Notebook známého prý zamrzá

[tuvok07]

Nejsem si jist legalitou systému a AV - takže prosím o shovívavost, budu řešit případně s majitelem

Logfile of random's system information tool 1.10 (written by random/random)
Run by JJ at 2015-10-24 13:25:05
Microsoft Windows 7 Ultimate
System drive C: has 5 GB (4%) free of 114 GB
Total RAM: 3062 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:25:07, on 24.10.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\Synaptics\Scrybe\scrybe.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\JJ\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\JJ\Downloads\RSIT.exe
C:\Program Files\trend micro\JJ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 1D723AF87D}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
R3 - URLSearchHook: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
R3 - URLSearchHook: FroggyBoss Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Froggy.dll
O2 - BHO: Browser Extensions - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: MrFroggy - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - (no file)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Minibar BHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\JJ\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\JJ\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O4 - Global Startup: Scrybe.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Aktualizátor aplikace Scrybe (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 9586 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\g6yxs9ka.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "https://de.search.yahoo.com/search?fr=g ... =888596&p="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ei.BringMeSports_1c.com/Plugin]
"Description"=BringMeSports Plugin
"Path"=C:\Program Files\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\g6yxs9ka.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\g6yxs9ka.default\searchplugins\
yahoo_ff.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-22 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12 1725056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-22 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-31 2221352]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-06-26 7596576]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-06-26 1833504]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2012-09-13 1009288]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-14 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=C:\Users\JJ\AppData\Roaming\Seznam.cz\szninstall.exe -c []
"cz.seznam.software.szndesktop"=C:\Users\JJ\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-14 221184]
"GarminExpressTrayApp"=C:\Program Files\Garmin\Express Tray\ExpressTray.exe [2015-09-11 1403192]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2015-09-17 57872904]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
PHOTOfunSTUDIO HD Edition.lnk - C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
Scrybe.lnk - C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-10-24 13:17:46 ----D---- C:\rsit
2015-10-24 13:17:46 ----D---- C:\Program Files\trend micro
2015-10-23 10:38:23 ----D---- C:\Program Files\Common Files\Skype
2015-10-22 18:58:32 ----D---- C:\Program Files\Mozilla Firefox
2015-10-22 18:46:00 ----D---- C:\ProgramData\ESET
2015-10-22 18:45:48 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 month======

2015-10-24 13:25:06 ----D---- C:\Windows\Temp
2015-10-24 13:22:55 ----D---- C:\Windows\system32\config
2015-10-24 13:21:28 ----D---- C:\Windows\Prefetch
2015-10-24 13:17:46 ----D---- C:\Program Files
2015-10-24 13:11:29 ----D---- C:\Users\JJ\AppData\Roaming\Skype
2015-10-24 13:10:07 ----SHD---- C:\Windows\Installer
2015-10-24 13:10:07 ----D---- C:\Windows\tracing
2015-10-24 13:10:06 ----SHD---- C:\Config.Msi
2015-10-24 13:08:39 ----RD---- C:\Program Files\Skype
2015-10-23 14:04:55 ----SHD---- C:\System Volume Information
2015-10-23 11:19:11 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-10-23 10:53:44 ----D---- C:\Windows\System32
2015-10-23 10:53:35 ----D---- C:\Windows\system32\Tasks
2015-10-23 10:38:39 ----D---- C:\ProgramData\Skype
2015-10-23 10:38:23 ----D---- C:\Program Files\Common Files
2015-10-23 03:25:15 ----D---- C:\Windows\system32\wfp
2015-10-23 03:25:15 ----D---- C:\Windows\system32\catroot2
2015-10-23 03:25:14 ----D---- C:\Windows\system32\Macromed
2015-10-23 03:25:05 ----D---- C:\Windows\system32\wbem
2015-10-23 03:25:04 ----D---- C:\Windows\registration
2015-10-22 20:25:25 ----D---- C:\Users\JJ\AppData\Roaming\Browser Extensions
2015-10-22 18:59:25 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-10-22 18:47:24 ----D---- C:\Windows\system32\drivers
2015-10-22 18:47:24 ----D---- C:\Windows\system32\catroot
2015-10-22 18:47:23 ----D---- C:\Windows\system32\DriverStore
2015-10-22 18:47:23 ----D---- C:\Windows\inf
2015-10-22 18:46:00 ----HD---- C:\ProgramData
2015-10-22 18:38:35 ----D---- C:\ProgramData\AVAST Software
2015-10-22 18:38:31 ----D---- C:\Windows
2015-10-22 17:33:41 ----D---- C:\ProgramData\Package Cache
2015-10-22 17:32:05 ----D---- C:\Windows\Tasks
2015-09-25 13:48:53 ----D---- C:\Program Files\Garmin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-09-23 205800]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-09-23 145512]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2015-09-23 131640]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2009-07-14 117248]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 73216]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-06-26 2385760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-31 1335472]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 AF15BDA;AF9015 BDA Device; C:\Windows\system32\DRIVERS\AF15BDA.sys [2012-02-23 483200]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2012-04-18 15720]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2010-10-08 25856]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-01-30 90112]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-12-24 193792]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-03-10 594976]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\System32\bgsvcgen.exe [2007-06-15 145504]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2015-10-09 1971968]
R2 ScrybeUpdater;Aktualizátor aplikace Scrybe; C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-09-07 100864]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-22 269000]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Garmin Device Interaction Service;Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [2015-09-11 762272]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-01-25 194032]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-22 147624]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-24 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-09 46528]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

[Rudy]

Zdravím!
Zkusíme tento sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy.

[tuvok07]

Už dávám MBAM páč jsem v logu zahlíd spigota a ještě v PC pár známých tak pak to udělám
Jinak zámrzy jsem nepozoroval spíš je to pomalé - ale kdoví co může známý mít za zámrz

[tuvok07]

teda vlastně jsem dal MBAM cca dvě a čtvrt hodiny nazpět.
Jdu stahnout OTL.

[tuvok07]

Napřed pro jistotu mbam Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 24.10.2015
Čas skenování: 15:15
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.10.24.03
Databáze rootkitů: v2015.10.23.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7
CPU: x86
Souborový systém: NTFS
Uživatel: JJ

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 436363
Uplynulý čas: 2 hod, 28 min, 38 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 33
PUP.Optional.MiniBar, HKLM\SOFTWARE\CLASSES\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}, , [368d2d2dc0cbee48f39279a6f111ab55],
PUP.Optional.MiniBar, HKLM\SOFTWARE\CLASSES\TYPELIB\{4F9AD2F2-3A64-470E-93F7-A03423E52ACA}, , [368d2d2dc0cbee48f39279a6f111ab55],
PUP.Optional.MiniBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{8A41F062-A222-4322-A8C4-26218BE869B9}, , [368d2d2dc0cbee48f39279a6f111ab55],
PUP.Optional.MiniBar, HKLM\SOFTWARE\CLASSES\INTERFACE\{C6A61AAE-D30B-4E7A-A3D8-8A34E5BA3414}, , [368d2d2dc0cbee48f39279a6f111ab55],
PUP.Optional.SweetPacks, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, , [b60d401ae4a732048b68869b8082f10f],
PUP.Optional.SweetPacks, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, , [b60d401ae4a732048b68869b8082f10f],
PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [7152f7632f5c171ffeb6887446bb3cc4],
PUP.Optional.MiniBar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AA74D58F-ACD0-450D-A85E-6C04B171C044}, , [556eff5b27643cfa1275f12edd257789],
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [ccf7aab05b3055e1bd4203198e740ff1],
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, , [e7dcbf9be2a9c2748080908d1ee45aa6],
PUP.Optional.ATDheNetTVAp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1ClickDownload, , [6e55a0bafc8f4fe7e529212a9f64966a],
PUP.Optional.Iminent, HKLM\SOFTWARE\Iminent, , [4d764416becd4ee81be8491c26dd8977],
PUP.Optional.SpeedChecker.PrxySvrRST, HKLM\SOFTWARE\Speedchecker Limited, , [9d262436602b2d09f5a45323d929946c],
PUP.Optional.SweetIM, HKLM\SOFTWARE\SweetIM, , [497a88d2494226100c54fa889f6408f8],
PUP.Optional.ATDheNetTVAp, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bgnnidmnbdkmhfkjgdnngciimpdgohok, , [d3f01f3bbdce39fd749c301b768dd62a],
PUP.Optional.Bandoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B5EEBE1-886D-4358-B4E2-091E1EF537DB}, , [01c2b7a3820942f4cda391badb28f808],
PUP.Optional.Bandoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2676C55-AEAA-45E7-A117-D784A86AA202}, , [f0d33525acdfc175a0d0133859aa5ba5],
PUP.Optional.SearchResults, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, , [efd487d3296244f20357b3c84ab9d22e],
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, , [f4cfb3a70a8176c0cb9d450e996a4eb2],
PUP.Optional.MiniBar, HKLM\SOFTWARE\MINIBAR, , [61621545038852e4add5511d2bd8d22e],
PUP.Optional.MindSpark, HKLM\SOFTWARE\MOZILLAPLUGINS\@ei.BringMeSports_1c.com/Plugin, , [744f4a10dbb023139f733f2f47bc0bf5],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, , [5370f664b8d3e74fe7081c54d82adf21],
PUP.Optional.1ClickDownload, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\1ClickDownload, , [1fa45406a4e78babadaa98b05fa4ac54],
PUP.Optional.DataMngr, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\Datamngr, , [388be179a3e887af4f07d7814fb4b64a],
PUP.Optional.Somoto, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\Somoto, , [1aa945151675da5ca8ceea95a75cba46],
PUP.Optional.SweetIM, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\SweetIM, , [7c47baa0e6a589ad3526a2e00ff4b34d],
PUP.Optional.SerachQU, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\APPDATALOW\SOFTWARE\searchqutoolbar, , [d4ef46141774db5bf2ccf686f21101ff],
PUP.Optional.BrowserExtensions, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS, , [cef50753a9e23bfbe4f069e58b781de3],
PUP.Optional.FilesFrog, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\BI, , [784be5757a11fb3b2b6e025b956eb848],
PUP.Optional.Spigot, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{35F17179-19D9-4B58-A3A3-71294402C14D}, , [1da695c58cff1f1775b37e02c43f55ab],
PUP.Optional.SearchResults, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, , [dde6e773761514224712b3c859aac63a],
PUP.Optional.Somoto, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\SOMOTO\SDP, , [7b48adad3754201675023c4306fd42be],
PUP.Optional.FilesFrog, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FilesFrog Update Checker, , [09ba2b2fdcaf0531e620e07208fa6c94],

Hodnoty registru: 20
PUP.Optional.MiniBar, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{539F76FD-084E-4858-86D5-62F02F54AE86}, , [368d2d2dc0cbee48f39279a6f111ab55],
PUP.Optional.InboxToolBar, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, exé׏‘äAśĐ%« WLč, , [e7dcbf9be2a9c2748080908d1ee45aa6]
PUP.Optional.InboxToolBar, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, , [14af2c2e197237ff02fe9f7efe040ef2],
PUP.Optional.SweetPacks, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [17acbb9fa2e988ae7c763be6d230f60a],
PUP.Optional.SweetPacks, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{EEE6C35B-6118-11DC-9C72-001320C79847}, ????????, , [17acbb9fa2e988ae7c763be6d230f60a]
PUP.Optional.MiniBar, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{539F76FD-084E-4858-86D5-62F02F54AE86}, , [cbf8c9913c4f65d1d5b0ed32c53db54b],
PUP.Optional.Bandoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B5EEBE1-886D-4358-B4E2-091E1EF537DB}|AppPath, C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar, , [01c2b7a3820942f4cda391badb28f808]
PUP.Optional.Bandoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2676C55-AEAA-45E7-A117-D784A86AA202}|AppPath, C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar, , [f0d33525acdfc175a0d0133859aa5ba5]
PUP.Optional.SearchResults, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|URL, http://dts.search-results.com/sr?src=ie ... earchTerms}, , [efd487d3296244f20357b3c84ab9d22e]
PUP.Optional.SearchQu, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|SuggestionsURL_JSON, http://www.searchqu.com/suggest.php?src ... s}&ft=json, , [4e7575e5f19a66d031265e1d7d8643bd]
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.conduit.com/ResultsExt.as ... =CT2475029, , [f4cfb3a70a8176c0cb9d450e996a4eb2]
PUP.Optional.SweetIM, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|URL, http://search.sweetim.com/search.asp?sr ... 1D723AF87D}, , [23a03e1c8dfe24121846a1e19f64d828]
PUP.Optional.MiniBar, HKLM\SOFTWARE\MINIBAR|NoDns, true, , [61621545038852e4add5511d2bd8d22e]
PUP.Optional.BrowserExtensions, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS|SS_Ver, 2.7, , [cef50753a9e23bfbe4f069e58b781de3]
PUP.Optional.FilesFrog, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\BI|ui_path_filesfrog, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker, , [784be5757a11fb3b2b6e025b956eb848]
PUP.Optional.Spigot, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{35F17179-19D9-4B58-A3A3-71294402C14D}|URL, https://de.search.yahoo.com/search?fr=c ... earchTerms}, , [1da695c58cff1f1775b37e02c43f55ab]
PUP.Optional.SearchResults, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|URL, http://dts.search-results.com/sr?src=ie ... earchTerms}, , [dde6e773761514224712b3c859aac63a]
PUP.Optional.SearchQu, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|SuggestionsURL_JSON, http://www.searchqu.com/suggest.php?src ... s}&ft=json, , [e7dc3426e6a52511470d413a1ee5ea16]
PUP.Optional.SweetIM, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|URL, http://search.sweetim.com/search.asp?sr ... 1D723AF87D}, , [3291aeac03887cbaaeac98ea62a19b65]
PUP.Optional.Somoto, HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\SOMOTO\SDP|affid, network_matomy_1, , [7b48adad3754201675023c4306fd42be]

Data registru: 1
PUP.Optional.SweetIM, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://home.sweetim.com/?crg=3.1010000. ... 1D723AF87D}, Dobré: (www.google.com), Špatné: (http://home.sweetim.com/?crg=3.1010000. ... 1D723AF87D}),,[19aa75e5573424125f06330054b0d030]

Složky: 26
PUP.Optional.ATDheNetTVAp, C:\Program Files\ATDheNetTVApp.com, , [6e55a0bafc8f4fe7e529212a9f64966a],
PUP.Optional.ATDheNetTVAp, C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATDheNetTVApp.com, , [f9cac694e9a2e254947b3813a06332ce],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\icons, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\includes, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango-ui, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\minibar, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\icons, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\minibar, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.OpenCandy, C:\Users\JJ\AppData\Roaming\OpenCandy, , [cef591c90289e254a153cd6a29d9ff01],
PUP.Optional.OpenCandy, C:\Users\JJ\AppData\Roaming\OpenCandy\045596C1D307440681632E1A5017791B, , [cef591c90289e254a153cd6a29d9ff01],
PUP.Optional.OpenCandy, C:\Users\JJ\AppData\Roaming\OpenCandy\295FE13340A94BAEB30F7FC5129DBBD2, , [cef591c90289e254a153cd6a29d9ff01],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, , [23a0dd7da1ea8bab991cf34cf210857b],
PUP.Optional.DataMngr, C:\Users\JJ\AppData\LocalLow\DataMngr, , [5d6614460289da5c33d73916d52d9b65],
PUP.Optional.FilesFrog, C:\Program Files\FilesFrog Update Checker, , [09ba2b2fdcaf0531e620e07208fa6c94],
PUP.Optional.FilesFrog, C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker, , [a023be9ce1aaf73f55b2a9a934ceac54],
PUP.Optional.SearchQu, C:\Users\JJ\AppData\LocalLow\searchquband, , [c9fa1f3b0d7ee05660fcacb540c20bf5],

Soubory: 111
PUP.Optional.MiniBar, C:\Program Files\Minibar\Froggy.dll, , [368d2d2dc0cbee48f39279a6f111ab55],
PUP.Optional.ATDheNetTVAp, C:\Program Files\ATDheNetTVApp.com\stv11.crx, , [6e55a0bafc8f4fe7e529212a9f64966a],
PUP.Optional.ATDheNetTVAp, C:\Program Files\ATDheNetTVApp.com\stvtemp.xpi, , [6e55a0bafc8f4fe7e529212a9f64966a],
PUP.Optional.ATDheNetTVAp, C:\Program Files\ATDheNetTVApp.com\uninst.exe, , [6e55a0bafc8f4fe7e529212a9f64966a],
PUP.Optional.ATDheNetTVAp, C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATDheNetTVApp.com\ATDheNetTVApp.lnk, , [f9cac694e9a2e254947b3813a06332ce],
PUP.Optional.ATDheNetTVAp, C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATDheNetTVApp.com\Uninstall.lnk, , [f9cac694e9a2e254947b3813a06332ce],
PUP.Optional.FreeHDSport, C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi, , [962d86d4a0ebbe78ca55a2bd798a8080],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\minibar.crx, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome_installer.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\common.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox_installer.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\ie_installer.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\install.json, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\minibar.xpi, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\sqlite3.exe, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\Uninstall.exe, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\background.html, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\cached_http_request.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\extension_info.json, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\main.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\manifest.json, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\popup.html, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\popup.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\tab.html, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\tab.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\icons\icon128.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\icons\icon19.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\icons\icon32.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\icons\icon48.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\includes\content.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\includes\content_kango.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\includes\content_messaging.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\includes\content_userscript.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango\browser.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango\console.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango\event_listener.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango\initialize.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango\io.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango\jsonstorage.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango\kango.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango\lang.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango\messaging.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango\userscript_engine.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango\xhr.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango-ui\button.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\kango-ui\ui.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\minibar\actions.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\minibar\cachedxhr.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\minibar\config.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\minibar\macros.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\chrome\minibar\minibar.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome.manifest, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\install.rdf, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\cached_http_request.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\content.xul, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\extension_info.json, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\main.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\console.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\io.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\minibar\config.json, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.MiniBar, C:\Users\JJ\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js, , [645f5109afdcaf879de3e688df2414ec],
PUP.Optional.Spigot, C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\0\searchplugins\yahoo_ff.xml, , [e4df0357d2b974c21c085a26a2619b65],
PUP.Optional.Spigot, C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\g6yxs9ka.default\searchplugins\yahoo_ff.xml, , [e1e27bdf48432d0928fc89f78c7702fe],
PUP.Optional.OpenCandy, C:\Users\JJ\AppData\Roaming\OpenCandy\295FE13340A94BAEB30F7FC5129DBBD2\TuneUpUtilities2013_2200329_cs-CZ.exe, , [cef591c90289e254a153cd6a29d9ff01],
PUP.Optional.DataMngr, C:\Users\JJ\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [5d6614460289da5c33d73916d52d9b65],
PUP.Optional.FilesFrog, C:\Program Files\FilesFrog Update Checker\uninstall.exe, , [09ba2b2fdcaf0531e620e07208fa6c94],
PUP.Optional.FilesFrog, C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk, , [a023be9ce1aaf73f55b2a9a934ceac54],
PUP.Optional.FilesFrog, C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk, , [a023be9ce1aaf73f55b2a9a934ceac54],
PUP.Optional.Spigot, C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js, Dobré: (), Špatné: (user_pref("keyword.URL", "https://de.search.yahoo.com/search?fr=g ... =888596&p=");), ,[546f91c978131e18922fdb7c1de702fe]
PUP.Optional.Spigot, C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\g6yxs9ka.default\prefs.js, Dobré: (), Špatné: (user_pref("keyword.URL", "https://de.search.yahoo.com/search?fr=g ... =888596&p=");), ,[6360fb5ff49784b2665bca8d72923cc4]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

jdu na otl

[Rudy]

Mne zajímají logy OTL.

[tuvok07]

Ten stále skenuje Pak to sem vrznu - a myslím, že nález z MBAM můžu s klidem smazat ne?

[tuvok07]

OTL logfile created on: 24.10.2015 17:49:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JJ\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 46,27% Memory free
5,98 Gb Paging File | 4,14 Gb Available in Paging File | 69,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,57 Gb Total Space | 4,66 Gb Free Space | 4,18% Space Free | Partition Type: NTFS
Drive D: | 111,55 Gb Total Space | 29,04 Gb Free Space | 26,04% Space Free | Partition Type: NTFS

Computer Name: JJ-PC | User Name: JJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.10.24 17:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JJ\Downloads\OTL.exe
PRC - [2015.10.22 18:58:59 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2015.10.12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015.10.12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015.10.09 16:30:50 | 001,971,968 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2015.10.05 09:48:34 | 009,832,760 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2015.09.22 11:52:14 | 005,532,872 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2015.09.14 09:25:38 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.01.10 18:36:54 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\JJ\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.09.02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011.05.27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.06.26 10:26:42 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
PRC - [2009.01.30 19:36:14 | 000,044,176 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe


========== Modules (No Company Name) ==========

MOD - [2011.03.31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007.04.19 10:39:08 | 000,436,992 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\FPXLIB.DLL
MOD - [2007.04.19 10:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
MOD - [2007.04.19 10:29:42 | 000,273,216 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\magengin.dll
MOD - [2007.04.19 10:29:38 | 000,187,136 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\kgl.dll


========== Services (SafeList) ==========

SRV - [2015.10.22 18:59:27 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.10.22 18:58:57 | 000,147,624 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.10.12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015.10.12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015.10.09 16:30:50 | 001,971,968 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2015.10.05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015.09.14 09:25:38 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015.09.11 08:48:32 | 000,762,272 | ---- | M] (Garmin Ltd. or its subsidiaries) [On_Demand | Stopped] -- C:\Program Files\Garmin\Device Interaction Service\GarminService.exe -- (Garmin Device Interaction Service)
SRV - [2015.07.09 13:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.07 16:37:04 | 000,100,864 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012.02.24 21:47:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - [2015.10.24 15:15:52 | 000,170,200 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2015.10.05 09:50:16 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015.10.05 09:50:04 | 000,023,256 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015.09.23 09:30:22 | 000,205,800 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2015.09.23 09:30:22 | 000,145,512 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2015.09.23 09:30:22 | 000,131,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2012.02.23 11:50:24 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2011.01.30 13:19:00 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011.01.30 13:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.12.24 06:48:26 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.10.08 11:55:06 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2010.07.27 04:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.10 13:32:34 | 000,594,976 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.02.20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 1D723AF87D}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... earchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2475029
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 1D723AF87D}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>)
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{35F17179-19D9-4B58-A3A3-71294402C14D}: "URL" = https://de.search.yahoo.com/search?fr=c ... earchTerms}
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{40C0A9AF-79EF-4CB9-A70E-EFE2CB2A2837}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_13415
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{49FFBA09-3F89-41E1-831A-B95C3B966F15}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_13415
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... earchTerms}
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{AC1BC27E-37C0-4AD8-BCD8-9D9ED08FE928}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatc ... 093&lng=cs
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{C9B552F5-A1F7-418E-92D9-1B8E14B307E0}: "URL" = http://www.firmy.cz/phr/{searchTerms}?s ... arch_13415
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{DAA38EDE-A526-4EEA-9FC7-08C9B6DB2B06}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_13415
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{DCB31281-AE66-417A-8A2C-BF02D47D9BB5}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 1D723AF87D}
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{F631DD34-FBE8-4949-AEC2-E6A2F97138BD}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{F8E7506C-6E35-4DFA-9D58-F5FBEDE2079D}: "URL" = http://www.google.com/search?q={searchT ... utEncoding?}
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.highlightCount: 3
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7Bea614400-e918-4741-9a97-7a972ff7c30b%7D:3.0.8.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:41.0.2
FF - prefs.js..keyword.URL: "https://de.search.yahoo.com/search?fr=g ... =888596&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.BringMeSports_1c.com/Plugin: C:\Program Files\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014.10.22 20:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JJ\AppData\Roaming\Mozilla\Extensions
[2014.05.27 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2015.09.24 10:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\g6yxs9ka.default\extensions
[2015.05.30 19:10:56 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\g6yxs9ka.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2012.11.18 21:10:47 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi
[2014.11.06 15:23:17 | 000,008,150 | ---- | M] () -- C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\g6yxs9ka.default\searchplugins\yahoo_ff.xml
[2015.10.24 13:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015.10.22 18:59:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015.10.22 18:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2015.10.22 18:58:36 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

O1 HOSTS File: ([2012.03.09 08:56:08 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (no name) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - No CLSID value found.
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (no name) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - No CLSID value found.
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\.DEFAULT..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd. or its subsidiaries)
O4 - HKU\S-1-5-18..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd. or its subsidiaries)
O4 - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000..\Run: [cz.seznam.software.autoupdate] "C:\Users\JJ\AppData\Roaming\Seznam.cz\szninstall.exe" -c File not found
O4 - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000..\Run: [cz.seznam.software.szndesktop] "C:\Users\JJ\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q File not found
O4 - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd. or its subsidiaries)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites)
O15 - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28B425EF-E1CD-4844-B0BC-C8B421951A06}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{662940DD-A41E-49D9-B145-5A680EB009D1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCDBE32C-88FF-4D73-8123-7E40CB0734BC}: DhcpNameServer = 192.168.1.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{12ddad7d-0331-11e3-a92a-001d723af87d}\Shell - "" = AutoRun
O33 - MountPoints2\{12ddad7d-0331-11e3-a92a-001d723af87d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3a116008-1a3a-11e3-8dfd-001d723af87d}\Shell - "" = AutoRun
O33 - MountPoints2\{3a116008-1a3a-11e3-8dfd-001d723af87d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8d28ca8c-14b8-11e3-945b-001d723af87d}\Shell - "" = AutoRun
O33 - MountPoints2\{8d28ca8c-14b8-11e3-945b-001d723af87d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ba4c2141-20eb-11e3-9c61-001d723af87d}\Shell - "" = AutoRun
O33 - MountPoints2\{ba4c2141-20eb-11e3-9c61-001d723af87d}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{f1936d08-197b-11e3-ba67-001d723af87d}\Shell - "" = AutoRun
O33 - MountPoints2\{f1936d08-197b-11e3-ba67-001d723af87d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015.10.24 15:14:10 | 000,170,200 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.10.24 15:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015.10.24 15:13:48 | 000,094,936 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.10.24 15:13:48 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015.10.24 15:13:48 | 000,023,256 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2015.10.24 15:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015.10.24 15:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.10.24 13:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.10.24 13:17:46 | 000,000,000 | ---D | C] -- C:\rsit
[2015.10.23 10:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015.10.23 10:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2015.10.22 18:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015.10.22 18:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2015.10.22 18:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2015.10.22 18:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2015.09.25 13:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012.09.19 14:52:59 | 003,927,560 | ---- | C] (Piriform Ltd) -- C:\Users\JJ\ccsetup322.exe
[2012.09.10 19:13:26 | 000,398,696 | ---- | C] (Acresso Software Inc.) -- C:\Users\JJ\Setup.exe
[2012.08.21 21:54:31 | 005,831,308 | ---- | C] (i-Systems Inc. ) -- C:\Users\JJ\FeedReader314Setup.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015.10.24 17:52:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.10.24 17:37:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.10.24 17:36:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.10.24 16:58:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.10.24 15:15:52 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.10.24 15:13:54 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.10.24 13:55:48 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.10.24 13:55:48 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.10.24 13:06:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.10.24 13:06:27 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys
[2015.10.23 10:38:24 | 000,002,719 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2015.10.22 18:59:25 | 000,780,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015.10.22 18:59:25 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015.10.05 09:50:16 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015.10.05 09:50:08 | 000,094,936 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.10.05 09:50:04 | 000,023,256 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015.10.24 17:52:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.10.24 15:13:54 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.07.19 19:24:07 | 000,007,680 | ---- | C] () -- C:\Users\JJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.08.13 16:46:50 | 000,045,400 | ---- | C] () -- C:\Windows\System32\DiscHandler.exe
[2012.09.17 17:09:34 | 000,559,004 | ---- | C] () -- C:\Users\JJ\jak-nespadnout-do-pasti.pdf
[2012.08.30 06:09:36 | 737,071,104 | ---- | C] () -- C:\Users\JJ\Rambo_4_-_Do_pekla_a_zpět.avi
[2012.08.29 20:26:17 | 734,066,688 | ---- | C] () -- C:\Users\JJ\Kriminal_(cz_dabing)BY_DERECK.avi
[2012.08.28 19:26:53 | 003,999,063 | ---- | C] () -- C:\Users\JJ\klíma.jpg
[2012.08.26 22:08:21 | 994,842,624 | ---- | C] () -- C:\Users\JJ\Spojenec_2006-akcni_thriler,bomba_filmek-Hammett.avi
[2012.08.21 20:17:58 | 994,807,808 | ---- | C] () -- C:\Users\JJ\Vendeta_(2011).avi
[2012.08.06 20:23:08 | 000,905,950 | ---- | C] () -- C:\Users\JJ\dtest-aaa-auto-nedava-slevy-zadarmo.pdf
[2012.07.15 12:09:52 | 000,000,936 | ---- | C] () -- C:\Users\JJ\AppData\Local\SRDownloader.nast
[2012.06.23 19:48:01 | 000,000,387 | ---- | C] () -- C:\Users\JJ\AppData\Roaming\burnaware.ini
[2012.06.21 20:01:16 | 000,000,936 | ---- | C] () -- C:\Users\JJ\AppData\Local\SRDownloader[1].nast
[2012.02.13 22:10:01 | 000,135,848 | ---- | C] () -- C:\Users\JJ\ffdshow.reg
[2012.02.11 20:01:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014.07.24 19:18:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Garmin
[2014.07.24 19:18:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Garmin
[2012.06.23 19:23:50 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Ashampoo
[2015.10.22 20:25:25 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Browser Extensions
[2013.12.18 20:40:14 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\DVDFab
[2014.06.20 20:13:27 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Garmin
[2012.02.11 12:58:35 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\GHISLER
[2012.12.25 11:49:17 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Leadertech
[2014.09.24 20:29:09 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\MPC-HC
[2013.01.10 19:48:36 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\OpenCandy
[2012.12.05 20:57:38 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\OpenOffice.org
[2012.05.22 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Panasonic
[2013.06.05 17:27:00 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\PDM
[2014.12.15 21:05:04 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Seznam Browser
[2015.05.29 19:43:52 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Seznam.cz
[2012.03.09 09:11:15 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Synaptics
[2015.03.25 12:41:14 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\TeamViewer
[2013.09.09 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Telefónica Móviles
[2013.01.10 11:41:04 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:53:46 | 000,032,634 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2014.01.25 19:04:49 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.01.25 19:04:52 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2015.02.09 23:21:20 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2015.10.05 09:48:32 | 000,893,752 | ---- | M] (MalwareBytes) MD5=E9A75E4B409A01E52055CE7CCA7FF925 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.09.29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013.01.03 07:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2013.01.04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2011.09.29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011.09.29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2013.01.04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\System32\drivers\tcpip.sys
[2013.01.04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2015.10.05 09:48:32 | 000,893,752 | ---- | M] (MalwareBytes) MD5=E9A75E4B409A01E52055CE7CCA7FF925 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[40 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.02.24 16:05:57 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Adobe
[2012.05.27 22:42:26 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\ArcSoft
[2012.06.23 19:23:50 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Ashampoo
[2015.10.22 20:25:25 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Browser Extensions
[2014.11.06 16:34:33 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\dvdcss
[2013.12.18 20:40:14 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\DVDFab
[2014.06.20 20:13:27 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Garmin
[2012.02.11 12:58:35 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\GHISLER
[2012.02.11 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Identities
[2012.05.21 22:16:45 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\InstallShield
[2012.12.25 11:49:17 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Leadertech
[2012.02.11 17:48:39 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Macromedia
[2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Media Center Programs
[2013.05.22 20:44:38 | 000,000,000 | --SD | M] -- C:\Users\JJ\AppData\Roaming\Microsoft
[2014.10.22 20:19:59 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Mozilla
[2014.09.24 20:29:09 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\MPC-HC
[2013.01.10 19:48:36 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\OpenCandy
[2012.12.05 20:57:38 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\OpenOffice.org
[2012.05.22 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Panasonic
[2013.06.05 17:27:00 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\PDM
[2014.12.15 21:05:04 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Seznam Browser
[2015.05.29 19:43:52 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Seznam.cz
[2015.10.24 18:11:53 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Skype
[2012.11.04 21:07:59 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\skypePM
[2012.03.09 09:11:15 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Synaptics
[2015.03.25 12:41:14 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\TeamViewer
[2013.09.09 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Telefónica Móviles
[2013.01.10 11:41:04 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\TuneUp Software
[2015.09.19 20:50:42 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\vlc
[2012.09.19 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2013.12.06 15:52:30 | 000,010,134 | R--- | M] () -- C:\Users\JJ\AppData\Roaming\Microsoft\Installer\{FD2E172E-1937-488C-8AA2-AC4E623689CF}\ARPPRODUCTICON.exe
[2013.12.06 15:52:30 | 000,031,662 | R--- | M] () -- C:\Users\JJ\AppData\Roaming\Microsoft\Installer\{FD2E172E-1937-488C-8AA2-AC4E623689CF}\RescueHelicopter.exe_FD2E172E1937488C8AA2AC4E623689CF.exe
[2013.12.06 15:52:30 | 000,008,854 | R--- | M] () -- C:\Users\JJ\AppData\Roaming\Microsoft\Installer\{FD2E172E-1937-488C-8AA2-AC4E623689CF}\Uninstall_Rescue_Hel_FD2E172E1937488C8AA2AC4E623689CF.exe
[2012.11.28 01:39:16 | 027,905,968 | ---- | M] (TuneUp Software) -- C:\Users\JJ\AppData\Roaming\OpenCandy\295FE13340A94BAEB30F7FC5129DBBD2\TuneUpUtilities2013_2200329_cs-CZ.exe
[2014.12.15 17:15:40 | 047,414,370 | ---- | M] () -- C:\Users\JJ\AppData\Roaming\Seznam Browser\Seznam.cz.exe
[2014.12.15 21:05:02 | 000,099,308 | ---- | M] () -- C:\Users\JJ\AppData\Roaming\Seznam Browser\uninstall.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2015.10.24 17:58:05 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2015.10.24 17:36:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.10.24 17:37:00 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2015.10.24 15:15:52 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\Windows\system32\drivers\MBAMSwissArmy.sys

< %systemroot%\system32\*.* /3 >
[2015.10.24 13:55:48 | 000,010,288 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.10.24 13:55:48 | 000,010,288 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.10.22 18:59:25 | 000,780,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2015.10.22 18:59:25 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"cz.seznam.software.autoupdate" = "C:\Users\JJ\AppData\Roaming\Seznam.cz\szninstall.exe" -c
"cz.seznam.software.szndesktop" = "C:\Users\JJ\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup -- [2004.06.14 18:18:48 | 000,221,184 | ---- | M] (InstallShield Software Corporation)
"GarminExpressTrayApp" = "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" -- [2015.09.11 08:48:04 | 001,403,192 | ---- | M] (Garmin Ltd. or its subsidiaries)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2015.09.17 22:18:56 | 057,872,904 | R--- | M] (Skype Technologies S.A.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2015.10.22 18:58:59 | 000,377,000 | ---- | M] (Mozilla Corporation) MD5=14DCA74CB34502CA919966F31FBB8B0D -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013.04.16 09:51:12 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.10.24 17:52:59 | 000,000,512 | ---- | M] () MD5=51ECE4C6A524A82DE2D3C46126363774 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2010.03.24 20:12:34 | 000,249,680 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2010.03.24 20:12:34 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2011.04.29 11:53:44 | 000,011,917 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMCommon\FreemakeCommon\Profiles\FmDownloaderProfiles.xml
[2012.12.13 19:17:38 | 000,014,336 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.Detector.dll
[2012.12.13 19:17:38 | 000,006,656 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.GlobalSettings.dll
[2012.12.13 19:17:38 | 000,011,264 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.HtmlParser.dll
[2012.12.13 19:17:38 | 000,036,352 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.Interface.dll
[2012.12.13 19:17:38 | 000,017,408 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.Miscellaneous.dll
[2012.12.13 19:17:38 | 000,048,640 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.SmartDownloader.Core.dll
[2012.12.13 19:17:38 | 000,159,744 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.SmartDownloader.Extensions.dll
[2012.12.13 19:17:38 | 000,018,944 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.Subtitles.dll
[2012.12.13 19:17:38 | 000,080,896 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.SupportedSite.dll
[2012.12.13 19:17:38 | 000,018,944 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.TrackDownloaderLib.dll
[2012.12.13 19:17:38 | 000,003,584 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloaderDeploy.dll
[2011.03.16 14:12:40 | 000,034,304 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Uploader\FMYouTubeUploader.dll
[2012.08.03 14:00:38 | 000,064,651 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FreemakeVideoConverter\Resources\VideoDownloader.png
[2012.08.03 14:00:38 | 000,064,719 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FreemakeVideoConverter\Resources\VideoDownloaderOn.png
[2015.09.11 08:46:58 | 000,042,496 | ---- | M] () -- \Program Files\Garmin\Device Interaction Service\Garmin.Cartography.MyDownloader.Core.dll
[2012.08.13 11:52:58 | 000,006,081 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2012.08.10 17:50:58 | 000,020,992 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2012.08.13 12:04:18 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2012.08.10 17:50:54 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2012.08.13 11:12:36 | 000,003,868 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2009.01.15 08:51:08 | 000,094,208 | ---- | M] () -- \Program Files\Panasonic\PHOTOfunSTUDIO\Core\MediaLoader.dll
[2009.01.15 13:10:32 | 000,048,784 | ---- | M] () -- \Program Files\Panasonic\PHOTOfunSTUDIO\Core\YouTubeUploaderMain.exe
[2009.01.06 11:00:38 | 000,344,064 | ---- | M] () -- \Program Files\Panasonic\PHOTOfunSTUDIO\Core\YTUploader.dll
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2011.04.29 11:53:44 | 000,011,917 | ---- | M] () -- \ProgramData\Freemake\FreemakeUtilsService\ErrorReporter\FMCommon\FreemakeCommon\Profiles\FmDownloaderProfiles.xml
[2011.04.29 11:53:44 | 000,011,917 | ---- | M] () -- \Users\All Users\Freemake\FreemakeUtilsService\ErrorReporter\FMCommon\FreemakeCommon\Profiles\FmDownloaderProfiles.xml
[2012.07.27 05:36:03 | 000,000,936 | ---- | M] () -- \Users\JJ\AppData\Local\SRDownloader.nast
[2012.06.21 20:01:16 | 000,000,936 | ---- | M] () -- \Users\JJ\AppData\Local\SRDownloader[1].nast
[2015.10.22 20:36:00 | 000,001,980 | ---- | M] () -- \Users\JJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PSWWBX3\AdLoader[1].htm
[2015.10.22 20:36:00 | 000,019,121 | ---- | M] () -- \Users\JJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VU7IIU8\AdLoader-288a31a04e1398b1a794975bf93ce9a4.min[1].js
[2015.09.24 09:51:55 | 000,019,121 | ---- | M] () -- \Users\JJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ9YXD87\AdLoader-288a31a04e1398b1a794975bf93ce9a4.min[1].js
[2015.08.18 16:18:52 | 000,072,638 | ---- | M] () -- \Users\JJ\AppData\Local\Skype\Apps\login\images\loader.gif
[2015.08.18 16:18:52 | 000,003,032 | ---- | M] () -- \Users\JJ\AppData\Local\Skype\Apps\login\images\loader.png
[2015.08.18 16:18:52 | 000,006,012 | ---- | M] () -- \Users\JJ\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2015.08.18 16:18:52 | 000,021,956 | ---- | M] () -- \Users\JJ\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2015.08.18 16:18:52 | 000,009,772 | ---- | M] () -- \Users\JJ\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.03.21 17:46:34 | 000,044,032 | ---- | M] () -- \Users\JJ\Desktop\Garmin\Core Update Service\Garmin.Cartography.MyDownloader.Core.dll
[2012.07.15 12:09:21 | 000,904,192 | ---- | M] () -- \Users\JJ\Downloads\SRDownloader.exe
[2010.10.06 12:50:24 | 000,002,454 | ---- | M] () -- \Users\JJ\Rescue Helicopter\tools\editorClasses\scripts\fileLoader.ed.cs
[2010.11.20 08:28:20 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_178685823786d34d.manifest
[2010.11.20 08:38:52 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_d8268e5f2967c990.manifest
[2012.10.04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\ad7b8cfdb711865249ce6247b8e8e8d1\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\ad7b8cfdb711865249ce6247b8e8e8d1\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\ad7b8cfdb711865249ce6247b8e8e8d1\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\ad7b8cfdb711865249ce6247b8e8e8d1\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.26 19:52:20 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.26 19:52:20 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.26 19:52:20 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2009.07.14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2012.02.24 21:55:23 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2012.02.24 21:55:23 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2012.02.24 21:55:23 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.26 19:50:45 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 06:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

[tuvok07]

OTL Extras logfile created on: 24.10.2015 17:49:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JJ\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 46,27% Memory free
5,98 Gb Paging File | 4,14 Gb Available in Paging File | 69,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,57 Gb Total Space | 4,66 Gb Free Space | 4,18% Space Free | Partition Type: NTFS
Drive D: | 111,55 Gb Total Space | 29,04 Gb Free Space | 26,04% Space Free | Partition Type: NTFS

Computer Name: JJ-PC | User Name: JJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012CACC4-A6DA-42CE-8849-DACD6A45EA41}" = lport=138 | protocol=17 | dir=in | app=system |
"{20B3DC63-1CA2-4253-8328-ADFAF3FBE856}" = rport=137 | protocol=17 | dir=out | app=system |
"{3281B8F0-2B2E-4E68-9993-B173A6B4801E}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{3EEE4A20-41AC-4CF4-AFD0-1A2E1C677C43}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{509343C0-46A6-4AC6-88DB-84D64C5025FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{512F286C-CEA2-44EF-940A-B9BB56908B8A}" = lport=445 | protocol=6 | dir=in | app=system |
"{5784AC4D-F73C-4822-BBF1-2ED8FBCC574A}" = rport=138 | protocol=17 | dir=out | app=system |
"{65586CF2-F812-48EC-9EB6-72FECE986D01}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{676DD5D7-69E7-49CB-A9DC-F0DF49D16B87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{689D8017-D114-41DA-B789-E786AB7D0964}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6A575AC9-4848-47AF-A312-600A37F4F581}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6AA55189-23B6-4C35-88D3-3BE8C9D06AC0}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{6C50F148-1A1A-4B97-9790-8081BE5DE5A2}" = rport=445 | protocol=6 | dir=out | app=system |
"{753F46B0-7E74-47BC-9E4C-F4B6F9AF22EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7764D544-D74D-42E1-B8CE-5406F825B1D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8133EA0A-47E2-4F7E-BFE3-EA0B2864101B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{991F6A04-506E-43B0-A508-CBAFB17173FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD4ABC67-7168-4265-911D-6BF0337A8730}" = lport=139 | protocol=6 | dir=in | app=system |
"{B193E76D-B4DC-40C6-A245-18E9B04DDD95}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4FD89DB-238B-42B7-9671-1FEFF45FC1E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BADB4C4E-9B97-4EF5-A560-64F3C0F79A6B}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{BB063D56-89F8-4C67-92DA-F48974F28416}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE6E264A-8AD0-479F-9F4C-79DE29558E28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C90A9C74-35FA-476D-BF9C-C34708A81D6C}" = lport=137 | protocol=17 | dir=in | app=system |
"{DB94BDC6-8A31-4291-8F13-5610AED3035A}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD57DAE3-B42D-4FD3-BA50-A3955DBB6818}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDD231F1-E8C6-4249-A909-2ABFB5EF68B6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E012C7F0-C6E9-49FF-B5F4-A2956ED8CC75}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E23BD8DC-D1B5-46EF-AE67-B44A9B809819}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC796A0A-E129-46F6-AF61-D1C4D5FD2913}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EDFB9BF4-F3A6-43EF-8D98-592309E81794}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F49A6087-D4F4-4A62-AE73-122F844FD986}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBC082E1-03C8-4373-8A9C-D0568A4B7173}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AF562D-7852-47E6-B80F-A53CBB34C5C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{0C8E29E0-BE76-49F0-9D59-2D6254C85582}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{0D02D95C-C13D-4391-945D-B1707FEBAC94}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1DA99710-684F-46A5-9DAE-0E3E2D793179}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1EBB9492-5F0B-4A78-A6BD-73775981B6E5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{2631AC4B-67CD-486A-A569-275BF808DFFC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{30A3D6D8-B3D4-4D00-8A8E-7F9DC7ECE038}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{31ABB315-8234-4991-B0C7-3E2C5E1CDBCB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{36B068E3-D93A-4FD4-AEAF-722C312E2023}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43329D10-5335-41A8-B769-5E2AA201A4C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44E20C97-5F6D-47E5-8956-B4CD7D53504A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{566FA967-890F-454B-950C-609F813E19C1}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{5FE92FFB-6FF4-40F4-9477-34E527ABFFA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66C7E1F6-A733-41DB-94D4-0BD070F28B88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{672284B5-09D7-41C7-8A5D-7F8DF652CD0F}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{67C12F0E-9374-45ED-97D1-15AE7DEA3F33}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{739C4A94-B0D2-4C6A-85B8-524CA3912278}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{81186374-8DCB-4CFD-8672-4BCC600EE729}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEF2942D-C8C6-431E-8333-94DC283EC977}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B04A70D0-692B-44C6-B80D-A27F5FF02D82}" = protocol=6 | dir=out | app=system |
"{B11C7F83-622E-459E-A5B4-BE33393E4968}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{C380296A-CDB0-4BE1-AF66-7818EC2BDFC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCFDD645-9537-4AE7-AA84-F837B9C8AC06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D15D7022-EDB0-4D61-9A91-29E8D6479617}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6151C3D-AA9B-4165-8FC8-186A23D154E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D82C6DC3-A3CF-462B-B4D1-91505AC755B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DFC84DDA-69AB-4E43-B8AA-701C02FC80EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F0A3A2C9-BFB1-4077-BC16-17E7B460D717}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{08323563-CF50-47B4-B6ED-06A2693AAB61}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{3F23A7FB-A073-4DB0-B848-6E703604942C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1A61D2AC-2D44-4719-A00D-5B312734DC90}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{DC477549-B244-4BBE-8785-C0EACEEE45DE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E0AF527-0B8E-4F8A-BA27-CB3C359998C6}" = OpenOffice.org 3.4.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}" = Garmin Express
"{453C9E55-80DF-4BD2-9885-52A1FB0D9382}" = eReader
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6A0549A9-1B96-498C-ACBC-3943001FEB19}" = Skype™ 7.11
"{6B768BE6-8E58-4865-B47D-6B7ECCEA9D3E}" = ESET NOD32 Antivirus
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5 CSY Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A88D9E0C-863A-4189-A051-FC48B3E43668}" = Elevated Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC14C5A3-D75A-4BF7-8FD5-DF11E3CE6EC1}" = ANT Drivers Installer x86
"{AC76BA86-0804-1033-1959-001824157129}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.13) - Czech
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CF2FF2C3-3013-33E4-8413-92090A340FE1}" = Microsoft .NET Framework 4.5 CSY Language Pack
"{DF98E789-84E2-4DB9-94C1-321443D4B7DB}" = Garmin Express Tray
"{E247A9DB-7405-4D3A-A447-4C6184A66133}" = Garmin Express
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FD2E172E-1937-488C-8AA2-AC4E623689CF}" = Rescue Helicopter
"1ClickDownload" = ATDheNetTVApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 19 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 19 NPAPI
"BurnAware Free_is1" = BurnAware Free 6.4
"CCleaner" = CCleaner
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
"DVDFab 8 Qt_is1" = DVDFab 8.1.6.0 (01/02/2012) Qt
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
"ffdshow_is1" = ffdshow v1.1.3631 [2010-11-15]
"FilesFrog Update Checker" = FilesFrog Update Checker
"Freemake Video Converter_is1" = Freemake Video Converter verze 3.2.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LayoutsExpress" = LayoutsExpress
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.2.0.1024
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 41.0.2 (x86 cs)" = Mozilla Firefox 41.0.2 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Poker Mania_is1" = Poker Mania v3.2.1
"SpeedConnect Connection Tester_is1" = SpeedConnect Connection Tester
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3A787631-66A2-4634-B928-A37E73B58FB6}" = Browser Extensions
"Seznam Browser" = Prohlížeč Seznam.cz
"SeznamInstall" = Seznam Software

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4.10.2015 9:12:48 | Computer Name = JJ-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Neplatné údaje. .

Error - 18.10.2015 3:35:12 | Computer Name = JJ-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Neplatné údaje. .

Error - 21.10.2015 9:35:04 | Computer Name = JJ-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Neplatné údaje. .

Error - 22.10.2015 11:27:57 | Computer Name = JJ-PC | Source = VSS | ID = 8194
Description =

Error - 22.10.2015 11:32:27 | Computer Name = JJ-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Neplatné údaje. .

Error - 22.10.2015 11:33:06 | Computer Name = JJ-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Neplatné údaje. .

Error - 22.10.2015 11:34:00 | Computer Name = JJ-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Neplatné údaje. .

Error - 22.10.2015 12:30:40 | Computer Name = JJ-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Šifrování selhala při volání OnIdentity() v objektu System
Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall
Driver. System Error: Systém nemůže nalézt uvedený soubor. .

Error - 22.10.2015 14:36:39 | Computer Name = JJ-PC | Source = EventSystem | ID = 4621
Description =

Error - 23.10.2015 11:07:20 | Computer Name = JJ-PC | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 3.8.2015 16:11:45 | Computer Name = JJ-PC | Source = MCUpdate | ID = 0
Description = 22:11:42 - Chyba při připojování k Internetu 22:11:42 - Nelze kontaktovat
server..

Error - 3.8.2015 17:11:55 | Computer Name = JJ-PC | Source = MCUpdate | ID = 0
Description = 23:11:55 - Chyba při připojování k Internetu 23:11:55 - Nelze kontaktovat
server..

Error - 3.8.2015 17:12:03 | Computer Name = JJ-PC | Source = MCUpdate | ID = 0
Description = 23:12:00 - Chyba při připojování k Internetu 23:12:00 - Nelze kontaktovat
server..

Error - 5.8.2015 14:08:57 | Computer Name = JJ-PC | Source = MCUpdate | ID = 0
Description = 20:08:57 - Chyba při připojování k Internetu 20:08:57 - Nelze kontaktovat
server..

Error - 5.8.2015 14:09:30 | Computer Name = JJ-PC | Source = MCUpdate | ID = 0
Description = 20:09:24 - Chyba při připojování k Internetu 20:09:24 - Nelze kontaktovat
server..

Error - 12.9.2015 14:40:51 | Computer Name = JJ-PC | Source = MCUpdate | ID = 0
Description = 20:40:51 - Chyba při připojování k Internetu 20:40:51 - Nelze kontaktovat
server..

Error - 13.9.2015 8:14:17 | Computer Name = JJ-PC | Source = MCUpdate | ID = 0
Description = 14:14:16 - Chyba při připojování k Internetu 14:14:16 - Nelze kontaktovat
server..

Error - 13.9.2015 9:14:30 | Computer Name = JJ-PC | Source = MCUpdate | ID = 0
Description = 15:14:30 - Chyba při připojování k Internetu 15:14:30 - Nelze kontaktovat
server..

Error - 13.9.2015 10:14:41 | Computer Name = JJ-PC | Source = MCUpdate | ID = 0
Description = 16:14:40 - Chyba při připojování k Internetu 16:14:40 - Nelze kontaktovat
server..

Error - 18.9.2015 14:05:51 | Computer Name = JJ-PC | Source = MCUpdate | ID = 0
Description = 20:05:50 - Chyba při připojování k Internetu 20:05:50 - Nelze kontaktovat
server..

[ System Events ]
Error - 23.10.2015 4:34:22 | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7000
Description = Služba Freemake Improver neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 23.10.2015 5:19:31 | Computer Name = JJ-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (10:57:01, ?23.?10.?2015) bylo neočekávané.

Error - 23.10.2015 5:20:43 | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Freemake Improver bylo dosaženo časového
limitu (30000 ms).

Error - 23.10.2015 5:20:43 | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7000
Description = Služba Freemake Improver neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 23.10.2015 8:04:55 | Computer Name = JJ-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 23.10.2015 10:55:48 | Computer Name = JJ-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (16:54:38, ?23.?10.?2015) bylo neočekávané.

Error - 23.10.2015 10:57:01 | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Freemake Improver bylo dosaženo časového
limitu (30000 ms).

Error - 23.10.2015 10:57:01 | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7000
Description = Služba Freemake Improver neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 24.10.2015 7:07:51 | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Freemake Improver bylo dosaženo časového
limitu (30000 ms).

Error - 24.10.2015 7:07:51 | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7000
Description = Služba Freemake Improver neuspěla při spuštění v důsledku následující
chyby: %%1053


< End of report >

[Rudy]

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:

:OTL
PRC - [2015.10.12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015.10.12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
SRV - [2015.10.12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015.10.12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 1D723AF87D}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2475029
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 1D723AF87D}
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>)
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 1D723AF87D}
FF - HKLM\Software\MozillaPlugins\@ei.BringMeSports_1c.com/Plugin: C:\Program Files\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll File not found
O2 - BHO: (no name) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - No CLSID value found.
O2 - BHO: (no name) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - No CLSID value found.
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (no name) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - No CLSID value found.
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O33 - MountPoints2\{12ddad7d-0331-11e3-a92a-001d723af87d}\Shell - "" = AutoRun
O33 - MountPoints2\{12ddad7d-0331-11e3-a92a-001d723af87d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3a116008-1a3a-11e3-8dfd-001d723af87d}\Shell - "" = AutoRun
O33 - MountPoints2\{3a116008-1a3a-11e3-8dfd-001d723af87d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8d28ca8c-14b8-11e3-945b-001d723af87d}\Shell - "" = AutoRun
O33 - MountPoints2\{8d28ca8c-14b8-11e3-945b-001d723af87d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ba4c2141-20eb-11e3-9c61-001d723af87d}\Shell - "" = AutoRun
O33 - MountPoints2\{ba4c2141-20eb-11e3-9c61-001d723af87d}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{f1936d08-197b-11e3-ba67-001d723af87d}\Shell - "" = AutoRun
O33 - MountPoints2\{f1936d08-197b-11e3-ba67-001d723af87d}\Shell\AutoRun\command - "" = G:\AutoRun.exe


:files
C:\Program Files\Skype\Toolbars
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[tuvok07]

All processes killed
========== OTL ==========
Process SkypeC2CAutoUpdateSvc.exe killed successfully!
Process SkypeC2CPNRSvc.exe killed successfully!
Service c2cautoupdatesvc stopped successfully!
Service c2cautoupdatesvc deleted successfully!
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe moved successfully.
Service c2cpnrsvc stopped successfully!
Service c2cpnrsvc deleted successfully!
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-3399994394-1416129147-3336574051-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3399994394-1416129147-3336574051-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{539F76FD-084E-4858-86D5-62F02F54AE86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}\ deleted successfully.
C:\Program Files\Minibar\Froggy.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3399994394-1416129147-3336574051-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
Registry value HKEY_USERS\S-1-5-21-3399994394-1416129147-3336574051-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\ not found.
HKEY_USERS\S-1-5-21-3399994394-1416129147-3336574051-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3399994394-1416129147-3336574051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3399994394-1416129147-3336574051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.BringMeSports_1c.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3399994394-1416129147-3336574051-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3399994394-1416129147-3336574051-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_USERS\S-1-5-21-3399994394-1416129147-3336574051-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
File C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eset.com\help\ deleted successfully.
File C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skypec2c\ deleted successfully.
File C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12ddad7d-0331-11e3-a92a-001d723af87d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12ddad7d-0331-11e3-a92a-001d723af87d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12ddad7d-0331-11e3-a92a-001d723af87d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12ddad7d-0331-11e3-a92a-001d723af87d}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a116008-1a3a-11e3-8dfd-001d723af87d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a116008-1a3a-11e3-8dfd-001d723af87d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a116008-1a3a-11e3-8dfd-001d723af87d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a116008-1a3a-11e3-8dfd-001d723af87d}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d28ca8c-14b8-11e3-945b-001d723af87d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d28ca8c-14b8-11e3-945b-001d723af87d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d28ca8c-14b8-11e3-945b-001d723af87d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d28ca8c-14b8-11e3-945b-001d723af87d}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba4c2141-20eb-11e3-9c61-001d723af87d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba4c2141-20eb-11e3-9c61-001d723af87d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba4c2141-20eb-11e3-9c61-001d723af87d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba4c2141-20eb-11e3-9c61-001d723af87d}\ not found.
File G:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1936d08-197b-11e3-ba67-001d723af87d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1936d08-197b-11e3-ba67-001d723af87d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1936d08-197b-11e3-ba67-001d723af87d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1936d08-197b-11e3-ba67-001d723af87d}\ not found.
File G:\AutoRun.exe not found.
========== FILES ==========
C:\Program Files\Skype\Toolbars\PNRSvc folder moved successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\Skype\Toolbars\FirefoxAddOn folder moved successfully.
C:\Program Files\Skype\Toolbars\AutoUpdate folder moved successfully.
C:\Program Files\Skype\Toolbars folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JJ
->Temp folder emptied: 78243034 bytes
->Temporary Internet Files folder emptied: 5068474 bytes
->FireFox cache emptied: 277120459 bytes
->Flash cache emptied: 2389 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 153728803 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 37797132 bytes

Total Files Cleaned = 526,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: JJ
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10242015_193527

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

A to je pro dnes vše pokračovat budu zítra, jdu si pochutnat na vínečku To by se blbě řešilo

[Rudy]

Smazáno. Nastala nějaká změna?

[tuvok07]

Já si v podstatě žádných zátuhů nevšiml. PC je pomalé, na C: zhruba 4.5 GB místa. Může to být místem na disku a to si musí pořešit známý, otázka je zda to půjde - je to malý disk a víme dobře jak se umí Windows nafouknout. Navíc teploty při zátěži vyskakují až na 90 stupňů a disk má i v klidu 50....

[Rudy]

Je dost pravděpodobné, že to způsobuje málo volného místa na disku. Je třeba přesunout některá užinatelova data na jiné úložiště, nebo odinstalovat nepoužívané aplikace a příp. ještě defragmentovat disk.

[tuvok07]

Jasan, řeknu mu to. Sám mu do toho hrabat nebudu nebo pak něco nenajde
Hlásí to vypnuté aktualizace a i obnova systému je neaktivní (asi snaha o úsporu místa) Na viry je čisto ne?