-838898102F19}" = Windows Live Writer
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{522B2AFF-08BC-AAE9-C074-6072857415E7}" = CCC Help Swedish
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5C4B623D-4F3A-4609-F666-DBD36BFDF8B1}" = CCC Help Korean
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{65DD52E5-5BAB-26CB-66DB-0A2C27CE2242}" = CCC Help French
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B65AA2D-C096-34DE-22C9-F82BE3F7E492}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{719015FD-7256-F9CD-A6CF-014B3F9D75BE}" = Catalyst Control Center Graphics Full New
"{784FA7D9-FD7E-491A-A289-3AD8C1D9813C}_is1" = ST Proxy Switcher version 3.0.48
"{839D40C8-00B2-338C-63E6-46E9F03AE114}" = CCC Help Czech
"{85906B1C-FD0E-417A-BE43-C3A4E10CFAA0}" = Adobe Illustrator 10 CE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B2F2B38-E334-4DF1-3268-197213425B8D}" = CCC Help Chinese Traditional
"{8B3953E3-C79C-88AF-CBB7-7C9687557408}" = CCC Help German
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{971CCF2C-4767-7FDA-BD9F-5C1B84FD274F}" = CCC Help Norwegian
"{9763F0A1-05D2-3B8B-69E9-863CBC2BBDC9}" = CCC Help Spanish
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9B7923E7-A4B7-672E-17D0-1B9C12CADA88}" = Catalyst Control Center Graphics Light
"{9BB7E2D9-E744-D21F-94D0-ED9DC47B85C3}" = CCC Help Portuguese
"{A035950F-15BA-41C0-9D8F-165FC0536012}" = Movie Maker
"{A04FB5AC-FB39-B5CE-BBB4-3E2AA569B6EC}" = CCC Help Japanese
"{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}" = Fotogalerie
"{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}" = ioCentre
"{A6F90342-311E-FE77-2461-5B398D395C07}" = Catalyst Control Center Graphics Previews Common
"{A794ED96-BF39-99BD-ADB4-EE899BAB1275}" = CCC Help Thai
"{A95654B2-4E5B-E98D-C3AA-34037DEBDE65}" = CCC Help Italian
"{AA891DD9-E2ED-D5FE-F303-CD8D1DD5DC4E}" = Catalyst Control Center Localization All
"{AC76BA86-7AD7-1029-7B44-A90000000001}" = Adobe Reader 9 - Czech
"{B01E17BB-55FE-E2DA-7594-63201FC82A21}" = Catalyst Control Center Graphics Previews Vista
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{EB91007A-0110-42A6-B869-2709955A9B2A}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F9FABC27-A955-4EDC-7732-F5BADB80F546}" = ccc-core-static
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIMP2" = AIMP2
"Audacity_is1" = Audacity 1.2.3
"Cossacks : Back To War" = Cossacks - Back To War
"Dawn of the Dead - Screensaver 2" = Dawn of the Dead - Screensaver 2
"inet_srv_is1" = Intranetový server
"InstallShield_{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 cs)" = Mozilla Firefox 17.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.1.2013 16:00:46 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.1.2013 6:39:28 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.1.2013 8:08:34 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.1.2013 10:27:15 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.1.2013 7:02:29 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.1.2013 3:58:32 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.1.2013 10:49:30 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.1.2013 6:41:39 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.1.2013 4:21:15 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.1.2013 4:47:56 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 14.10.2012 15:46:45 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :0 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 15:49:00 | Computer Name = Petr-PC | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{2C0C2ABC-0964-4FC3-8811-86B2A3156D4E},
protože jiný počítač v síti má stejný název. Server nelze spustit.
Error - 14.10.2012 15:49:00 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :0 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 15:49:00 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :20 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 16:18:00 | Computer Name = Petr-PC | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{2C0C2ABC-0964-4FC3-8811-86B2A3156D4E},
protože jiný počítač v síti má stejný název. Server nelze spustit.
Error - 14.10.2012 16:18:00 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :0 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 16:18:00 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :20 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 16:20:14 | Computer Name = Petr-PC | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{2C0C2ABC-0964-4FC3-8811-86B2A3156D4E},
protože jiný počítač v síti má stejný název. Server nelze spustit.
Error - 14.10.2012 16:20:14 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :20 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
Error - 14.10.2012 16:20:15 | Computer Name = Petr-PC | Source = NetBT | ID = 4321
Description = Název PETR-PC :0 nelze zaregistrovat v rozhraní s IP adresou
147.229.202.117. Počítač s IP adresou 147.229.203.32 nepovolil získání názvu tímto
počítačem.
< End of report >
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu +
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\Windows\amapro.dat
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Drive C: | 149,04 Gb Total Space | 20,12 Gb Free Space | 13,50% Space Free |
Málo volného místa na syst. disku , máš mít alespoň 15% volného místa , něco odinstaluj , smaž.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 6&st=12&q={searchTerms}&barid={C75A8F47-14D9-4ED2-8B50-CAABFAF79B59}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=110227&tt=0113_2&babsrc=SP_ss&mntrId=b4c9fd780000000000000024d2d9cb2e
IE - HKCU\..\SearchScopes\{399a1442-7377-49e7-8d77-6dc9ed5968c1}: "URL" = http://www.zbozi.cz/?q={searchTerms}&sourceid=quicksearch_6826
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=vmn&t ... 2_0yach&q={searchTerms}&ei=UTF-8
IE - HKCU\..\SearchScopes\{5cf5d387-d87c-4408-9a6b-301b0713d62a}: "URL" = http://www.mapy.cz/?query={searchTerms}&sourceid=quicksearch_6826
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3270697B-AF41-442B-9B68-B92658EC0456}&mid=d0ea625b9d4b47d0a970d16f64cbe7ff-b9877e41c588ee287fbf45f78c1202b7dcd5dce5&lang=cs&ds=is015&pr=sa&d=2012-05-31 17:53:18&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{eb97f7df-1773-4916-aae6-5af74da8c69d}: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 6&st=12&q={searchTerms}&barid={C75A8F47-14D9-4ED2-8B50-CAABFAF79B59}
FF - prefs.js..extensions.enabledAddons: %7Bea614400-e918-4741-9a97-7a972ff7c30b%7D:2.5.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.http: " 75.127.85.2"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 1
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Petr\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Petr\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll File not found
[2012.12.18 23:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petr\AppData\Roaming\Mozilla\Extensions
[2012.12.20 09:22:28 | 000,000,000 | ---D | M] (Yandex.Bar) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013.01.16 09:25:48 | 000,631,292 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.01.16 09:25:48 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.16 09:25:48 | 000,121,914 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.01.16 09:25:48 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\TDSSKiller_Quarantine
C:\Windows\_MSRSTRT.EXE
C:\Windows\ss3unstl.exe
C:\Windows\impborl.dll
C:\Windows\ativpsrm.bin
C:\Users\Petr\AppData\Roaming\Babylon
C:\Users\Petr\AppData\Roaming\Yandex
:Reg
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
""=""%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
""=""%1" %*"
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\Windows\amapro.dat
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Drive C: | 149,04 Gb Total Space | 20,12 Gb Free Space | 13,50% Space Free |
Málo volného místa na syst. disku , máš mít alespoň 15% volného místa , něco odinstaluj , smaž.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 78 hostů