Pomalý start PC, nemůžu se přihlásit na účet

Zpráva

PontifexFairy · #1 Příspěvek od **PontifexFairy** » 21 říj 2012 08:50

Zde je RSIT log, PC mám spuštěný v Nouzovém režimu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by ondra at 2012-10-21 09:46:49
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 110 GB (46%) free of 238 GB
Total RAM: 2942 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:46:51, on 21.10.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19328)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Users\ondra\Desktop\RSIT.exe
C:\Program Files\trend micro\ondra.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [FF96BAD902DAA18FBB2D8EF2D5C8F6F963F188D1._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
O4 - Startup: Google Chrome.lnk = C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Sizer.lnk = C:\Program Files\Sizer\sizer.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: FreshDownload - {2D499980-93D5-49A4-957E-50FA98BF195F} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3394DC2F-8E5C-4D99-93C4-CFA7A8FDB9D8}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{3394DC2F-8E5C-4D99-93C4-CFA7A8FDB9D8}: NameServer = 213.46.172.36,213.46.172.37
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cerberus FTP Server - Cerberus, LLC - C:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe

--
End of file - 8490 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1098977879-2126329400-2746128921-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1098977879-2126329400-2746128921-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{2D24E97D-488D-4BA7-AD78-2107C29D2F75}.job
C:\Windows\tasks\User_Feed_Synchronization-{CC25112D-6897-4EAE-96EA-0E49382D2AFF}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\cun05hn2.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.youtube.com/|https://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, wrc@avast.com:6.0.1203, pagehacker-nico@nc:1.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm LTD Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027]
"Description"=RealMedia Plugin
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040]
"Description"=6.0.12.1040
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
quickstores@quickstores.de
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
fcmdSrchpiano.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\cun05hn2.default\extensions\
DeviceDetection@logitech.com
jid1-b0kjLv16eZMFBw@jetpack(46)
maps@ovi.com
piclens@cooliris.com
{20a82645-c095-46ed-80e3-08825760534b}
{40a1f5d7-afc2-498f-b264-02668d616ff6}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-10 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-10 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"snp325"=C:\Windows\vsnp325.exe [2006-10-10 827392]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2012-09-06 15668432]
""= []
"Advanced SystemCare 5"=C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [2012-05-28 288128]
"RestoreDesktop"=C:\Program Files\Restore Desktop\RestoreDesktop.exe [2003-03-11 45056]
"FF96BAD902DAA18FBB2D8EF2D5C8F6F963F188D1._service_run"=C:\Program Files\Google\Chrome\Application\chrome.exe [2012-10-10 1239064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
C:\Windows\vsnp325.exe [2006-10-10 827392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Sizer.lnk - C:\Program Files\Sizer\sizer.exe

C:\Users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"msacm.lhacm"=lhacm.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.mjpg"=bdmjpeg.dll
"vidc.mpeg"=bdmpegv.dll
"msacm.bdmpeg"=bdmpega.acm
"wave1"=wdmaud.drv
"midi"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"vidc.tsc2"=C:\Windows\system32\tsc2_codec32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-10-21 09:44:52 ----D---- C:\rsit
2012-10-20 17:12:16 ----A---- C:\Windows\ntbtlog.txt
2012-10-13 16:46:42 ----A---- C:\Windows\system32\drivers\PnkBstrK.sys
2012-10-13 16:46:42 ----A---- C:\Users\ondra\AppData\Roaming\PnkBstrK.sys
2012-10-13 16:46:27 ----A---- C:\Windows\system32\PnkBstrB.exe
2012-10-13 16:46:24 ----A---- C:\Windows\system32\PnkBstrA.exe
2012-10-12 17:38:43 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2012-10-12 17:38:33 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2012-10-10 16:19:06 ----D---- C:\Users\ondra\AppData\Roaming\TechSmith
2012-10-10 16:16:39 ----D---- C:\Program Files\Common Files\TechSmith Shared
2012-10-10 16:16:04 ----D---- C:\ProgramData\TechSmith
2012-10-10 16:16:04 ----D---- C:\Program Files\TechSmith
2012-10-10 14:24:01 ----D---- C:\ProgramData\explauncher
2012-10-10 14:24:00 ----D---- C:\ProgramData\launcher
2012-10-10 14:21:02 ----D---- C:\Program Files\Paragon Software
2012-10-10 13:26:46 ----D---- C:\Program Files\Common Files\Java
2012-10-10 13:26:11 ----A---- C:\Windows\system32\javaws.exe
2012-10-10 13:25:58 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2012-10-10 13:25:58 ----A---- C:\Windows\system32\javaw.exe
2012-10-10 13:25:58 ----A---- C:\Windows\system32\java.exe
2012-10-10 13:25:30 ----D---- C:\Program Files\Java
2012-10-10 13:12:13 ----D---- C:\Program Files\EASEUS
2012-10-10 12:19:14 ----A---- C:\Windows\system32\crypt32.dll
2012-10-10 12:19:13 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-10 12:19:13 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-10 12:19:08 ----A---- C:\Windows\system32\wintrust.dll
2012-10-10 12:19:01 ----A---- C:\Windows\system32\tzres.dll
2012-10-10 12:18:50 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-10-10 12:18:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-09 18:20:37 ----D---- C:\Program Files\Minecraft Note Block Studio
2012-10-08 15:00:55 ----D---- C:\Users\ondra\AppData\Roaming\QuickScan
2012-10-08 14:14:23 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-10-08 14:14:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-10-07 16:44:23 ----D---- C:\Users\ondra\AppData\Roaming\.technicraft
2012-10-02 18:25:03 ----D---- C:\ProgramData\Canneverbe Limited
2012-10-01 18:02:06 ----D---- C:\Program Files\FLVToMP3Converter
2012-09-30 19:41:30 ----D---- C:\Users\ondra\AppData\Roaming\VitySoft
2012-09-30 19:11:56 ----D---- C:\Program Files\Mozilla Firefox
2012-09-26 16:25:10 ----D---- C:\Program Files\VirusTotalUploader2
2012-09-23 12:18:56 ----D---- C:\Users\ondra\AppData\Roaming\.nargbox
2012-09-22 11:26:27 ----A---- C:\Windows\system32\urlmon.dll
2012-09-22 11:26:26 ----A---- C:\Windows\system32\wininet.dll
2012-09-22 11:26:26 ----A---- C:\Windows\system32\iertutil.dll
2012-09-22 11:26:24 ----A---- C:\Windows\system32\jsproxy.dll
2012-09-22 11:26:23 ----A---- C:\Windows\system32\url.dll
2012-09-22 11:26:22 ----A---- C:\Windows\system32\mshtml.dll
2012-09-22 11:26:21 ----A---- C:\Windows\system32\ieframe.dll
2012-09-22 11:26:20 ----A---- C:\Windows\system32\msfeeds.dll
2012-09-22 11:26:19 ----A---- C:\Windows\system32\occache.dll
2012-09-22 11:26:19 ----A---- C:\Windows\system32\mstime.dll
2012-09-22 11:26:19 ----A---- C:\Windows\system32\ieUnatt.exe
2012-09-22 11:26:19 ----A---- C:\Windows\system32\ieui.dll
2012-09-22 11:26:19 ----A---- C:\Windows\system32\iesysprep.dll
2012-09-22 11:26:19 ----A---- C:\Windows\system32\iedkcs32.dll
2012-09-22 11:26:18 ----A---- C:\Windows\system32\mshtmled.dll
2012-09-22 11:26:18 ----A---- C:\Windows\system32\msfeedssync.exe
2012-09-22 11:26:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2012-09-22 11:26:18 ----A---- C:\Windows\system32\licmgr10.dll
2012-09-22 11:26:18 ----A---- C:\Windows\system32\iesetup.dll
2012-09-22 11:26:18 ----A---- C:\Windows\system32\iernonce.dll
2012-09-22 11:26:18 ----A---- C:\Windows\system32\iepeers.dll
2012-09-22 11:26:18 ----A---- C:\Windows\system32\ie4uinit.exe

======List of files/folders modified in the last 1 month======

2012-10-21 09:46:50 ----D---- C:\Program Files\trend micro
2012-10-21 09:39:33 ----D---- C:\Windows\temp
2012-10-21 09:38:22 ----D---- C:\Windows\system32\catroot2
2012-10-20 20:00:02 ----D---- C:\Users\ondra\AppData\Roaming\.minecraft
2012-10-20 19:57:34 ----D---- C:\Users\ondra\AppData\Roaming\Skype
2012-10-20 17:12:16 ----D---- C:\Windows
2012-10-20 12:35:28 ----D---- C:\Windows\system32\drivers
2012-10-20 12:31:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-10-20 11:53:45 ----SHD---- C:\System Volume Information
2012-10-14 15:53:38 ----D---- C:\Program Files
2012-10-13 17:06:41 ----D---- C:\Windows\System32
2012-10-13 16:46:23 ----D---- C:\Windows\system32\LogFiles
2012-10-13 16:39:13 ----D---- C:\Program Files\EA GAMES
2012-10-12 19:27:46 ----D---- C:\Windows\system32\catroot
2012-10-12 17:39:14 ----SHD---- C:\Windows\Installer
2012-10-12 17:38:53 ----D---- C:\Windows\inf
2012-10-12 17:38:43 ----DC---- C:\Windows\system32\DRVSTORE
2012-10-12 17:38:27 ----D---- C:\Program Files\Oracle
2012-10-12 16:39:27 ----D---- C:\ProgramData\DAEMON Tools Lite
2012-10-12 16:36:40 ----D---- C:\Program Files\WinRAR
2012-10-11 18:59:31 ----D---- C:\Users\ondra\AppData\Roaming\uTorrent
2012-10-11 18:44:09 ----HD---- C:\Program Files\InstallShield Installation Information
2012-10-11 17:47:51 ----A---- C:\Windows\Sandboxie.ini
2012-10-11 16:35:46 ----D---- C:\Users\ondra\AppData\Roaming\Mozilla
2012-10-10 16:16:39 ----D---- C:\Program Files\Common Files
2012-10-10 16:16:04 ----D---- C:\ProgramData
2012-10-10 14:48:58 ----D---- C:\Program Files\Fraps
2012-10-10 14:47:07 ----D---- C:\Users\ondra\AppData\Roaming\vlc
2012-10-10 14:26:31 ----D---- C:\Windows\rescache
2012-10-10 14:24:07 ----D---- C:\Windows\Logs
2012-10-10 14:22:44 ----D---- C:\Windows\winsxs
2012-10-10 13:57:16 ----D---- C:\Windows\system32\cs-CZ
2012-10-10 13:53:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-10 13:50:39 ----D---- C:\Windows\Prefetch
2012-10-10 13:25:39 ----A---- C:\Windows\system32\npdeployJava1.dll
2012-10-10 13:25:39 ----A---- C:\Windows\system32\deployJava1.dll
2012-10-10 13:13:44 ----D---- C:\Windows\Debug
2012-10-10 13:13:40 ----A---- C:\Windows\system32\mrt.exe
2012-10-09 18:26:42 ----D---- C:\Program Files\QuickTime
2012-10-09 18:18:26 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-10-07 15:59:39 ----D---- C:\Users\ondra\AppData\Roaming\.techniclauncher
2012-10-07 13:04:25 ----D---- C:\Windows\system32\drivers\UMDF
2012-10-07 13:04:16 ----D---- C:\ProgramData\PC Suite
2012-10-03 16:40:16 ----D---- C:\Program Files\Google
2012-10-02 18:26:20 ----D---- C:\Users\ondra\AppData\Roaming\DAEMON Tools Lite
2012-10-01 20:04:29 ----D---- C:\Users\ondra\AppData\Roaming\dvdcss
2012-10-01 17:50:59 ----D---- C:\Program Files\ffdshow
2012-10-01 17:50:38 ----D---- C:\Program Files\AviSynth 2.5
2012-10-01 17:30:38 ----D---- C:\Program Files\Microsoft Silverlight
2012-10-01 17:30:37 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-09-27 17:20:10 ----D---- C:\Program Files\BrickForce
2012-09-27 17:19:49 ----D---- C:\Program Files\CCleaner
2012-09-27 16:20:17 ----RSD---- C:\Windows\Fonts
2012-09-26 14:59:59 ----D---- C:\ProgramData\Microsoft Help
2012-09-26 14:59:33 ----RSD---- C:\Windows\assembly
2012-09-26 14:59:25 ----D---- C:\Program Files\Microsoft Office
2012-09-26 14:59:25 ----D---- C:\Program Files\Common Files\microsoft shared
2012-09-23 16:37:49 ----D---- C:\Windows\system32\migration
2012-09-23 16:37:49 ----D---- C:\Program Files\Internet Explorer
2012-09-22 16:30:11 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2008-08-18 145952]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
R1 AswRdr;aswRdr; C:\Windows\system32\drivers\AswRdr.sys [2012-08-21 35928]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2010-08-12 292712]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-07 104792]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-07 116056]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-03-30 431672]
S1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-03-07 24408]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-08-21 729752]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-08-21 355632]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-08-21 54232]
S1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-09-07 158552]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-09-07 91992]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-08-21 58680]
S2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
S2 uxpatch;uxpatch; \??\C:\Windows\system32\drivers\uxpatch.sys [2009-07-13 25448]
S3 3xHybrid;SAA713x TV Card Service; C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-07-06 906368]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 CFcatchme;CFcatchme; \??\C:\Users\ondra\AppData\Local\Temp\CFcatchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
S3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-09-29 22856]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2010-08-12 292712]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2012-08-30 10790760]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-27 19072]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2011-01-12 125672]
S3 SNP325;USB PC Camera (SNPSTD325); C:\Windows\system32\DRIVERS\snp325.sys [2007-04-03 10251904]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2012-06-05 82776]
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S4 RsFx0105;RsFx0105 Driver; C:\Windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 1385896]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 Cerberus FTP Server;Cerberus FTP Server; C:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [2011-07-26 5381952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-06 116648]
S2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 99936]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2011-09-22 43028328]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-08-30 645992]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-10-13 75136]
S2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2011-01-12 69864]
S2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2011-09-22 97640]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 UnsignedThemes;Unsigned Themes; C:\Windows\UnsignedThemesSvc.exe [2009-07-13 21096]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-06 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-30 115168]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2011-05-22 4690480]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-08-01 724888]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2011-09-22 255336]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 21 říj 2012 09:36

Zdravím!
1. Nejprve zkuste obnovu systému k datu, kdy korektně fungoval.
2. Pokud to nepomůže, dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

PontifexFairy · #3 Příspěvek od **PontifexFairy** » 21 říj 2012 10:48

Obnova nepomohla, použil jsem Combofix. Po restartu PC jsem se přihlásil na svůj účet, takže to funguje. Ale Combofix mě nevyhodil žádný log. Vymazalo to něco ze složky system32 nebo co... Takže děkuji

#4 Příspěvek od **Rudy** » 21 říj 2012 10:53

Rád bych viděl log ze skenu CF.

PontifexFairy · #5 Příspěvek od **PontifexFairy** » 21 říj 2012 16:31

Ale Combofix mě nevyhodil žádný log. Vymazalo to něco ze složky system32 nebo co...

Psal jsem to

#6 Příspěvek od **Rudy** » 21 říj 2012 16:58

Koukněte, zda v PC nemáte soubor c:\combofix.txt. Pokud ano, zkopírujte sem obsah. To je log.

PontifexFairy · #7 Příspěvek od **PontifexFairy** » 22 říj 2012 12:51

Nebyl tam... Ale teď jsem zapnul PC, a vyskočí na mě ComboFix že dělá log

Tady je:
ComboFix 12-10-21.01 - ondra 21.10.2012 11:28:58.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2942.2361 [GMT 2:00]
Spuštěný z: c:\users\ondra\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\tcpip.copy
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-22 do 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-21 09:58 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39A201D5-B5A7-42E0-919C-8A3ED424E97F}\mpengine.dll
2012-10-21 09:39 . 2012-10-22 11:42 -------- d-----w- c:\users\ondra\AppData\Local\temp
2012-10-21 09:39 . 2012-10-21 09:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-21 09:39 . 2012-10-21 09:39 -------- d-----w- c:\users\Mamka\AppData\Local\temp
2012-10-21 09:39 . 2012-10-21 09:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-21 08:05 . 2012-10-21 08:09 -------- d-----r- c:\users\ondra\SkyDrive
2012-10-21 07:44 . 2012-10-21 07:45 -------- d-----w- C:\rsit
2012-10-20 15:05 . 2012-10-20 15:08 -------- d-----w- c:\users\Mamka\AppData\Local\Google
2012-10-13 14:53 . 2012-10-13 15:06 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-13 14:52 . 2012-10-13 14:52 -------- d-----w- c:\users\ondra\AppData\Local\PunkBuster
2012-10-13 14:46 . 2012-10-13 15:06 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-13 14:46 . 2012-10-13 14:46 138056 ----a-w- c:\users\ondra\AppData\Roaming\PnkBstrK.sys
2012-10-13 14:46 . 2012-10-13 15:06 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-13 14:46 . 2012-10-13 14:53 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-10-13 14:46 . 2012-10-13 14:46 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-10-12 15:38 . 2012-09-07 16:38 158552 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-10-12 15:38 . 2012-09-07 16:38 91992 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-10-11 16:42 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-10-11 16:42 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-10-11 16:42 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-10-11 16:42 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-10-11 16:42 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-10-11 16:42 . 2012-10-11 16:42 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-10-11 16:42 . 2012-10-11 16:42 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-10-10 14:19 . 2012-10-10 14:19 -------- d-----w- c:\users\ondra\AppData\Local\TechSmith
2012-10-10 14:19 . 2012-10-10 14:19 -------- d-----w- c:\users\ondra\AppData\Roaming\TechSmith
2012-10-10 14:16 . 2012-10-10 14:16 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2012-10-10 14:16 . 2012-10-10 14:16 -------- d-----w- c:\programdata\TechSmith
2012-10-10 14:16 . 2012-10-10 14:16 -------- d-----w- c:\program files\TechSmith
2012-10-10 12:24 . 2012-10-10 12:24 -------- d-----w- c:\programdata\explauncher
2012-10-10 12:24 . 2012-10-10 12:24 -------- d-----w- c:\programdata\launcher
2012-10-10 12:21 . 2012-10-10 12:21 -------- d-----w- c:\program files\Paragon Software
2012-10-10 11:26 . 2012-10-10 11:26 -------- d-----w- c:\program files\Common Files\Java
2012-10-10 11:25 . 2012-10-10 11:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-10 11:25 . 2012-10-10 11:25 -------- d-----w- c:\program files\Java
2012-10-10 11:12 . 2012-10-10 11:12 -------- d-----w- c:\program files\EASEUS
2012-10-10 10:19 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 10:19 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 10:19 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 10:19 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 10:19 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 10:18 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 10:18 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 16:20 . 2012-10-09 16:20 -------- d-----w- c:\program files\Minecraft Note Block Studio
2012-10-08 13:00 . 2012-10-08 13:00 -------- d-----w- c:\users\ondra\AppData\Roaming\QuickScan
2012-10-08 12:14 . 2012-10-08 14:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-08 12:14 . 2012-10-08 14:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-07 17:05 . 2012-10-07 17:05 -------- d-----w- c:\users\Mamka\AppData\Roaming\PC Suite
2012-10-07 14:44 . 2012-10-21 15:42 -------- d-----w- c:\users\ondra\AppData\Roaming\.technicraft
2012-10-02 16:25 . 2012-10-02 16:25 -------- d-----w- c:\programdata\Canneverbe Limited
2012-10-01 16:02 . 2012-10-01 16:02 -------- d-----w- c:\program files\FLVToMP3Converter
2012-10-01 15:50 . 2009-04-28 11:44 417792 ----a-w- c:\windows\system32\FLVSplitter.ax
2012-09-30 17:41 . 2012-09-30 17:41 -------- d-----w- c:\users\ondra\AppData\Roaming\VitySoft
2012-09-26 14:25 . 2012-09-26 14:25 -------- d-----w- c:\program files\VirusTotalUploader2
2012-09-26 12:33 . 2012-09-26 12:33 -------- d-----w- c:\users\ondra\AppData\Local\MicrosoftStore
2012-09-23 10:18 . 2012-09-23 10:20 -------- d-----w- c:\users\ondra\AppData\Roaming\.nargbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 11:25 . 2011-12-16 15:27 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-10 11:25 . 2010-12-15 18:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-09 16:18 . 2012-09-01 16:50 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 16:18 . 2011-05-16 11:45 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 16:38 . 2012-09-07 16:38 116056 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-09-07 16:38 . 2012-09-07 16:38 104792 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-09-07 16:38 . 2012-09-07 16:38 135512 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-09-07 15:04 . 2011-08-12 17:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 19:13 . 2012-09-14 13:52 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-30 19:13 . 2012-09-14 13:52 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-08-30 19:13 . 2012-09-14 13:52 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-08-30 19:13 . 2012-09-14 13:52 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-08-30 19:13 . 2012-09-14 13:51 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-30 19:13 . 2012-09-14 13:51 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-30 19:13 . 2012-09-14 13:51 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-30 19:13 . 2012-09-14 13:51 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-30 19:13 . 2012-03-31 09:35 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-08-30 19:13 . 2011-11-10 17:23 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2006-11-02 10:25 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-30 15:57 . 2012-03-31 09:38 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 15:57 . 2012-03-31 09:38 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 15:57 . 2012-03-31 09:38 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 15:57 . 2012-03-31 09:38 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 15:57 . 2012-03-31 09:38 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 15:57 . 2012-03-31 09:38 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-08-30 13:18 . 2012-08-30 13:18 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-25 11:50 . 2012-09-22 09:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-25 11:44 . 2012-09-22 09:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-25 11:44 . 2012-09-22 09:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-25 11:44 . 2012-09-22 09:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-25 11:44 . 2012-09-22 09:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-08-25 10:11 . 2012-09-22 09:26 385024 ----a-w- c:\windows\system32\html.iec
2012-08-25 08:31 . 2012-09-22 09:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-25 08:29 . 2012-09-22 09:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 09:13 . 2012-06-18 12:14 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-06-18 12:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-06-18 12:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-06-18 12:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-06-18 12:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-06-18 12:14 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-06-18 12:13 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-06-18 12:13 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-09 07:40 . 2012-08-09 07:40 65576 ----a-w- c:\windows\system32\bdmpega.acm
2012-08-09 07:40 . 2012-08-09 07:40 65576 ----a-w- c:\windows\system32\bdmpegv.dll
2012-08-09 07:40 . 2012-08-09 07:40 22560 ----a-w- c:\windows\system32\bdmjpeg.dll
2007-11-07 01:19 . 2011-08-17 16:41 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-07 01:19 . 2011-08-17 16:41 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
2012-09-30 17:12 . 2012-09-30 17:11 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"RestoreDesktop"="c:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"FF96BAD902DAA18FBB2D8EF2D5C8F6F963F188D1._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2012-10-10 1239064]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Google Chrome.lnk - c:\program files\Google\Chrome\Application\chrome.exe [2012-10-3 1239064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-12-24 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-12-24 805392]
Sizer.lnk - c:\program files\Sizer\sizer.exe [2011-1-22 23040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 16:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 13:50 20480 ----a-w- c:\windows\FixCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 10:03 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-07 15:04 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicManager]
2012-08-31 20:41 7321600 ----a-w- c:\users\ondra\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-01-12 14:35 405736 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
2006-10-10 13:11 827392 ----a-w- c:\windows\vsnp325.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
2006-10-10 14:49 270336 ----a-w- c:\windows\tsnp325.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-10-10 14:00 975248 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 16:18]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 13:11]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 13:11]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1098977879-2126329400-2746128921-1000Core.job
- c:\users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 16:39]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1098977879-2126329400-2746128921-1000UA.job
- c:\users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 16:39]
.
2012-10-21 c:\windows\Tasks\User_Feed_Synchronization-{2D24E97D-488D-4BA7-AD78-2107C29D2F75}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
2012-10-22 c:\windows\Tasks\User_Feed_Synchronization-{CC25112D-6897-4EAE-96EA-0E49382D2AFF}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{2D499980-93D5-49A4-957E-50FA98BF195F} - c:\program files\FreshDevices\FreshDownload\fd.exe
TCP: Interfaces\{3394DC2F-8E5C-4D99-93C4-CFA7A8FDB9D8}: NameServer = 213.46.172.36,213.46.172.37
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\cun05hn2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/|https://www.google.cz/
FF - ExtSQL: 2012-08-28 13:42; quickstores@quickstores.de; c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - ExtSQL: !HIDDEN! 2010-11-16 11:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1347277283
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1347277523
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1347277403
FF - user.js: app.update.lastUpdateTime.browser-cleanup-thumbnails - 1347283022
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313433922
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1310668808
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1347277163
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.download.lastDir - c:\\Users\\ondra\\Desktop
FF - user.js: browser.download.save_converter_index - 0
FF - user.js: browser.migration.version - 6
FF - user.js: browser.offline - false
FF - user.js: browser.pagethumbnails.storage_version - 2
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 4
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultenginename - Facemoods Search
FF - user.js: browser.search.defaultthis.engineName - free-downloads.net Customized Web Search
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.youtube.com/|https://www.google.cz/
FF - user.js: browser.startup.homepage_override.buildID - 20120904124322
FF - user.js: browser.startup.homepage_override.mstone - 16.0
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: devtools.inspector.sidebarOpen - true
FF - user.js: dom.ipc.plugins.enabled.npcoolirisplugin.dll - false
FF - user.js: extensions.DeviceDetection@logitech.com.install-event-fired - true
FF - user.js: extensions.adblockplus.currentVersion - 2.1.2
FF - user.js: extensions.adblockplus.showinstatusbar - true
FF - user.js: extensions.blocklist.pingCountTotal - 286
FF - user.js: extensions.blocklist.pingCountVersion - 9
FF - user.js: extensions.bootstrappedAddons - {\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\version\:\2.1.2\,\type\:\extension\,\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\},\firebug@software.joehewitt.com\:{\version\:\1.10.3\,\type\:\extension\,\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\firebug@software.joehewitt.com.xpi\}}
FF - user.js: extensions.databaseSchema - 13
FF - user.js: extensions.enabledAddons - DeviceDetection@logitech.com:1.24.0.9,maps@ovi.com:5.5.1.0,pagehacker-nico@nc:1.2,testpilot@labs.mozilla.com:1.2.1,{40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126,wrc@avast.com:7.0.1466,{972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0
FF - user.js: extensions.enabledItems - {20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3,wrc@avast.com:6.0.1203,pagehacker-nico@nc:1.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - user.js: extensions.facemoods.aflt - _#piano
FF - user.js: extensions.facemoods.firstRun - false
FF - user.js: extensions.facemoods.lastActv - 14
FF - user.js: extensions.firebug.addonBarOpened - true
FF - user.js: extensions.firebug.console.enableSites - true
FF - user.js: extensions.firebug.currentVersion - 1.10.3
FF - user.js: extensions.firebug.defaultPanelName - script
FF - user.js: extensions.firebug.previousPlacement - 1
FF - user.js: extensions.firebug.script.enableSites - true
FF - user.js: extensions.firebug.toolbarCustomizationDone - true
FF - user.js: extensions.firebug@software.joehewitt.com.install-event-fired - true
FF - user.js: extensions.firefox-hotfix@mozilla.org.install-event-fired - true
FF - user.js: extensions.hotfix.lastVersion - 20120430.01
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1289902606355},\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\DivXHTML5\,\mtime\:1312741835283},\wrc@avast.com\:{\descriptor\:\c:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\,\mtime\:1345994127774}}},{\name\:\app-global\,\addons\:{\quickstores@quickstores.de\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\quickstores@quickstores.de\,\mtime\:1347098584268},\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\,\mtime\:1347098584549},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1347098584580}}},{\name\:\app-profile\,\addons\:{\DeviceDetection@logitech.com\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\DeviceDetection@logitech.com\,\mtime\:1336580139058},\firebug@software.joehewitt.com\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\firebug@software.joehewitt.com.xpi\,\mtime\:1346516410985},\maps@ovi.com\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\maps@ovi.com\,\mtime\:1314811972697},\pagehacker-nico@nc\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\pagehacker-nico@nc.xpi\,\mtime\:1314445647309},\piclens@cooliris.com\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\piclens@cooliris.com\,\mtime\:1328794757215},\testpilot@labs.mozilla.com\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\testpilot@labs.mozilla.com.xpi\,\mtime\:1332612091543},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1295111401032},\{40a1f5d7-afc2-498f-b264-02668d616ff6}\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\{40a1f5d7-afc2-498f-b264-02668d616ff6}\,\mtime\:1298470097173},\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1343649578468}}}]
FF - user.js: extensions.installedDistroAddon.testpilot@labs.mozilla.com - true
FF - user.js: extensions.jid1-b0kjLv16eZMFBw@jetpack.install-event-fired - true
FF - user.js: extensions.lastAppVersion - 16.0
FF - user.js: extensions.lastPlatformVersion - 16.0
FF - user.js: extensions.maps@ovi.com.install-event-fired - true
FF - user.js: extensions.pagehacker-nico@nc.install-event-fired - true
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.piclens.InstanceId - iO2aH6DibESbesxj6VrfFg==
FF - user.js: extensions.piclens.Version - 1.12.3.58254
FF - user.js: extensions.piclens@cooliris.com.install-event-fired - true
FF - user.js: extensions.quickstores@quickstores.de.install-event-fired - true
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.testpilot.alreadyCustomizedToolbar - true
FF - user.js: extensions.testpilot.deploymentRandomizer.explore_satisfaction - 49
FF - user.js: extensions.testpilot.deploymentRandomizer.heatmap - 73
FF - user.js: extensions.testpilot.deploymentRandomizer.heatmap14 - 4
FF - user.js: extensions.testpilot.deploymentRandomizer.mobile_data_survey - 13
FF - user.js: extensions.testpilot.deploymentRandomizer.sample1 - 40
FF - user.js: extensions.testpilot.deploymentRandomizer.ur - 83
FF - user.js: extensions.testpilot.popup.showOnNewResults - true
FF - user.js: extensions.testpilot.surveyAnswers.basic_panel_survey_2 - {\answers\:[[\1\],[\0\],[],[\0\],[\0\],[\0\],[\3\],[\6\],[\0\],[\7\],[\3\,\4\,\5\],[\0\,\1\,\4\,\7\,\8\],[\1\],[\Very Advanced\]],\version_number\:4}
FF - user.js: extensions.testpilot.surveyAnswers.firebug_basic_survey - {\answers\:[[\4\],[\0\],[\4\],[\1\],[\0\],[\5\],[\0\],[\5\],[\0\],[\5\],[\0\],[],[\1\],[\3\],[\1\]],\version_number\:1}
FF - user.js: extensions.testpilot.taskstatus.1 - 9
FF - user.js: extensions.testpilot.taskstatus.100 - 9
FF - user.js: extensions.testpilot.taskstatus.101 - 9
FF - user.js: extensions.testpilot.taskstatus.1_results_lifespans - 8
FF - user.js: extensions.testpilot.taskstatus.1_results_min_max - 8
FF - user.js: extensions.testpilot.taskstatus.1_results_switch_on_close - 8
FF - user.js: extensions.testpilot.taskstatus.2_results_bookmark_folders - 8
FF - user.js: extensions.testpilot.taskstatus.2_results_folder_levels - 8
FF - user.js: extensions.testpilot.taskstatus.2_results_num_bookmarks - 8
FF - user.js: extensions.testpilot.taskstatus.3 - 9
FF - user.js: extensions.testpilot.taskstatus.3_results_computer_share - 8
FF - user.js: extensions.testpilot.taskstatus.3_results_num_passwords - 8
FF - user.js: extensions.testpilot.taskstatus.3_results_password_reuse - 8
FF - user.js: extensions.testpilot.taskstatus.3_results_satisfaction - 8
FF - user.js: extensions.testpilot.taskstatus.4 - 9
FF - user.js: extensions.testpilot.taskstatus.4_results_most_used_items - 8
FF - user.js: extensions.testpilot.taskstatus.4_results_most_used_keyboard - 8
FF - user.js: extensions.testpilot.taskstatus.4_results_most_used_mouse - 8
FF - user.js: extensions.testpilot.taskstatus.5 - 9
FF - user.js: extensions.testpilot.taskstatus.6 - 9
FF - user.js: extensions.testpilot.taskstatus.8 - 9
FF - user.js: extensions.testpilot.taskstatus.account_password_survey - 9
FF - user.js: extensions.testpilot.taskstatus.basic_panel_survey_2 - 6
FF - user.js: extensions.testpilot.taskstatus.beta_perception_survey_1 - 9
FF - user.js: extensions.testpilot.taskstatus.broken_extensions_survey - 3
FF - user.js: extensions.testpilot.taskstatus.exploring_satisfaction_with_firefox_v3 - 3
FF - user.js: extensions.testpilot.taskstatus.firebug_basic_survey - 6
FF - user.js: extensions.testpilot.taskstatus.firefox_apps_usage_survey - 3
FF - user.js: extensions.testpilot@labs.mozilla.com.install-event-fired - true
FF - user.js: extensions.ui.dictionary.hidden - true
FF - user.js: extensions.ui.lastCategory - addons://discover/
FF - user.js: extensions.ui.locale.hidden - true
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.wrc.RulesVersion -
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.style - some style
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.url - testik.bb
FF - user.js: extensions.wrc.SearchRules.ask.com.style - .WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.ask.com.url - ^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.atlas.cz.style - .WRCN {display:none} .result .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.cz.url - ^http\\:\\/\\/searchatlas\\.centrum\\.cz\\/.+
FF - user.js: extensions.wrc.SearchRules.atlas.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.sk.url - ^http\\:\\/\\/hladaj\\.atlas\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.baidu.com.style - .WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.baidu.com.url - ^http\\:\\/\\/www\\.baidu\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.bing.com.style - .WRCN {display:none} .sb_tlst .WRCN, .sp_pss .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.bing.com.url - ^http(s)?\\:\\/\\/www\\.bing\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.cz.style - .WRCN {display:none} .results-list h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.cz.url - ^http(s)?\\:\\/\\/search\\.centrum\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.sk.url - ^http\\:\\/\\/search\\.centrum\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.delicious.com.style - .WRCN {display:none} .taggedlink + .WRCN, .data .full-url .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.delicious.com.url - ^http\\:\\/\\/www\\.delicious\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.dmoz.org.style - .WRCN {display:none} ol.site li .WRCN{display:inline !important; background: url(\IMAGE\) right no-repeat} ol.site li .ref .WRCN {display:none!important}
FF - user.js: extensions.wrc.SearchRules.dmoz.org.url - ^http\\:\\/\\/www\\.dmoz\\.org\\/search(.)+
FF - user.js: extensions.wrc.SearchRules.excite.com.style - .WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.excite.com.url - ^http\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+
FF - user.js: extensions.wrc.SearchRules.facebook.com.style - .WRCN {display:none} .WRCN {display:none} .uiAttachmentTitle .WRCN, .uiStreamMessage .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.facebook.com.url - ^http\\:\\/\\/www\\.facebook\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.fastweb.it.style - .WRCN {display:none} .gs-title .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.fastweb.it.url - ^http\\:\\/\\/www\\.fastweb\\.it\\/portale\\/google\\/.+
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.style - .WRCN {display:none} .res_body .res_entry .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.url - ^http\\:\\/\\/szukaj\\.gazeta\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.google.com.style - .WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhsline ol .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.google.com.url - ^http(s)?\\:\\/\\/((.)+\\.)?google\\.(com|[a-z\\.]{2,})\\/(.)*
FF - user.js: extensions.wrc.SearchRules.interia.pl.style - .WRCN {display:none} .row .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.interia.pl.url - ^http\\:\\/\\/(www\\.)?google\\.interia\\.pl\\/szukaj\\/.+
FF - user.js: extensions.wrc.SearchRules.lycos.com.style - .WRCN {display:none} .results .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .results .sponsored .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.lycos.com.url - ^http\\:\\/\\/search\\.lycos\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.+
FF - user.js: extensions.wrc.SearchRules.onet.pl.style - .WRCN {display:none} #main .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.onet.pl.url - ^http\\:\\/\\/szukaj\\.onet\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.style - .WRCN {display:none} .lnkwww + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.url - ^http\\:\\/\\/www\\.paginegialle\\.it\\/pgol\\/.+
FF - user.js: extensions.wrc.SearchRules.public.avast.com.style - .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.public.avast.com.url - ^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.rambler.ru.style - .WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.rambler.ru.url - ^http\\:\\/\\/nova\\.rambler\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.scroogle.org.style - a + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.scroogle.org.url - ^http\\:\\/\\/www\\.scroogle\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.seznam.cz.style - .WRCN {display:none} #results .WRCN, .sklik-title > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.seznam.cz.url - ^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.sky.com.style - .WRCN {display:none} #results h3 .WRCN, #sponsored_top h3 .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.sky.com.url - ^http\\:\\/\\/search\\.sky\\.com/.+
FF - user.js: extensions.wrc.SearchRules.slashdot.org.style - .WRCN {display:none} .body i .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.slashdot.org.url - ^http\\:\\/\\/slashdot\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.terra.com.br.style - .WRCN {display:none} .col-left-full .list-results .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.terra.com.br.url - ^http\\:\\/\\/buscador\\.terra\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.tiscali.it.style - .WRCN {display:none} .item .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.tiscali.it.url - ^http\\:\\/\\/search\\.tiscali\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.twitter.com.style - .WRCN {display:none} .entry-content .web + .WRCN, .twtr-tweet-text .twtr-hyperlink + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.twitter.com.url - ^hxxp://twitter\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.uol.com.br.style - .WRCN {display:none} #results dt .WRCN, #results .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} #results .link .similar .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.uol.com.br.url - ^http\\:\\/\\/(.\\.)?busca\\.uol\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.virgilio.it.style - .WRCN {display:none} .risultati .record .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .risultati .record .sponsor + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.virgilio.it.url - ^http\\:\\/\\/ricerca\\.virgilio\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.style - .WRCN {display:none} .result-title .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.url - ^http\\:\\/\\/search\\.virginmedia\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.whereis.com.style - .WRCN {display:none} .priority_url .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.whereis.com.url - ^http\\:\\/\\/www\\.whereis\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.wp.pl.style - .WRCN {display:none} .rek big .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.wp.pl.url - ^http\\:\\/\\/szukaj\\.wp\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.yahoo.com.style - .WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yahoo.com.url - ^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.yandex.ru.style - .WRCN {display:none} .b-serp-item__title-link + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yandex.ru.url - ^http\\:\\/\\/yandex\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.yell.com.style - .WRCN {display:none} .advert-content .WRCN, .other-cta .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .advert-content .star + .WRCN, .advert-content .logoImg + .WRCN, .other-cta .shareLink + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.yell.com.url - ^http\\:\\/\\/www\\.yell\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.style - .WRCN {display:none} .box_content .link_right .link_title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.url - ^http\\:\\/\\/www\\.zoznam\\.sk\\/.+
FF - user.js: extensions.wrc@avast.com.install-event-fired - true
FF - user.js: extensions.{20a82645-c095-46ed-80e3-08825760534b}.install-event-fired - true
FF - user.js: extensions.{23fcfd51-4958-4f00-80a3-ae97e717ed8b}.install-event-fired - true
FF - user.js: extensions.{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}.install-event-fired - true
FF - user.js: extensions.{40a1f5d7-afc2-498f-b264-02668d616ff6}.install-event-fired - true
FF - user.js: extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.install-event-fired - true
FF - user.js: extensions.{BBDA0591-3099-440a-AA10-41764D9DB4DB}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.install-event-fired - true
FF - user.js: extensions.{FFB96CC1-7EB3-449D-B827-DB661701C6BB}.install-event-fired - true
FF - user.js: extensions.{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.install-event-fired - true
FF - user.js: general.useragent.extra.microsoftdotnet - ( )
FF - user.js: idle.lastDailyNotification - 1347205687
FF - user.js: intl.charsetmenu.browser.cache - UTF-8, ISO-8859-1, windows-1252, windows-1250, ISO-8859-2
FF - user.js: lightweightThemes.isThemeSelected - true
FF - user.js: lightweightThemes.persisted.footerURL - true
FF - user.js: lightweightThemes.persisted.headerURL - true
FF - user.js: lightweightThemes.usedThemes - [{\id\:\346288\,\name\:\harry potter hp7\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/8/346288/h_hp7.jpg?1292955229\,\footerURL\:\http://getpersonas-cdn.mozilla.net/stat ... on\:\harry potter and the deathly hallows 7. voldemort, hogwarts, dumbledore, dark lord.\,\updateURL\:\https://www.getpersonas.com/cs/update_c ... name\:\san fran\,\headerURL\:\http://getpersonas-cdn.mozilla.net/stat ... 1268489456\}]
FF - user.js: megaupload.megamanager.click - megamanager-monitor-app,megamanager-monitor-zip,megamanager-monitor-vid,megamanager-monitor-aud
FF - user.js: megaupload.megamanager.context -
FF - user.js: microsoft.CLR.auto_install - false
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: pdfjs.firstRun - false
FF - user.js: pdfjs.previousHandler.alwaysAskBeforeHandling - true
FF - user.js: pdfjs.previousHandler.preferredAction - 4
FF - user.js: places.database.lastMaintenance - 1347205687
FF - user.js: places.history.expiration.transient_current_max_pages - 77134
FF - user.js: places.history.expiration.transient_optimal_database_size - 123412970
FF - user.js: places.last_vacuum - 1295184263
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: pref.general.disable_button.default_browser - false
FF - user.js: print_printer - TiskĂˇrna
FF - user.js: printer_TiskĂˇrna.print_bgcolor - false
FF - user.js: printer_TiskĂˇrna.print_bgimages - false
FF - user.js: printer_TiskĂˇrna.print_colorspace -
FF - user.js: printer_TiskĂˇrna.print_command -
FF - user.js: printer_TiskĂˇrna.print_downloadfonts - false
FF - user.js: printer_TiskĂˇrna.print_edge_bottom - 0
FF - user.js: printer_TiskĂˇrna.print_edge_left - 0
FF - user.js: printer_TiskĂˇrna.print_edge_right - 0
FF - user.js: printer_TiskĂˇrna.print_edge_top - 0
FF - user.js: printer_TiskĂˇrna.print_evenpages - true
FF - user.js: printer_TiskĂˇrna.print_footercenter -
FF - user.js: printer_TiskĂˇrna.print_footerleft - &PT
FF - user.js: printer_TiskĂˇrna.print_footerright - &D
FF - user.js: printer_TiskĂˇrna.print_headercenter -
FF - user.js: printer_TiskĂˇrna.print_headerleft - &T
FF - user.js: printer_TiskĂˇrna.print_headerright - &U
FF - user.js: printer_TiskĂˇrna.print_in_color - true
FF - user.js: printer_TiskĂˇrna.print_margin_bottom - 0.5
FF - user.js: printer_TiskĂˇrna.print_margin_left - 0.5
FF - user.js: printer_TiskĂˇrna.print_margin_right - 0.5
FF - user.js: printer_TiskĂˇrna.print_margin_top - 0.5
FF - user.js: printer_TiskĂˇrna.print_oddpages - true
FF - user.js: printer_TiskĂˇrna.print_orientation - 0
FF - user.js: printer_TiskĂˇrna.print_page_delay - 50
FF - user.js: printer_TiskĂˇrna.print_paper_data - 9
FF - user.js: printer_TiskĂˇrna.print_paper_height - 11,00
FF - user.js: printer_TiskĂˇrna.print_paper_name -
FF - user.js: printer_TiskĂˇrna.print_paper_size_type - 0
FF - user.js: printer_TiskĂˇrna.print_paper_size_unit - 1
FF - user.js: printer_TiskĂˇrna.print_paper_width - 8,50
FF - user.js: printer_TiskĂˇrna.print_plex_name -
FF - user.js: printer_TiskĂˇrna.print_resolution_name -
FF - user.js: printer_TiskĂˇrna.print_reversed - false
FF - user.js: printer_TiskĂˇrna.print_scaling - 1,00
FF - user.js: printer_TiskĂˇrna.print_shrink_to_fit - true
FF - user.js: printer_TiskĂˇrna.print_to_file - false
FF - user.js: printer_TiskĂˇrna.print_to_filename -
FF - user.js: printer_TiskĂˇrna.print_unwriteable_margin_bottom - 0
FF - user.js: printer_TiskĂˇrna.print_unwriteable_margin_left - 0
FF - user.js: printer_TiskĂˇrna.print_unwriteable_margin_right - 0
FF - user.js: printer_TiskĂˇrna.print_unwriteable_margin_top - 0
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.globalScore - 0
FF - user.js: services.sync.lastversion - 1.8.0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.nextSync - 0
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1345567350
FF - user.js: toolkit.startup.last_success - 1347283139
FF - user.js: toolkit.telemetry.enabled - true
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1349868930
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Clownfish - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1732)
c:\program files\Sizer\sizer.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\UnsignedThemesSvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Celkový čas: 2012-10-22 13:47:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-22 11:47
.
Před spuštěním: Volných bajtů: 114 226 536 448
Po spuštění: Volných bajtů: 110 481 924 096
.
- - End Of File - - F91E93ED6E150E96E4C77FC8907456FB

#8 Příspěvek od **Rudy** » 22 říj 2012 17:01

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1098977879-2126329400-2746128921-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1098977879-2126329400-2746128921-1000UA.job

Firefox::
FF - ProfilePath - c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\cun05hn2.default\
FF - ExtSQL: 2012-08-28 13:42; quickstores@quickstores.de; c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - ExtSQL: !HIDDEN! 2010-11-16 11:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1347277283
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1347277523
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1347277403
FF - user.js: app.update.lastUpdateTime.browser-cleanup-thumbnails - 1347283022
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313433922
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1310668808
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1347277163
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.download.lastDir - c:\\Users\\ondra\\Desktop
FF - user.js: browser.download.save_converter_index - 0
FF - user.js: browser.migration.version - 6
FF - user.js: browser.offline - false
FF - user.js: browser.pagethumbnails.storage_version - 2
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 4
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultenginename - Facemoods Search
FF - user.js: browser.search.defaultthis.engineName - free-downloads.net Customized Web Search
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.youtube.com/|https://www.google.cz/
FF - user.js: browser.startup.homepage_override.buildID - 20120904124322
FF - user.js: browser.startup.homepage_override.mstone - 16.0
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: devtools.inspector.sidebarOpen - true
FF - user.js: dom.ipc.plugins.enabled.npcoolirisplugin.dll - false
FF - user.js: extensions.DeviceDetection@logitech.com.install-event-fired - true
FF - user.js: extensions.adblockplus.currentVersion - 2.1.2
FF - user.js: extensions.adblockplus.showinstatusbar - true
FF - user.js: extensions.blocklist.pingCountTotal - 286
FF - user.js: extensions.blocklist.pingCountVersion - 9
FF - user.js: extensions.bootstrappedAddons - {\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\version\:\2.1.2\,\type\:\extension\,\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\},\firebug@software.joehewitt.com\:{\version\:\1.10.3\,\type\:\extension\,\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\firebug@software.joehewitt.com.xpi\}}
FF - user.js: extensions.databaseSchema - 13
FF - user.js: extensions.enabledAddons - DeviceDetection@logitech.com:1.24.0.9,maps@ovi.com:5.5.1.0,pagehacker-nico@nc:1.2,testpilot@labs.mozilla.com:1.2.1,{40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126,wrc@avast.com:7.0.1466,{972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0
FF - user.js: extensions.enabledItems - {20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3,wrc@avast.com:6.0.1203,pagehacker-nico@nc:1.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - user.js: extensions.facemoods.aflt - _#piano
FF - user.js: extensions.facemoods.firstRun - false
FF - user.js: extensions.facemoods.lastActv - 14
FF - user.js: extensions.firebug.addonBarOpened - true
FF - user.js: extensions.firebug.console.enableSites - true
FF - user.js: extensions.firebug.currentVersion - 1.10.3
FF - user.js: extensions.firebug.defaultPanelName - script
FF - user.js: extensions.firebug.previousPlacement - 1
FF - user.js: extensions.firebug.script.enableSites - true
FF - user.js: extensions.firebug.toolbarCustomizationDone - true
FF - user.js: extensions.firebug@software.joehewitt.com.install-event-fired - true
FF - user.js: extensions.firefox-hotfix@mozilla.org.install-event-fired - true
FF - user.js: extensions.hotfix.lastVersion - 20120430.01
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1289902606355},\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\DivXHTML5\,\mtime\:1312741835283},\wrc@avast.com\:{\descriptor\:\c:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\,\mtime\:1345994127774}}},{\name\:\app-global\,\addons\:{\quickstores@quickstores.de\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\quickstores@quickstores.de\,\mtime\:1347098584268},\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\,\mtime\:1347098584549},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1347098584580}}},{\name\:\app-profile\,\addons\:{\DeviceDetection@logitech.com\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\DeviceDetection@logitech.com\,\mtime\:1336580139058},\firebug@software.joehewitt.com\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\firebug@software.joehewitt.com.xpi\,\mtime\:1346516410985},\maps@ovi.com\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\maps@ovi.com\,\mtime\:1314811972697},\pagehacker-nico@nc\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\pagehacker-nico@nc.xpi\,\mtime\:1314445647309},\piclens@cooliris.com\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\piclens@cooliris.com\,\mtime\:1328794757215},\testpilot@labs.mozilla.com\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\testpilot@labs.mozilla.com.xpi\,\mtime\:1332612091543},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1295111401032},\{40a1f5d7-afc2-498f-b264-02668d616ff6}\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\{40a1f5d7-afc2-498f-b264-02668d616ff6}\,\mtime\:1298470097173},\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\c:\\\\Users\\\\ondra\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cun05hn2.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1343649578468}}}]
FF - user.js: extensions.installedDistroAddon.testpil ... ozilla.com - true
FF - user.js: extensions.jid1-b0kjLv16eZMFBw@jetpack.install-event-fired - true
FF - user.js: extensions.lastAppVersion - 16.0
FF - user.js: extensions.lastPlatformVersion - 16.0
FF - user.js: extensions.maps@ovi.com.install-event-fired - true
FF - user.js: extensions.pagehacker-nico@nc.install-event-fired - true
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.piclens.InstanceId - iO2aH6DibESbesxj6VrfFg==
FF - user.js: extensions.piclens.Version - 1.12.3.58254
FF - user.js: extensions.piclens@cooliris.com.install-event-fired - true
FF - user.js: extensions.quickstores@quickstores.de.install-event-fired - true
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.testpilot.alreadyCustomizedToolbar - true
FF - user.js: extensions.testpilot.deploymentRandomizer.explore_satisfaction - 49
FF - user.js: extensions.testpilot.deploymentRandomizer.heatmap - 73
FF - user.js: extensions.testpilot.deploymentRandomizer.heatmap14 - 4
FF - user.js: extensions.testpilot.deploymentRandomizer.mobile_data_survey - 13
FF - user.js: extensions.testpilot.deploymentRandomizer.sample1 - 40
FF - user.js: extensions.testpilot.deploymentRandomizer.ur - 83
FF - user.js: extensions.testpilot.popup.showOnNewResults - true
FF - user.js: extensions.testpilot.surveyAnswers.basic_panel_survey_2 - {\answers\:[[\1\],[\0\],[],[\0\],[\0\],[\0\],[\3\],[\6\],[\0\],[\7\],[\3\,\4\,\5\],[\0\,\1\,\4\,\7\,\8\],[\1\],[\Very Advanced\]],\version_number\:4}
FF - user.js: extensions.testpilot.surveyAnswers.firebug_basic_survey - {\answers\:[[\4\],[\0\],[\4\],[\1\],[\0\],[\5\],[\0\],[\5\],[\0\],[\5\],[\0\],[],[\1\],[\3\],[\1\]],\version_number\:1}
FF - user.js: extensions.testpilot.taskstatus.1 - 9
FF - user.js: extensions.testpilot.taskstatus.100 - 9
FF - user.js: extensions.testpilot.taskstatus.101 - 9
FF - user.js: extensions.testpilot.taskstatus.1_results_lifespans - 8
FF - user.js: extensions.testpilot.taskstatus.1_results_min_max - 8
FF - user.js: extensions.testpilot.taskstatus.1_results_switch_on_close - 8
FF - user.js: extensions.testpilot.taskstatus.2_results_bookmark_folders - 8
FF - user.js: extensions.testpilot.taskstatus.2_results_folder_levels - 8
FF - user.js: extensions.testpilot.taskstatus.2_results_num_bookmarks - 8
FF - user.js: extensions.testpilot.taskstatus.3 - 9
FF - user.js: extensions.testpilot.taskstatus.3_results_computer_share - 8
FF - user.js: extensions.testpilot.taskstatus.3_results_num_passwords - 8
FF - user.js: extensions.testpilot.taskstatus.3_results_password_reuse - 8
FF - user.js: extensions.testpilot.taskstatus.3_results_satisfaction - 8
FF - user.js: extensions.testpilot.taskstatus.4 - 9
FF - user.js: extensions.testpilot.taskstatus.4_results_most_used_items - 8
FF - user.js: extensions.testpilot.taskstatus.4_results_most_used_keyboard - 8
FF - user.js: extensions.testpilot.taskstatus.4_results_most_used_mouse - 8
FF - user.js: extensions.testpilot.taskstatus.5 - 9
FF - user.js: extensions.testpilot.taskstatus.6 - 9
FF - user.js: extensions.testpilot.taskstatus.8 - 9
FF - user.js: extensions.testpilot.taskstatus.account_password_survey - 9
FF - user.js: extensions.testpilot.taskstatus.basic_panel_survey_2 - 6
FF - user.js: extensions.testpilot.taskstatus.beta_perception_survey_1 - 9
FF - user.js: extensions.testpilot.taskstatus.broken_extensions_survey - 3
FF - user.js: extensions.testpilot.taskstatus.exploring_satisfaction_with_firefox_v3 - 3
FF - user.js: extensions.testpilot.taskstatus.firebug_basic_survey - 6
FF - user.js: extensions.testpilot.taskstatus.firefox_apps_usage_survey - 3
FF - user.js: extensions.testpilot@labs.mozilla.com.install-event-fired - true
FF - user.js: extensions.ui.dictionary.hidden - true
FF - user.js: extensions.ui.lastCategory - addons://discover/
FF - user.js: extensions.ui.locale.hidden - true
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.wrc.RulesVersion -
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.style - some style
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.url - testik.bb
FF - user.js: extensions.wrc.SearchRules.ask.com.style - .WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.ask.com.url - ^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.atlas.cz.style - .WRCN {display:none} .result .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.cz.url - ^http\\:\\/\\/searchatlas\\.centrum\\.cz\\/.+
FF - user.js: extensions.wrc.SearchRules.atlas.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.sk.url - ^http\\:\\/\\/hladaj\\.atlas\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.baidu.com.style - .WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.baidu.com.url - ^http\\:\\/\\/www\\.baidu\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.bing.com.style - .WRCN {display:none} .sb_tlst .WRCN, .sp_pss .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.bing.com.url - ^http(s)?\\:\\/\\/www\\.bing\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.cz.style - .WRCN {display:none} .results-list h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.cz.url - ^http(s)?\\:\\/\\/search\\.centrum\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.sk.url - ^http\\:\\/\\/search\\.centrum\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.delicious.com.style - .WRCN {display:none} .taggedlink + .WRCN, .data .full-url .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.delicious.com.url - ^http\\:\\/\\/www\\.delicious\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.dmoz.org.style - .WRCN {display:none} ol.site li .WRCN{display:inline !important; background: url(\IMAGE\) right no-repeat} ol.site li .ref .WRCN {display:none!important}
FF - user.js: extensions.wrc.SearchRules.dmoz.org.url - ^http\\:\\/\\/www\\.dmoz\\.org\\/search(.)+
FF - user.js: extensions.wrc.SearchRules.excite.com.style - .WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.excite.com.url - ^http\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+
FF - user.js: extensions.wrc.SearchRules.facebook.com.style - .WRCN {display:none} .WRCN {display:none} .uiAttachmentTitle .WRCN, .uiStreamMessage .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.facebook.com.url - ^http\\:\\/\\/www\\.facebook\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.fastweb.it.style - .WRCN {display:none} .gs-title .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.fastweb.it.url - ^http\\:\\/\\/www\\.fastweb\\.it\\/portale\\/google\\/.+
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.style - .WRCN {display:none} .res_body .res_entry .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.url - ^http\\:\\/\\/szukaj\\.gazeta\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.google.com.style - .WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhsline ol .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.google.com.url - ^http(s)?\\:\\/\\/((.)+\\.)?google\\.(com|[a-z\\.]{2,})\\/(.)*
FF - user.js: extensions.wrc.SearchRules.interia.pl.style - .WRCN {display:none} .row .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.interia.pl.url - ^http\\:\\/\\/(www\\.)?google\\.interia\\.pl\\/szukaj\\/.+
FF - user.js: extensions.wrc.SearchRules.lycos.com.style - .WRCN {display:none} .results .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .results .sponsored .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.lycos.com.url - ^http\\:\\/\\/search\\.lycos\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.+
FF - user.js: extensions.wrc.SearchRules.onet.pl.style - .WRCN {display:none} #main .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.onet.pl.url - ^http\\:\\/\\/szukaj\\.onet\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.style - .WRCN {display:none} .lnkwww + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.url - ^http\\:\\/\\/www\\.paginegialle\\.it\\/pgol\\/.+
FF - user.js: extensions.wrc.SearchRules.public.avast.com.style - .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.public.avast.com.url - ^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.rambler.ru.style - .WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.rambler.ru.url - ^http\\:\\/\\/nova\\.rambler\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.scroogle.org.style - a + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.scroogle.org.url - ^http\\:\\/\\/www\\.scroogle\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.seznam.cz.style - .WRCN {display:none} #results .WRCN, .sklik-title > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.seznam.cz.url - ^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.sky.com.style - .WRCN {display:none} #results h3 .WRCN, #sponsored_top h3 .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.sky.com.url - ^http\\:\\/\\/search\\.sky\\.com/.+
FF - user.js: extensions.wrc.SearchRules.slashdot.org.style - .WRCN {display:none} .body i .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.slashdot.org.url - ^http\\:\\/\\/slashdot\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.terra.com.br.style - .WRCN {display:none} .col-left-full .list-results .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.terra.com.br.url - ^http\\:\\/\\/buscador\\.terra\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.tiscali.it.style - .WRCN {display:none} .item .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.tiscali.it.url - ^http\\:\\/\\/search\\.tiscali\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.twitter.com.style - .WRCN {display:none} .entry-content .web + .WRCN, .twtr-tweet-text .twtr-hyperlink + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.twitter.com.url - ^hxxp://twitter\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.uol.com.br.style - .WRCN {display:none} #results dt .WRCN, #results .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} #results .link .similar .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.uol.com.br.url - ^http\\:\\/\\/(.\\.)?busca\\.uol\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.virgilio.it.style - .WRCN {display:none} .risultati .record .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .risultati .record .sponsor + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.virgilio.it.url - ^http\\:\\/\\/ricerca\\.virgilio\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.style - .WRCN {display:none} .result-title .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.url - ^http\\:\\/\\/search\\.virginmedia\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.whereis.com.style - .WRCN {display:none} .priority_url .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.whereis.com.url - ^http\\:\\/\\/www\\.whereis\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.wp.pl.style - .WRCN {display:none} .rek big .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.wp.pl.url - ^http\\:\\/\\/szukaj\\.wp\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.yahoo.com.style - .WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yahoo.com.url - ^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.yandex.ru.style - .WRCN {display:none} .b-serp-item__title-link + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yandex.ru.url - ^http\\:\\/\\/yandex\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.yell.com.style - .WRCN {display:none} .advert-content .WRCN, .other-cta .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .advert-content .star + .WRCN, .advert-content .logoImg + .WRCN, .other-cta .shareLink + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.yell.com.url - ^http\\:\\/\\/www\\.yell\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.style - .WRCN {display:none} .box_content .link_right .link_title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.url - ^http\\:\\/\\/www\\.zoznam\\.sk\\/.+
FF - user.js: extensions.wrc@avast.com.install-event-fired - true
FF - user.js: extensions.{20a82645-c095-46ed-80e3-08825760534b}.install-event-fired - true
FF - user.js: extensions.{23fcfd51-4958-4f00-80a3-ae97e717ed8b}.install-event-fired - true
FF - user.js: extensions.{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}.install-event-fired - true
FF - user.js: extensions.{40a1f5d7-afc2-498f-b264-02668d616ff6}.install-event-fired - true
FF - user.js: extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.install-event-fired - true
FF - user.js: extensions.{BBDA0591-3099-440a-AA10-41764D9DB4DB}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.install-event-fired - true
FF - user.js: extensions.{FFB96CC1-7EB3-449D-B827-DB661701C6BB}.install-event-fired - true
FF - user.js: extensions.{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.install-event-fired - true
FF - user.js: general.useragent.extra.microsoftdotnet - ( )
FF - user.js: idle.lastDailyNotification - 1347205687
FF - user.js: intl.charsetmenu.browser.cache - UTF-8, ISO-8859-1, windows-1252, windows-1250, ISO-8859-2
FF - user.js: lightweightThemes.isThemeSelected - true
FF - user.js: lightweightThemes.persisted.footerURL - true
FF - user.js: lightweightThemes.persisted.headerURL - true
FF - user.js: lightweightThemes.usedThemes - [{\id\:\346288\,\name\:\harry potter hp7\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/8/346288/h_hp7.jpg?1292955229\,\footerURL\:\http://getpersonas-cdn.mozilla.net/stat ... on\:\harry potter and the deathly hallows 7. voldemort, hogwarts, dumbledore, dark lord.\,\updateURL\:\https://www.getpersonas.com/cs/update_c ... name\:\san fran\,\headerURL\:\http://getpersonas-cdn.mozilla.net/stat ... 1268489456\}]
FF - user.js: megaupload.megamanager.click - megamanager-monitor-app,megamanager-monitor-zip,megamanager-monitor-vid,megamanager-monitor-aud
FF - user.js: megaupload.megamanager.context -
FF - user.js: microsoft.CLR.auto_install - false
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: pdfjs.firstRun - false
FF - user.js: pdfjs.previousHandler.alwaysAskBeforeHandling - true
FF - user.js: pdfjs.previousHandler.preferredAction - 4
FF - user.js: places.database.lastMaintenance - 1347205687
FF - user.js: places.history.expiration.transient_current_max_pages - 77134
FF - user.js: places.history.expiration.transient_optimal_database_size - 123412970
FF - user.js: places.last_vacuum - 1295184263
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: pref.general.disable_button.default_browser - false
FF - user.js: print_printer - TiskĂˇrna
FF - user.js: printer_TiskĂˇrna.print_bgcolor - false
FF - user.js: printer_TiskĂˇrna.print_bgimages - false
FF - user.js: printer_TiskĂˇrna.print_colorspace -
FF - user.js: printer_TiskĂˇrna.print_command -
FF - user.js: printer_TiskĂˇrna.print_downloadfonts - false
FF - user.js: printer_TiskĂˇrna.print_edge_bottom - 0
FF - user.js: printer_TiskĂˇrna.print_edge_left - 0
FF - user.js: printer_TiskĂˇrna.print_edge_right - 0
FF - user.js: printer_TiskĂˇrna.print_edge_top - 0
FF - user.js: printer_TiskĂˇrna.print_evenpages - true
FF - user.js: printer_TiskĂˇrna.print_footercenter -
FF - user.js: printer_TiskĂˇrna.print_footerleft - &PT
FF - user.js: printer_TiskĂˇrna.print_footerright - &D
FF - user.js: printer_TiskĂˇrna.print_headercenter -
FF - user.js: printer_TiskĂˇrna.print_headerleft - &T
FF - user.js: printer_TiskĂˇrna.print_headerright - &U
FF - user.js: printer_TiskĂˇrna.print_in_color - true
FF - user.js: printer_TiskĂˇrna.print_margin_bottom - 0.5
FF - user.js: printer_TiskĂˇrna.print_margin_left - 0.5
FF - user.js: printer_TiskĂˇrna.print_margin_right - 0.5
FF - user.js: printer_TiskĂˇrna.print_margin_top - 0.5
FF - user.js: printer_TiskĂˇrna.print_oddpages - true
FF - user.js: printer_TiskĂˇrna.print_orientation - 0
FF - user.js: printer_TiskĂˇrna.print_page_delay - 50
FF - user.js: printer_TiskĂˇrna.print_paper_data - 9
FF - user.js: printer_TiskĂˇrna.print_paper_height - 11,00
FF - user.js: printer_TiskĂˇrna.print_paper_name -
FF - user.js: printer_TiskĂˇrna.print_paper_size_type - 0
FF - user.js: printer_TiskĂˇrna.print_paper_size_unit - 1
FF - user.js: printer_TiskĂˇrna.print_paper_width - 8,50
FF - user.js: printer_TiskĂˇrna.print_plex_name -
FF - user.js: printer_TiskĂˇrna.print_resolution_name -
FF - user.js: printer_TiskĂˇrna.print_reversed - false
FF - user.js: printer_TiskĂˇrna.print_scaling - 1,00
FF - user.js: printer_TiskĂˇrna.print_shrink_to_fit - true
FF - user.js: printer_TiskĂˇrna.print_to_file - false
FF - user.js: printer_TiskĂˇrna.print_to_filename -
FF - user.js: printer_TiskĂˇrna.print_unwriteable_margin_bottom - 0
FF - user.js: printer_TiskĂˇrna.print_unwriteable_margin_left - 0
FF - user.js: printer_TiskĂˇrna.print_unwriteable_margin_right - 0
FF - user.js: printer_TiskĂˇrna.print_unwriteable_margin_top - 0
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.globalScore - 0
FF - user.js: services.sync.lastversion - 1.8.0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.nextSync - 0
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1345567350
FF - user.js: toolkit.startup.last_success - 1347283139
FF - user.js: toolkit.telemetry.enabled - true
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1349868930
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -

RegLock:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

VIRY.CZ

Pomalý start PC, nemůžu se přihlásit na účet

Pomalý start PC, nemůžu se přihlásit na účet

Re: Pomalý start PC, nemůžu se přihlásit na účet

Re: Pomalý start PC, nemůžu se přihlásit na účet

Re: Pomalý start PC, nemůžu se přihlásit na účet

Re: Pomalý start PC, nemůžu se přihlásit na účet

Re: Pomalý start PC, nemůžu se přihlásit na účet

Re: Pomalý start PC, nemůžu se přihlásit na účet

Re: Pomalý start PC, nemůžu se přihlásit na účet