Policie ČR - váš počítač je zablokován

Zpráva

Douber · #1 Příspěvek od **Douber** » 22 dub 2013 14:56

Dobrý den
Dostal se mi do ruky notebook s tímhle výtvorem uvnitř. Naštěstí v nouzovém režimu se mi podařilo dostat log.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Megíska at 2013-04-22 15:55:16
WIN_VISTA Service Pack 2
System drive C: has 3 GB (4%) free of 71 GB
Total RAM: 3000 MB (84% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, smarterwiki@wikiatic.com:4.1.8, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97, ffxtlbr@Facemoods.com:1.2.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.9&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
fcmdSrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll [2010-10-26 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-02 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-24 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-02 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll [2010-10-26 217088]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-24 192144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino]
C:\Windows\Domino.exe [2006-06-27 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap]
C:\Windows\VMSnap23.exe [2006-09-19 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\PROGRA~2\rundll32.exe [2013-04-16 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-08-01 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2011-02-11 171032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2011-02-11 137752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-07-25 875016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
C:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 947152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2011-02-11 172568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-05-21 6144000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2013-01-07 446648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1037608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERHI~1.EXE [2008-06-11 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2008-02-12 723496]

C:\Users\Megíska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
msconfig.lnk - C:\Windows\System32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 228864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-04-22 15:54:40 ----A---- C:\Windows\system32\drivers\qiafiyke.sys
2013-04-22 15:52:28 ----A---- C:\Windows\ntbtlog.txt
2013-04-22 15:48:03 ----D---- C:\Windows\pss
2013-04-22 15:45:38 ----D---- C:\Program Files\trend micro
2013-04-22 15:45:37 ----D---- C:\rsit
2013-04-18 10:24:44 ----A---- C:\ProgramData\vq2mj.js
2013-04-18 10:24:43 ----A---- C:\ProgramData\jm2qv.dat
2013-04-16 14:35:18 ----A---- C:\ProgramData\inmjdz2.js
2013-04-16 14:35:18 ----A---- C:\ProgramData\as98213.txt
2013-04-16 13:33:00 ----A---- C:\ProgramData\rundll32.exe
2013-04-16 13:33:00 ----A---- C:\ProgramData\2zdjmni.dat
2013-04-11 20:07:20 ----A---- C:\Windows\system32\mshtmled.dll
2013-04-11 20:07:19 ----A---- C:\Windows\system32\vbscript.dll
2013-04-11 20:07:13 ----A---- C:\Windows\system32\jsproxy.dll
2013-04-11 20:07:13 ----A---- C:\Windows\system32\ieui.dll
2013-04-11 20:07:11 ----A---- C:\Windows\system32\msfeeds.dll
2013-04-11 20:07:11 ----A---- C:\Windows\system32\ieUnatt.exe
2013-04-11 20:07:09 ----A---- C:\Windows\system32\wininet.dll
2013-04-11 20:07:09 ----A---- C:\Windows\system32\jscript.dll
2013-04-11 20:07:06 ----A---- C:\Windows\system32\url.dll
2013-04-11 20:07:06 ----A---- C:\Windows\system32\jscript9.dll
2013-04-11 20:07:05 ----A---- C:\Windows\system32\iertutil.dll
2013-04-11 20:07:04 ----A---- C:\Windows\system32\urlmon.dll
2013-04-11 20:06:59 ----A---- C:\Windows\system32\mshtml.dll
2013-04-11 20:06:59 ----A---- C:\Windows\system32\ieframe.dll
2013-04-11 10:37:44 ----A---- C:\Windows\system32\win32k.sys
2013-04-11 10:37:40 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-04-11 10:37:39 ----A---- C:\Windows\system32\smss.exe
2013-04-11 10:37:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-04-11 10:37:39 ----A---- C:\Windows\system32\csrsrv.dll
2013-04-11 10:37:37 ----A---- C:\Windows\system32\mstscax.dll
2013-04-11 10:37:35 ----A---- C:\Windows\system32\winsrv.dll
2013-03-23 16:43:44 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2013-04-22 15:55:13 ----D---- C:\Windows\Temp
2013-04-22 15:54:40 ----D---- C:\Windows\system32\drivers
2013-04-22 15:52:28 ----D---- C:\Windows
2013-04-22 15:46:59 ----D---- C:\Windows\Prefetch
2013-04-22 15:45:38 ----RD---- C:\Program Files
2013-04-22 15:43:51 ----D---- C:\Windows\System32
2013-04-22 15:43:51 ----D---- C:\Windows\inf
2013-04-22 15:43:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-22 15:37:19 ----HD---- C:\ProgramData
2013-04-22 15:33:21 ----SHD---- C:\Windows\Installer
2013-04-22 15:33:20 ----D---- C:\ProgramData\Microsoft Help
2013-04-22 15:32:50 ----A---- C:\Windows\win.ini
2013-04-22 15:31:25 ----SHD---- C:\System Volume Information
2013-04-13 19:22:52 ----D---- C:\Windows\system32\migration
2013-04-13 19:22:51 ----D---- C:\Program Files\Internet Explorer
2013-04-11 20:10:06 ----D---- C:\Windows\winsxs
2013-04-11 20:08:28 ----D---- C:\Windows\system32\catroot2
2013-04-11 20:08:28 ----D---- C:\Windows\system32\catroot
2013-04-11 20:02:54 ----A---- C:\Windows\system32\mrt.exe
2013-04-02 12:33:22 ----N---- C:\Windows\system32\MpSigStub.exe
2013-03-27 20:20:52 ----D---- C:\Program Files\Google
2013-03-24 20:56:49 ----SD---- C:\Users\Megíska\AppData\Roaming\Microsoft
2013-03-24 20:41:35 ----D---- C:\Users\Megíska\AppData\Roaming\ICQ
2013-03-24 20:27:45 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-02-22 198064]
S0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 195296]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-15 691696]
S1 eumkzswr;eumkzswr; \??\C:\Windows\system32\drivers\eumkzswr.sys []
S1 qiafiyke;qiafiyke; \??\C:\Windows\system32\drivers\qiafiyke.sys [2013-04-22 43600]
S1 rcgtuysf;rcgtuysf; \??\C:\Windows\system32\drivers\rcgtuysf.sys []
S2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
S2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
S2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
S2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-30 1184768]
S3 AVerAF15;AVerMedia A815; C:\Windows\System32\Drivers\AVerAF15.sys [2008-10-24 280576]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-21 2143136]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 MHIKEY10;MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [2010-12-02 52096]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\Windows\system32\DRIVERS\splitcam.sys [2009-08-18 13824]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 vmfilter323;323 filter service, Normal; C:\Windows\system32\drivers\vmfilter323.sys [2006-08-08 476672]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323); C:\Windows\System32\Drivers\usbvm323.sys [2006-12-28 260096]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 20456]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S4 AfaService;Afa Card Reader Service; C:\Windows\system32\afasrv32.exe [2011-07-18 65536]
S4 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
S4 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S4 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S4 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 gupdate1c9d27e1cbdd930;Služba Google Update (gupdate1c9d27e1cbdd930); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-12 194032]
S4 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S4 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S4 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-23 115608]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S4 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
S4 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-05-14 360192]
S4 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-05-14 603904]
S4 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S4 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 22 dub 2013 15:05

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Douber · #3 Příspěvek od **Douber** » 22 dub 2013 15:22

Pořád jsem v nouzovém režimu v normálním ta havěť blokuje všechno. Nevadí že jsem RKill spustil v nouzovém režimu?
Mohu jít na Combofix?

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/22/2013 04:18:50 PM in x86 mode.
Windows Version: Windows Vista (TM) Home Basic Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Služba BFE (BFE) is not Running.
Startup Type set to: Disabled

* Klient DHCP (Dhcp) is not Running.
Startup Type set to: Disabled

* Klient DNS (Dnscache) is not Running.
Startup Type set to: Disabled

* Systém událostí COM+ (EventSystem) is not Running.
Startup Type set to: Disabled

* Brána firewall systému Windows (MpsSvc) is not Running.
Startup Type set to: Disabled

* Síťová připojení (Netman) is not Running.
Startup Type set to: Disabled

* Služba rozhraní síťového úložiště (nsi) is not Running.
Startup Type set to: Disabled

* Služba WMI (Winmgmt) is not Running.
Startup Type set to: Disabled

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Disabled

* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled

* Ancilliary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Ovladač ověření brány firewall systému Windows (mpsdrv) is not Running.
Startup Type set to: Manual

* NETBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service (nsiproxy) is not Running.
Startup Type set to: System

* Ovladač pro podporu zastaralého rozhraní TDI NetIO (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 04/22/2013 04:19:07 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)

#4 Příspěvek od **vyosek** » 22 dub 2013 15:55

Ano, CF i RKill je mozne aplikovat v nouzaku, takze tam pustte nyni CF

Douber · #5 Příspěvek od **Douber** » 22 dub 2013 16:04

Tak hotovo.
Notebook je stále v nouzovém režimu, můžu zkusit normální režim?

ComboFix 13-04-22.01 - Megíska 22.04.2013 16:51:16.1.1 - x86 MINIMAL
Spuštěný z: c:\users\MegÝska\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\uninstall.exe
c:\programdata\2zdjmni.dat
c:\programdata\6390641.pad
c:\programdata\inmjdz2.pad
c:\programdata\jm2qv.dat
c:\programdata\rundll32.exe
c:\programdata\vq2mj.pad
c:\users\Megíska\8833501.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\scvideo.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-22 do 2013-04-22 )))))))))))))))))))))))))))))))
.
.
2013-04-22 14:57 . 2013-04-22 14:58 -------- d-----w- c:\users\Megíska\AppData\Local\temp
2013-04-22 14:57 . 2013-04-22 14:57 -------- d-----w- c:\users\Thooms\AppData\Local\temp
2013-04-22 14:57 . 2013-04-22 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-22 13:54 . 2013-04-22 13:54 43600 ----a-w- c:\windows\system32\drivers\qiafiyke.sys
2013-04-22 13:53 . 2013-04-22 13:53 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEBCE377-A539-4A64-9B04-25E45C5226CE}\offreg.dll
2013-04-22 13:45 . 2013-04-22 13:45 -------- d-----w- c:\program files\trend micro
2013-04-22 13:45 . 2013-04-22 13:55 -------- d-----w- C:\rsit
2013-04-18 08:24 . 2013-04-18 08:24 2609 ----a-w- c:\programdata\vq2mj.js
2013-04-18 08:24 . 2013-04-18 08:24 99328 ----a-w- c:\users\Megíska\1077424.dll
2013-04-16 12:53 . 2013-03-15 07:21 7108640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEBCE377-A539-4A64-9B04-25E45C5226CE}\mpengine.dll
2013-04-16 12:35 . 2013-04-16 12:35 2659 ----a-w- c:\programdata\inmjdz2.js
2013-04-15 08:51 . 2013-03-15 07:21 7108640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-11 08:37 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 08:37 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-11 08:37 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 08:37 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 08:37 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-11 08:37 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-11 08:37 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-18 08:24 . 2013-04-18 08:24 99328 ----a-w- c:\users\Megíska\1077424.dll
2013-04-18 08:24 . 2013-04-18 08:24 99328 ----a-w- c:\users\Megíska\1077424.dll
2013-04-02 10:33 . 2009-10-03 11:00 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 16:31 . 2012-06-14 09:19 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:31 . 2011-07-17 15:08 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 01:57 . 2013-03-22 12:18 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-23 14:44 . 2013-03-23 14:43 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
c:\users\Megíska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
msconfig.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino]
2006-06-27 18:54 49152 ----a-w- c:\windows\Domino.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap]
2006-09-19 06:26 212992 ----a-w- c:\windows\VMSnap23.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-08-01 07:51 405504 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 18:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 18:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-25 03:48 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-01-27 10:11 947152 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 18:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-21 02:06 6144000 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-01-07 11:03 446648 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-23 10:30 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 19:50 1037608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4155293530-578101556-416198297-1003]
"EnableNotificationsRef"=dword:00000001
.
R4 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 08:04 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 16:31]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 21:18]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-03 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-ctfmon - c:\progra~2\rundll32.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.4\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-22 16:58
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1732)
c:\windows\system32\btncopy.dll
.
Celkový čas: 2013-04-22 17:01:00
ComboFix-quarantined-files.txt 2013-04-22 15:00
.
Před spuštěním: 3 544 621 056
Po spuštění: 4 291 125 248
.
- - End Of File - - F15E67012C04176E7C530130E9F6CFD4

#6 Příspěvek od **vyosek** » 22 dub 2013 16:20

Zatim stale pracujte v nouzovem rezimu

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Douber · #7 Příspěvek od **Douber** » 22 dub 2013 16:31

Bohužel nelze spustit. Asi mi nic jiného nezbude než restartovat.

#8 Příspěvek od **vyosek** » 22 dub 2013 16:54

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Douber · #9 Příspěvek od **Douber** » 22 dub 2013 17:09

Tak jsem v normálním režimu. Scan AdwCleanerem proběhl bez problémů a zatím nic od "Policie" nevyskočilo.
Jak ale vidím ty logy ten notebook je řádně zasviněný.

# AdwCleaner v2.201 - Log vytvooen 22/04/2013 v 18:03:41
# Aktualizováno 21/04/2013 Xplode
# Operaení systém : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Uživatel : Megíska - MEGÍSKA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Megíska\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

Nalezeno : ICQ Service

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files\Ask.com
Složka Nalezeno : C:\Program Files\BS_Player
Složka Nalezeno : C:\Program Files\Conduit
Složka Nalezeno : C:\Program Files\DAEMON Tools Toolbar
Složka Nalezeno : C:\Program Files\ICQ6Toolbar
Složka Nalezeno : C:\Program Files\SweetIM
Složka Nalezeno : C:\ProgramData\ICQ\ICQToolbar
Složka Nalezeno : C:\ProgramData\SweetIM
Složka Nalezeno : C:\Users\Megíska\AppData\Local\AskToolbar
Složka Nalezeno : C:\Users\Megíska\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Složka Nalezeno : C:\Users\Megíska\AppData\LocalLow\AskToolbar
Složka Nalezeno : C:\Users\Megíska\AppData\LocalLow\BS_Player
Složka Nalezeno : C:\Users\Megíska\AppData\LocalLow\Conduit
Složka Nalezeno : C:\Users\Megíska\AppData\LocalLow\facemoods.com
Složka Nalezeno : C:\Users\Megíska\AppData\LocalLow\SweetIM
Složka Nalezeno : C:\Users\Thooms\AppData\Local\AskToolbar
Složka Nalezeno : C:\Users\Thooms\AppData\LocalLow\AskToolbar
Složka Nalezeno : C:\Users\Thooms\AppData\LocalLow\BS_Player
Složka Nalezeno : C:\Users\Thooms\AppData\LocalLow\Conduit
Složka Nalezeno : C:\Users\Thooms\AppData\LocalLow\facemoods.com
Složka Nalezeno : C:\Users\Thooms\AppData\LocalLow\SweetIM
Složka Nalezeno : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Soubor Nalezeno : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Klíe Nalezeno : HKCU\Software\AppDataLow\AskToolbarInfo
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\AskToolbar
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\BS_Player
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Nalezeno : HKCU\Software\AppDataLow\Toolbar
Klíe Nalezeno : HKCU\Software\AskToolbar
Klíe Nalezeno : HKCU\Software\AVG Security Toolbar
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\facemoods.com
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Nalezeno : HKLM\Software\BS_Player
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{372AAA3D-40B3-4BA2-9BEE-680E59E9524E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\escort.escortIEPane
Klíe Nalezeno : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Klíe Nalezeno : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Klíe Nalezeno : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Klíe Nalezeno : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Klíe Nalezeno : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Klíe Nalezeno : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\Software\facemoods.com
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{372AAA3D-40B3-4BA2-9BEE-680E59E9524E}
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Klíe Nalezeno : HKU\S-1-5-21-4155293530-578101556-416198297-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Klíe Nalezeno : HKU\S-1-5-21-4155293530-578101556-416198297-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Klíe Nalezeno : HKU\S-1-5-21-4155293530-578101556-416198297-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com

-\\ Mozilla Firefox v19.0.2 (cs)

Soubor : C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\prefs.js

Nalezeno : user_pref("extensions.facemoods.aflt", "_#wbst");
Nalezeno : user_pref("extensions.facemoods.firstRun", false);
Nalezeno : user_pref("extensions.facemoods.lastActv", "22");
Nalezeno : user_pref("icqtoolbar.allowSendURL", false);
Nalezeno : user_pref("icqtoolbar.engineVerified", false);
Nalezeno : user_pref("icqtoolbar.geolastmodified", 1311086852);
Nalezeno : user_pref("icqtoolbar.hiddenElements", "itb_options");
Nalezeno : user_pref("icqtoolbar.icqgeo", 4201);
Nalezeno : user_pref("icqtoolbar.installTime", "1302720562");
Nalezeno : user_pref("icqtoolbar.installsource", "1");
Nalezeno : user_pref("icqtoolbar.newtab_state", "1");
Nalezeno : user_pref("icqtoolbar.numberOfSearches", 0);
Nalezeno : user_pref("icqtoolbar.previousFFVersion", "3.6.18");
Nalezeno : user_pref("icqtoolbar.skip_default_search", "no");
Nalezeno : user_pref("icqtoolbar.suggestions", false);
Nalezeno : user_pref("icqtoolbar.uniqueID", "130055880113005590901302720562953");
Nalezeno : user_pref("icqtoolbar.usageStatstTimestamp", 1311086854);
Nalezeno : user_pref("icqtoolbar.version", "1.1.9");
Nalezeno : user_pref("icqtoolbar.voucherHideClicks", 0);
Nalezeno : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Nalezeno : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Nalezeno : user_pref("icqtoolbar.voucherWasShown", 0);
Nalezeno : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Nalezeno : user_pref("icqtoolbar.xmlLanguage", "cs");
Nalezeno : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");

Soubor : C:\Users\Thooms\AppData\Roaming\Mozilla\Firefox\Profiles\n37luzs3.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v26.0.1410.64

Soubor : C:\Users\Megíska\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.1851] : homepage = "hxxp://start.facemoods.com/?a=wbst",
Nalezeno [l.2057] : urls_to_restore_on_startup = [ "hxxp://start.facemoods.com/?a=wbst" ]

Soubor : C:\Users\Thooms\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [21878 octets] - [22/04/2013 18:03:42]

########## EOF - C:\AdwCleaner[R1].txt - [21939 octets] ##########

#10 Příspěvek od **vyosek** » 22 dub 2013 17:14

Aaaano, je tam toho jeste spousty na cisteni

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Douber · #11 Příspěvek od **Douber** » 22 dub 2013 17:24

Tak tady to je.

# AdwCleaner v2.201 - Log vytvooen 22/04/2013 v 18:18:22
# Aktualizováno 21/04/2013 Xplode
# Operaení systém : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Uživatel : Megíska - MEGÍSKA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Megíska\Desktop\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

Zastaveno & vymazáno : ICQ Service

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files\Ask.com
Složka Vymazáno : C:\Program Files\BS_Player
Složka Vymazáno : C:\Program Files\Conduit
Složka Vymazáno : C:\Program Files\DAEMON Tools Toolbar
Složka Vymazáno : C:\Program Files\ICQ6Toolbar
Složka Vymazáno : C:\Program Files\SweetIM
Složka Vymazáno : C:\ProgramData\ICQ\ICQToolbar
Složka Vymazáno : C:\ProgramData\SweetIM
Složka Vymazáno : C:\Users\Megíska\AppData\Local\AskToolbar
Složka Vymazáno : C:\Users\Megíska\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Složka Vymazáno : C:\Users\Megíska\AppData\LocalLow\AskToolbar
Složka Vymazáno : C:\Users\Megíska\AppData\LocalLow\BS_Player
Složka Vymazáno : C:\Users\Megíska\AppData\LocalLow\Conduit
Složka Vymazáno : C:\Users\Megíska\AppData\LocalLow\facemoods.com
Složka Vymazáno : C:\Users\Megíska\AppData\LocalLow\SweetIM
Složka Vymazáno : C:\Users\Thooms\AppData\Local\AskToolbar
Složka Vymazáno : C:\Users\Thooms\AppData\LocalLow\AskToolbar
Složka Vymazáno : C:\Users\Thooms\AppData\LocalLow\BS_Player
Složka Vymazáno : C:\Users\Thooms\AppData\LocalLow\Conduit
Složka Vymazáno : C:\Users\Thooms\AppData\LocalLow\facemoods.com
Složka Vymazáno : C:\Users\Thooms\AppData\LocalLow\SweetIM
Složka Vymazáno : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Soubor Vymazáno : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Klíe Vymazáno : HKCU\Software\AppDataLow\AskToolbarInfo
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\AskToolbar
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\BS_Player
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Vymazáno : HKCU\Software\AppDataLow\Toolbar
Klíe Vymazáno : HKCU\Software\AskToolbar
Klíe Vymazáno : HKCU\Software\AVG Security Toolbar
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\facemoods.com
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Vymazáno : HKLM\Software\BS_Player
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{372AAA3D-40B3-4BA2-9BEE-680E59E9524E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\escort.escortIEPane
Klíe Vymazáno : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Klíe Vymazáno : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Klíe Vymazáno : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Klíe Vymazáno : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Klíe Vymazáno : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Klíe Vymazáno : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Klíe Vymazáno : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Klíe Vymazáno : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\Software\facemoods.com
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{372AAA3D-40B3-4BA2-9BEE-680E59E9524E}
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Zaminino : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (cs)

Soubor : C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\prefs.js

Vymazáno : user_pref("extensions.facemoods.aflt", "_#wbst");
Vymazáno : user_pref("extensions.facemoods.firstRun", false);
Vymazáno : user_pref("extensions.facemoods.lastActv", "22");
Vymazáno : user_pref("icqtoolbar.allowSendURL", false);
Vymazáno : user_pref("icqtoolbar.engineVerified", false);
Vymazáno : user_pref("icqtoolbar.geolastmodified", 1311086852);
Vymazáno : user_pref("icqtoolbar.hiddenElements", "itb_options");
Vymazáno : user_pref("icqtoolbar.icqgeo", 4201);
Vymazáno : user_pref("icqtoolbar.installTime", "1302720562");
Vymazáno : user_pref("icqtoolbar.installsource", "1");
Vymazáno : user_pref("icqtoolbar.newtab_state", "1");
Vymazáno : user_pref("icqtoolbar.numberOfSearches", 0);
Vymazáno : user_pref("icqtoolbar.previousFFVersion", "3.6.18");
Vymazáno : user_pref("icqtoolbar.skip_default_search", "no");
Vymazáno : user_pref("icqtoolbar.suggestions", false);
Vymazáno : user_pref("icqtoolbar.uniqueID", "130055880113005590901302720562953");
Vymazáno : user_pref("icqtoolbar.usageStatstTimestamp", 1311086854);
Vymazáno : user_pref("icqtoolbar.version", "1.1.9");
Vymazáno : user_pref("icqtoolbar.voucherHideClicks", 0);
Vymazáno : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Vymazáno : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Vymazáno : user_pref("icqtoolbar.voucherWasShown", 0);
Vymazáno : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Vymazáno : user_pref("icqtoolbar.xmlLanguage", "cs");
Vymazáno : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");

Soubor : C:\Users\Thooms\AppData\Roaming\Mozilla\Firefox\Profiles\n37luzs3.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v26.0.1410.64

Soubor : C:\Users\Megíska\AppData\Local\Google\Chrome\User Data\Default\Preferences

Vymazáno [l.1851] : homepage = "hxxp://start.facemoods.com/?a=wbst",
Vymazáno [l.2057] : urls_to_restore_on_startup = [ "hxxp://start.facemoods.com/?a=wbst" ]

Soubor : C:\Users\Thooms\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [22009 octets] - [22/04/2013 18:03:42]
AdwCleaner[R2].txt - [22070 octets] - [22/04/2013 18:13:34]
AdwCleaner[S1].txt - [21495 octets] - [22/04/2013 18:18:22]

########## EOF - C:\AdwCleaner[S1].txt - [21556 octets] ##########

#12 Příspěvek od **vyosek** » 22 dub 2013 17:51

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Douber · #13 Příspěvek od **Douber** » 22 dub 2013 18:46

Hotovo

OTL logfile created on: 22.4.2013 18:57:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Megíska\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,93 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 43,28% Memory free
6,10 Gb Paging File | 4,37 Gb Available in Paging File | 71,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 0,61 Gb Free Space | 0,88% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 9,82 Gb Free Space | 14,11% Space Free | Partition Type: NTFS
Drive G: | 3,59 Gb Total Space | 3,12 Gb Free Space | 86,85% Space Free | Partition Type: FAT32

Computer Name: MEGÍSKA-PC | User Name: Megíska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.04.22 18:52:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Megíska\Desktop\OTL.exe
PRC - [2013.04.22 18:37:45 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Megíska\AppData\Local\temp\RtkBtMnt.exe
PRC - [2013.03.23 16:44:28 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.03.18 17:47:58 | 000,448,736 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013.03.13 18:31:14 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe
PRC - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.07.18 18:20:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\afasrv32.exe
PRC - [2009.05.14 19:37:27 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008.12.09 20:01:50 | 000,405,504 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.07.25 05:48:10 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.06.11 12:34:02 | 000,159,744 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2008.05.21 04:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.02.12 13:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.09.19 08:26:10 | 000,212,992 | ---- | M] () -- C:\Windows\VMSnap23.exe
PRC - [2006.06.27 20:54:00 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\Domino.exe

========== Modules (No Company Name) ==========

MOD - [2013.03.23 16:44:01 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.02.22 09:24:00 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll
MOD - [2013.02.20 21:34:47 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013.01.24 21:34:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013.01.24 21:33:49 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.24 21:32:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.24 21:32:35 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.11.07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.04.30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2009.02.11 20:34:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2009.02.11 20:34:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009.02.11 20:34:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.09.03 16:28:24 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2008.06.11 12:34:02 | 000,159,744 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
MOD - [2008.02.12 13:12:50 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006.09.19 08:26:10 | 000,212,992 | ---- | M] () -- C:\Windows\VMSnap23.exe
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Services (SafeList) ==========

SRV - [2013.03.23 16:44:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.13 18:31:35 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Running] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.18 18:20:21 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Windows\System32\afasrv32.exe -- (AfaService)
SRV - [2009.05.14 19:37:27 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.05.14 19:37:18 | 000,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.12.11 13:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.12.09 20:01:50 | 000,405,504 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\rcgtuysf.sys -- (rcgtuysf)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\eumkzswr.sys -- (eumkzswr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MEGSKA~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (awp9r3m7)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.12.02 05:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010.05.15 09:15:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.09.30 07:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.08.18 21:54:11 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2008.10.24 04:23:58 | 000,280,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15)
DRV - [2008.06.30 15:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.03.21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.12.26 08:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.12.28 07:44:40 | 000,260,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2006.08.08 05:25:40 | 000,476,672 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2005.02.11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=i ... lz=1I7ACAW

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\URLSearchHook: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{2F219E4B-B275-474A-BC30-A7E44AFDF668}: "URL" = http://www.google.com/search?q={searchT ... AW_csCZ327
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{438533F0-727E-4081-B900-DB869597EACC}: "URL" = http://www.webhledani.cz/results.aspx?i ... earchTerms}
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{60FBABBC-DC99-4A38-ADEB-465E65F3B51B}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... earchTerms}
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=i ... AW_csCZ327
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.23 16:44:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.23 16:43:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.23 16:44:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.23 16:43:45 | 000,000,000 | ---D | M]

[2010.12.25 14:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megíska\AppData\Roaming\Mozilla\Extensions
[2013.03.29 00:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\extensions
[2011.03.16 19:11:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.03.29 00:02:13 | 000,361,682 | ---- | M] () (No name found) -- C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\extensions\smarterwiki@wikiatic.com.xpi
[2013.03.05 10:48:06 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.23 16:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\MEGĂSKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GOTY2D22.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2013.03.23 16:44:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.23 16:43:55 | 000,002,421 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2013.03.23 16:43:55 | 000,000,851 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2013.03.23 16:43:55 | 000,001,580 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2013.03.23 16:43:55 | 000,000,867 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2013.03.23 16:43:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2013.04.22 16:58:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BigDogPath323Domino] C:\Windows\Domino.exe (Vimicro)
O4 - HKLM..\Run: [BigDogPath323VMSnap] C:\Windows\VMSnap23.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4155293530-578101556-416198297-1003..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4155293530-578101556-416198297-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4155293530-578101556-416198297-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12CB3AC6-764C-4853-8772-F2783712E70B}: DhcpNameServer = 195.113.44.11 195.113.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{154AC19B-9FF5-487C-BE42-6F5A209D2C55}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Megíska\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Megíska\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.04.22 18:54:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Megíska\Desktop\OTL.exe
[2013.04.22 18:52:52 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013.04.22 17:01:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.22 17:01:02 | 000,000,000 | ---D | C] -- C:\Users\Megíska\AppData\Local\temp
[2013.04.22 17:00:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.22 16:47:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.22 16:47:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.22 16:47:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.22 16:47:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.22 16:47:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.22 16:21:21 | 005,058,971 | R--- | C] (Swearware) -- C:\Users\Megíska\Desktop\ComboFix.exe
[2013.04.22 16:18:33 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Megíska\Desktop\rkill.exe
[2013.04.22 15:48:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.04.22 15:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.04.22 15:45:37 | 000,000,000 | ---D | C] -- C:\rsit
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.04.22 19:00:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.04.22 19:00:05 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2013.04.22 18:56:01 | 000,610,968 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.04.22 18:56:01 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.22 18:56:01 | 000,119,536 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.04.22 18:56:01 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.22 18:52:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Megíska\Desktop\OTL.exe
[2013.04.22 18:43:52 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.04.22 18:37:14 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.22 18:34:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 18:34:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 18:34:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.04.22 18:34:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.22 18:34:02 | 3146,735,616 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.22 18:30:16 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.22 18:10:11 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.22 17:57:46 | 000,001,356 | ---- | M] () -- C:\Users\Megíska\AppData\Local\d3d9caps.dat
[2013.04.22 17:25:08 | 000,615,935 | ---- | M] () -- C:\Users\Megíska\Desktop\adwcleaner.exe
[2013.04.22 16:58:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.22 16:16:52 | 005,058,971 | R--- | M] (Swearware) -- C:\Users\Megíska\Desktop\ComboFix.exe
[2013.04.22 16:16:22 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Megíska\Desktop\rkill.exe
[2013.04.22 15:48:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.22 15:35:34 | 000,781,383 | ---- | M] () -- C:\Users\Megíska\Desktop\RSIT.exe
[2013.04.18 10:24:44 | 000,002,609 | ---- | M] () -- C:\ProgramData\vq2mj.js
[2013.04.18 10:24:43 | 000,099,328 | ---- | M] () -- C:\Users\Megíska\1077424.dll
[2013.04.16 14:35:18 | 000,002,659 | ---- | M] () -- C:\ProgramData\inmjdz2.js
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.04.22 19:00:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.04.22 18:32:49 | 000,002,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
[2013.04.22 18:32:49 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.04.22 18:01:40 | 3146,735,616 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.22 17:27:05 | 000,615,935 | ---- | C] () -- C:\Users\Megíska\Desktop\adwcleaner.exe
[2013.04.22 16:47:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.22 16:47:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.22 16:47:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.22 16:47:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.22 16:47:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.22 15:45:20 | 000,781,383 | ---- | C] () -- C:\Users\Megíska\Desktop\RSIT.exe
[2013.04.18 10:24:44 | 000,002,609 | ---- | C] () -- C:\ProgramData\vq2mj.js
[2013.04.18 10:24:42 | 000,099,328 | ---- | C] () -- C:\Users\Megíska\1077424.dll
[2013.04.16 14:35:18 | 000,002,659 | ---- | C] () -- C:\ProgramData\inmjdz2.js
[2011.07.18 18:20:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\afasrv32.exe
[2009.08.18 22:04:42 | 000,002,395 | ---- | C] () -- C:\Users\Megíska\Skype.lnk
[2009.07.16 02:00:19 | 000,001,356 | ---- | C] () -- C:\Users\Megíska\AppData\Local\d3d9caps.dat
[2009.05.29 00:35:46 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.05.14 20:40:13 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.05.13 01:54:03 | 000,015,872 | ---- | C] () -- C:\Users\Megíska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.08.18 21:59:28 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Braid
[2012.06.13 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\BSplayer
[2011.03.16 19:46:45 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\DAEMON Tools Lite
[2013.03.24 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\ICQ
[2009.05.29 00:35:53 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\InterVideo
[2009.05.14 19:37:14 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\TuneUp Software
[2012.04.12 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Ulozto File Manager
[2009.08.18 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\URSoft
[2010.03.25 22:49:29 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\Broad Intelligence
[2010.09.04 08:39:15 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\BSplayer
[2010.09.04 08:32:11 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\BSplayer Pro
[2010.05.15 09:21:57 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\DAEMON Tools Lite
[2010.08.27 12:11:29 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\HighAndes
[2010.07.07 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\ICQ
[2010.05.06 16:06:01 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\InterVideo
[2010.08.25 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\Nordic Games
[2010.08.27 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\Simple Star
[2010.07.06 09:06:44 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\SoftGate
[2010.07.16 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\TuneUp Software
[2010.05.06 11:44:01 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\uTorrent
[2010.03.24 19:38:12 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\VitySoft
[2010.07.18 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\Zak&Jack

========== Purity Check ==========

========== Custom Scans ==========

< >
[2006.11.02 14:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:58:10 | 000,032,618 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.05.14 19:37:17 | 000,000,490 | ---- | C] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2009.07.01 18:21:53 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.07.01 18:21:54 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 11:19:09 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 00:27:22 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 00:27:22 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.21 04:34:33 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.21 04:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.21 04:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 00:32:48 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: SCECLI.DLL >
[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\erdnt\cache\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SERVICES.EXE >
[2008.01.21 04:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009.04.11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009.04.11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009.04.11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008.01.21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008.01.21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009.04.11 00:33:04 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011.09.20 23:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009.12.08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011.06.17 22:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2012.03.30 14:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2013.01.04 13:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) MD5=3535CD93F944C00F098E73E12EE7FEB6 -- C:\Windows\erdnt\cache\tcpip.sys
[2013.01.04 13:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) MD5=3535CD93F944C00F098E73E12EE7FEB6 -- C:\Windows\System32\drivers\tcpip.sys
[2013.01.04 13:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) MD5=3535CD93F944C00F098E73E12EE7FEB6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23013_none_b5863efb7cafb1c9\tcpip.sys
[2009.12.08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009.12.08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010.06.16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011.06.17 22:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010.06.16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2013.01.04 13:28:18 | 000,905,576 | ---- | M] (Microsoft Corporation) MD5=74E2D020C47BB2B2FCCBA29A518A7EB4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18764_none_b4c7b8d663b986a2\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011.09.20 23:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.12.08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010.04.05 19:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
[2009.12.08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010.04.05 22:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2012.03.30 14:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008.01.21 04:34:55 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[92 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.03.10 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Adobe
[2009.08.18 21:59:28 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Braid
[2012.06.13 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\BSplayer
[2009.05.29 00:35:46 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Corel
[2011.03.16 19:46:45 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\DAEMON Tools Lite
[2012.12.17 21:13:22 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\DivX
[2009.05.13 00:42:23 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Google
[2013.03.24 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\ICQ
[2009.05.11 22:17:03 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Identities
[2009.05.29 00:35:53 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\InterVideo
[2009.05.11 22:34:15 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Macromedia
[2013.03.24 20:56:49 | 000,000,000 | --SD | M] -- C:\Users\Megíska\AppData\Roaming\Microsoft
[2010.12.25 14:18:48 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Mozilla
[2011.12.29 09:59:19 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Nero
[2013.02.10 00:58:39 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Skype
[2012.01.10 21:58:52 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\skypePM
[2009.05.14 19:37:14 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\TuneUp Software
[2012.04.12 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Ulozto File Manager
[2009.08.18 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\URSoft
[2009.05.14 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Winamp
[2009.05.14 19:35:47 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013.04.22 19:00:05 | 000,000,490 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2013.04.22 19:30:03 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.04.22 18:37:14 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.04.22 19:11:02 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.15 09:15:38 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.04.22 19:15:41 | 000,003,216 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 19:15:41 | 000,003,216 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 18:34:18 | 000,000,147 | ---- | M] () -- C:\Windows\system32\agent.log
[2013.04.22 18:34:30 | 000,000,000 | ---- | M] () -- C:\Windows\system32\LogConfigTemp.xml
[2013.04.22 18:56:01 | 000,119,536 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2013.04.22 18:56:01 | 000,105,164 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2013.04.22 18:56:01 | 000,610,968 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2013.04.22 18:56:01 | 000,599,150 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2013.04.22 18:56:01 | 001,426,990 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2010.08.23 12:30:32 | 000,039,408 | ---- | M] (Google Inc.)
"Sony PC Companion" = "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background -- [2013.03.18 17:47:58 | 000,448,736 | ---- | M] (Sony)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.03.23 16:44:28 | 000,917,400 | ---- | M] (Mozilla Corporation) MD5=BF2F2717C13A4BD4FD73F2788534E86B -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013.02.22 06:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) MD5=4E9592BB2C100E571F82640E59E9ECD5 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.04.22 19:00:54 | 000,000,512 | ---- | M] () MD5=633AB7D5B67AE6D1457F42614C3F36DE -- C:\PhysicalMBR.bin

Douber · #14 Příspěvek od **Douber** » 22 dub 2013 18:47

< >

< *crack* /s >
[2007.03.08 15:36:14 | 000,014,807 | ---- | M] () -- \Program Files\Codemasters\Hospital Tycoon\GameData\Sounds\CRACKER.ogg

< *keygen* /s >

< *loader* /s >
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2011.03.30 17:52:32 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.4\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011.03.30 17:52:34 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.4\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011.03.30 17:52:32 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.4\imApp\theme\MUICoreLib\xtraLoader.swf
[2011.04.13 19:02:59 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.4\Xtraz\icq\content\icq_profile\preloader.html
[2011.03.30 17:53:43 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.4\Xtraz\icq\content\profile_forms\preloader.html
[2011.03.30 17:53:38 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.4\Xtraz\icq\content\profile_lightboxs\preloader.html
[2013.04.08 13:57:46 | 000,001,702 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\licenses\loaderbinarylegal.txt
[2008.06.20 19:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2012.06.18 12:39:40 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.06.18 12:39:40 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.06.18 12:39:40 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.06.18 12:39:40 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013.03.19 02:09:12 | 000,000,583 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\801ICL5M\preloader_section[1].js
[2013.03.19 13:24:17 | 000,000,723 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\801ICL5M\tp_widget_loader[1].gif
[2013.03.19 02:05:43 | 000,002,451 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LCNOPK75\lazyloader[1].js
[2013.03.19 02:05:43 | 000,000,691 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LCNOPK75\lazyloader[2].js
[2013.03.19 02:05:43 | 000,000,505 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UHIBKSRE\lazyloader[1].js
[2013.03.19 02:05:43 | 000,000,265 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UHIBKSRE\lazyloader[2].js
[2012.04.12 20:56:00 | 001,198,211 | ---- | M] () -- \Users\Megíska\Desktop\Uloz.to_Uploader-setup.exe
[2010.05.15 09:16:13 | 000,057,728 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2010.05.15 09:16:16 | 000,057,728 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2010.05.15 09:16:17 | 000,057,728 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2012.02.27 21:11:12 | 000,003,657 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3T0QU6OJ\loader[1].js
[2012.02.27 20:58:13 | 000,016,516 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3T0QU6OJ\preloader[1].gif
[2012.02.27 21:01:17 | 000,014,590 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3T0QU6OJ\preloader[2].gif
[2011.07.05 06:02:50 | 000,002,805 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\48REQALV\mtloader_1.1.0[1].js
[2011.07.20 12:13:37 | 000,002,608 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\52EEDSBJ\loader[1].gif
[2011.07.19 20:58:41 | 000,001,423 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5YHUO7FD\loader[1].gif
[2011.07.19 09:05:16 | 000,001,406 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BJZSBJJR\BrightcoveBootloader[1].swf
[2011.07.19 07:56:19 | 000,002,883 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BJZSBJJR\QuickLoader[1].js
[2012.02.27 21:02:57 | 000,097,310 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DQNC0D18\cssloader-b2950bdbea7a[1].css
[2012.02.27 21:02:57 | 000,071,629 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DQNC0D18\jsloader-668e82772094[1].js
[2011.07.22 20:20:20 | 000,001,849 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IOD130QH\ajax-loader[1].gif
[2011.07.19 21:02:38 | 000,006,820 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IOD130QH\loader66[1].gif
[2011.07.22 20:19:04 | 000,005,967 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IQMB8NQK\ajax-loader[1].gif
[2011.07.05 06:02:54 | 000,003,881 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IQMB8NQK\facemoodsLoader[1].js
[2012.02.27 20:58:07 | 000,004,215 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KPZUOV1N\mtloader[2].js
[2011.07.19 20:58:41 | 000,002,545 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SKFT5G0T\ajax-loader3[1].gif
[2011.11.17 22:28:27 | 000,004,217 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YS5VNIXE\mtloader[1].js
[2012.07.16 11:47:28 | 000,000,980 | ---- | M] () -- \Users\Thooms\AppData\Local\VirtualStore\Program Files\ABC\Codename Outbreak - Venom\LoadErr.log
[2010.08.25 12:35:52 | 000,000,498 | ---- | M] () -- \Users\Thooms\AppData\Roaming\Microsoft\Windows\Recent\Kart_Racer-ENG-Pahyl.of.sMs.Uploaders.part1.lnk
[2009.11.04 14:57:55 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2008.01.21 04:33:05 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.02.12 05:11:21 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2009.02.12 05:11:21 | 000,027,648 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winload.exe.mui_3bc5b827
[2009.02.12 05:11:21 | 000,019,968 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winresume.exe.mui_ff8b5358
[2009.11.01 20:39:53 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2009.11.01 20:39:53 | 000,986,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winload.exe_75835076
[2009.11.01 20:39:53 | 000,926,184 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winresume.exe_85cd1215
[2008.01.21 04:36:35 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 04:36:35 | 000,021,048 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2_spldr.sys_98bd87a0
[2008.02.29 09:26:23 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_de-de_cb9c6772f81a418b.manifest
[2008.02.29 09:19:08 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_en-us_748d3d6be6f84d50.manifest
[2008.02.29 12:05:29 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_es-es_74589a4fe71f3ef5.manifest
[2008.02.29 12:07:01 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_fr-fr_1710104ed9f15557.manifest
[2008.02.29 12:05:17 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_it-it_01380695b1233ad5.manifest
[2008.02.29 10:14:00 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_ja-jp_a35d85a2a43e4cb0.manifest
[2008.02.29 12:02:51 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_nl-nl_2d992eca70004957.manifest
[2008.02.29 09:19:24 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_de-de_cbf6c366115bebbd.manifest
[2008.02.29 09:21:05 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_en-us_74e7995f0039f782.manifest
[2008.02.29 11:56:53 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_es-es_74b2f6430060e927.manifest
[2008.02.29 12:12:24 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_fr-fr_176a6c41f332ff89.manifest
[2008.02.29 12:01:15 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_it-it_01926288ca64e507.manifest
[2008.02.29 09:46:06 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_ja-jp_a3b7e195bd7ff6e2.manifest
[2008.02.29 11:17:45 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_nl-nl_2df38abd8941f389.manifest
[2009.02.12 05:09:52 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2008.02.29 09:17:27 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725.manifest
[2008.02.29 09:13:09 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157.manifest
[2008.01.21 04:29:34 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048.manifest
[2008.02.29 10:08:07 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b.manifest
[2008.02.29 09:37:27 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7.manifest
[2009.04.11 00:12:44 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2006.11.02 12:13:06 | 000,003,970 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6000.16386_none_68fc663d5430d3de.manifest
[2008.01.21 04:27:10 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 04:33:05 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmloader.dll
[2008.01.21 04:33:05 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6002.18005_none_47df94fd8cc49aa6\dmloader.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:B3D74A13

< End of report >

Douber · #15 Příspěvek od **Douber** » 22 dub 2013 18:55

OTL Extras logfile created on: 22.4.2013 18:57:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Megíska\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,93 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 43,28% Memory free
6,10 Gb Paging File | 4,37 Gb Available in Paging File | 71,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 0,61 Gb Free Space | 0,88% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 9,82 Gb Free Space | 14,11% Space Free | Partition Type: NTFS
Drive G: | 3,59 Gb Total Space | 3,12 Gb Free Space | 86,85% Space Free | Partition Type: FAT32

Computer Name: MEGÍSKA-PC | User Name: Megíska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4155293530-578101556-416198297-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4155293530-578101556-416198297-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09BA012B-E732-499B-86AD-225A8B7FD5F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{128DA47D-92F2-4412-BEF8-7500EBF22E2F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{36110C64-2DF4-4717-AAA7-A9D9D7269914}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{59819004-5AC8-47AE-A832-F94DF78A0AF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59BC8A52-DDF8-4C12-B015-1A53AB50C92B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7B661C30-18C8-42E2-A556-4BA1336FDB07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BF3EE9E-F2FE-4730-B6E2-43115A2A6A3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E9FC6FA-DB0F-4533-A66B-1CE8A323B896}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA799755-DAF0-474B-A610-01EC1E3D1932}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4BB8D33-C885-4B6F-9CDD-75902F7776C2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F4B72B4E-DE12-4950-A63A-980CF421DDD7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2026135D-687C-4C10-9F8B-8A5F9FD7ED78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2197BF66-8C3F-440A-BEE8-D2219AFE440A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2534B7E0-1FD6-4166-9765-3253AF40FC6E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{26756994-5679-45B8-B094-84ADD02AF37F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26BEF198-175C-41A7-8B81-247E4AC4E72B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FFC1840-A0A4-4065-8A30-CE8DE83431B8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{37733245-0672-4DE8-9F82-E8E85D1AA746}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38FFE51C-6734-41A5-83F6-F840A867599A}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{3B9A9C37-8CDB-4959-8C1C-9EB16631A86B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{400B194D-966A-4A6C-B193-FBD5CF59BE7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BB69B7D-918C-44B5-A12B-169F68D6B853}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{4BFED752-B973-440F-A446-899641488199}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{52756E0D-E863-4972-8194-57785E7870BC}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{55566CBD-76FA-4FE8-B1F7-F60638AC7D4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56605322-A3F9-4390-B9E3-7F440C1B1099}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57A02ED5-5AEE-414B-B36D-74BD43727C5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59E1303A-F29A-46D7-AAAA-170E31DB5CC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C0C000A-CCA6-4D8F-B8DD-2B357338F394}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5C62B5D3-CB67-4E6E-9930-DAB55B6E1BEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65E7CBFE-F659-4CCD-90CD-D54D0AE10F18}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6FCE31A5-FD88-4734-9F27-54BAD7B67C22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7ECBA167-95EA-4B75-A1A5-68CF1FF5D49E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83E43D75-6E5C-4BBE-BE01-17B5C2159CD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87D7A78A-5503-416A-B8E8-C05F2564C668}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B01101C-B4B3-4D4E-8E79-EC932B389C83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B7DB8B7-9088-4E67-98D6-ADDBFE000E0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95B6D275-B69E-4B29-BCAB-34DAE77E55D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1A39F66-BC79-448D-A2FA-4FD9D672F408}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{A53AF495-21DC-40B1-AB6B-DEA995A643E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA867773-7DB1-403B-8873-C34CD0B4D60A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE6F3C1A-DABB-4E33-B306-73BE6F64C94F}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{B2731CF8-42F6-4D8F-BA08-B02391D4DCF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B522D4B6-E469-4B55-A844-115B346CB0A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B802C99E-0D0F-4D6B-96BA-62AAA3162D31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD347A5B-88C2-4FB0-9724-E9145B55F1AC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BF196BCE-A955-4E6F-837E-3C53EA7675A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6F88734-E954-4093-9041-8DBD09D4293E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7B8CBCD-DD57-4080-9714-F3C6429A85B8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D039DC66-FCEC-4B73-AEF4-F30AF2DC9FD1}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{DFA03024-6F74-4B64-8493-929355ED71E1}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{E0F6CD40-DD08-43D4-B413-444D669BEE1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB1136DA-5A6E-42C5-9E9E-D0BF6DA26F5D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EBA57677-ADE0-4894-B096-9946AECE906C}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{FAA0A2BA-CBCA-467F-9E83-9672F8A7CB0E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{FC1E3953-AC98-4E16-9C68-AE0D418DE068}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDF4E0FC-730F-4027-B3E2-C29764FC9565}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{359CC312-76B4-4B73-A54F-2F3DE6DA6C67}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{52638EDC-68A9-4677-9178-7D9C26EE5F5F}C:\program files\ea games\need for speed underground 2\speed2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed underground 2\speed2.exe |
"TCP Query User{58A4A9FC-2AFC-473B-848E-D213CD8FA7FF}C:\program files\abc\codename outbreak - venom\outbreak.exe" = protocol=6 | dir=in | app=c:\program files\abc\codename outbreak - venom\outbreak.exe |
"TCP Query User{6718C671-B6F2-4A8C-8840-6F72C4F94511}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6E857DC1-4784-4A80-83BC-81D63E09DA10}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{951DF07F-434A-45A2-A8CD-040E8B5F6B01}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{B3482A96-9500-401E-9047-5E0AAC189182}G:\call of duty\codmp.exe" = protocol=6 | dir=in | app=g:\call of duty\codmp.exe |
"TCP Query User{E36257EB-32D5-4FAF-9C9E-339A9CC6B31A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5229FE13-A027-46D9-ABC0-C475787C9EB8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{80FEBA67-E354-49FA-991F-EBE7064EA020}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{958D605A-82ED-4D97-8411-CAA0D64834F7}C:\program files\ea games\need for speed underground 2\speed2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed underground 2\speed2.exe |
"UDP Query User{AD84CCB5-B7FD-4446-9D6D-1A493D349909}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B7DEF2DF-6E99-4612-8678-17E773F5D456}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{B808E3F9-8007-412C-A37C-D200620B0046}C:\program files\abc\codename outbreak - venom\outbreak.exe" = protocol=17 | dir=in | app=c:\program files\abc\codename outbreak - venom\outbreak.exe |
"UDP Query User{C2CFAC29-E886-4429-A636-A8A73FE991BE}G:\call of duty\codmp.exe" = protocol=17 | dir=in | app=g:\call of duty\codmp.exe |
"UDP Query User{D59CAE96-A5EF-4FA5-8381-41099A7B8B43}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00449164-f8e7-4ba8-848e-69c293563e0a}" = Nero 9 Lite
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Pomocník pro přihlášení ke službě Windows Live ID
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{20D0CDB1-5F03-4A5D-86EB-7C218053B157}" = Windows Live Messenger
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B4451CE-D1E6-4BDE-B4B2-59F03BB83B7C}" = Windows Live Sync
"{4EA44BA4-A708-4223-BC1A-22B6DA9E7D1C}" = Windows Live Essentials
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54FEAF1A-8F2A-44C1-95CA-5C1C21F4F934}" = Windows Live Mail
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6889EE56-1816-4E89-94DF-9F56E7804039}_is1" = Counter-Strike 1.6 Non-Steam patch v36
"{6E5EEE1B-3907-44C3-83BA-AD4B8CE40F76}" = Windows Live Writer
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8190420D-F4BA-4744-8940-A466F81AF89C}_is1" = Ulož.to File Manager verze 1.4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A13DE9CB-8C84-4889-B114-C5A9661F844E}" = Windows Live Fotogalerie
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA0799-F982-414C-9A8B-17EB03D39677}" = trakAxPC
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADEBB98C-DCD0-4369-BC4A-71B342CF55B2}" = HT Fireman CD/DVD Burner
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7B80B42-D6DA-4132-ABDD-C5E10823B921}_is1" = ABC Edice PC her - Codename: Outbreak - Venom
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D16ECDF4-DA6F-418F-947A-C1652B5CFD96}" = SweetIM for Messenger 2.7
"{D6615307-A73A-49C5-B90F-D97E027F034A}" = Nova Stahovák
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FDE773CD-9201-4655-87F3-4E051860D47D}" = Ralink Wireless LAN Installation Program for VISTA v2.0.8.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Apollo DVD Copy_is1" = Apollo DVD Copy 4.6.13
"AVerMedia A815 USB DVB-T" = AVerMedia A815 USB DVB-T 1.0.0.49
"Bejeweled Twist 1.0.3.7482" = Bejeweled Twist 1.0.3.7482
"BSPlayer1" = BSPlayer
"BSPlayerf" = BS.Player FREE
"Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.25.0
"CDex" = CDex - Open Source Digital Audio CD Extractor
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Chrome" = Google Chrome
"Grand Theft Auto" = Grand Theft Auto
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HospitalTycoon" = Hospital Tycoon
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"KartRacer_is1" = Kart Racer
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full)
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 19.0.2 (x86 cs)" = Mozilla Firefox 19.0.2 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Plants vs. Zombies 1.0.0.1051" = Plants vs. Zombies 1.0.0.1051
"Polární dobrodružství 2" = Polární dobrodružství 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28.3.2011 23:25:30 | Computer Name = Megíska-PC | Source = WinMgmt | ID = 10
Description =

Error - 29.3.2011 14:00:54 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 30.3.2011 11:34:39 | Computer Name = Megíska-PC | Source = WinMgmt | ID = 10
Description =

Error - 30.3.2011 14:01:01 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 31.3.2011 12:12:54 | Computer Name = Megíska-PC | Source = WinMgmt | ID = 10
Description =

Error - 31.3.2011 14:00:59 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 31.3.2011 17:03:49 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 3.4.2011 10:29:49 | Computer Name = Megíska-PC | Source = WinMgmt | ID = 10
Description =

Error - 3.4.2011 14:00:55 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 4.4.2011 14:00:56 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 22.4.2013 12:35:15 | Computer Name = Megíska-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22.4.2013 12:35:15 | Computer Name = Megíska-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 22.4.2013 12:38:38 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.147.1929.0 Zdroj aktualizace: %%859 Fáze aktualizace:
%%852 Zdrojová cesta: http://www.microsoft.com Typ podpisu: %%800 Typ aktualizace:
%%803 Uživatel: NT AUTHORITY\SYSTEM Aktuální verze modulu: Předchozí verze modulu:
1.1.9302.0 Kód chyby: 0x8024402c Popis chyby: Při zjišťování aktualizací došlo k
neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete
v nápovědě a podpoře.

Error - 22.4.2013 12:38:38 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.147.1929.0 Zdroj aktualizace: %%851 Fáze aktualizace:
%%852 Zdrojová cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ
podpisu: %%800 Typ aktualizace: %%803 Uživatel: Megíska-PC\Megíska Aktuální verze
modulu: Předchozí verze modulu: 1.1.9302.0 Kód chyby: 0x80072ee7 Popis chyby: Nelze
rozpoznat název nebo adresu serveru.

Error - 22.4.2013 12:38:38 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.147.1929.0 Zdroj aktualizace: %%851 Fáze aktualizace:
%%852 Zdrojová cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ
podpisu: %%801 Typ aktualizace: %%803 Uživatel: Megíska-PC\Megíska Aktuální verze
modulu: Předchozí verze modulu: 1.1.9302.0 Kód chyby: 0x80072ee7 Popis chyby: Nelze
rozpoznat název nebo adresu serveru.

Error - 22.4.2013 12:38:39 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 18.160.0.0 Zdroj aktualizace: %%851 Fáze aktualizace: %%852

Zdrojová
cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ
podpisu: %%886 Typ aktualizace: %%803 Uživatel: Megíska-PC\Megíska Aktuální verze
modulu: Předchozí verze modulu: 2.1.8904.0 Kód chyby: 0x80072ee7 Popis chyby: Nelze
rozpoznat název nebo adresu serveru.

Error - 22.4.2013 13:04:30 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 zjistil kritickou chybu při provádění akce u malwaru nebo jiného
potenciálně nežádoucího softwaru. Další informace získáte v následujícím seznamu:
http://go.microsoft.com/fwlink/?linkid= ... 2147678622

Název:
Trojan:JS/Reveton.A ID: 2147678622 Závažnost: Vážné Kategorie: Trojský kůň Cesta: file:_C:\ProgramData\inmjdz2.js;file:_C:\ProgramData\vq2mj.js

Původ
zjištění: %%845 Typ zjištění: %%822 Zdroj zjištění: %%818 Uživatel: NT AUTHORITY\SYSTEM

Název
procesu: C:\Users\Megíska\Desktop\OTL.exe Akce: %%809 Stav akce: No additional actions
required Kód chyby: 0x80070070 Popis chyby: Na disku není dost místa. Verze podpisu:
AV: 1.149.328.0, AS: 1.149.328.0, NIS: 18.160.0.0 Verze modulu: AM: 1.1.9402.0,
NIS: 2.1.8904.0

Error - 22.4.2013 13:18:25 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 zjistil kritickou chybu při provádění akce u malwaru nebo jiného
potenciálně nežádoucího softwaru. Další informace získáte v následujícím seznamu:
http://go.microsoft.com/fwlink/?linkid= ... 2147673909

Název:
VirTool:Win32/Obfuscator.ADH ID: 2147673909 Závažnost: Vážné Kategorie: Nástroj Cesta:
containerfile:_C:\Users\Megíska\1077424.dll;file:_C:\Users\Megíska\1077424.dll;file:_C:\Users\Megíska\1077424.dll->(VFS:bj8j.dat#1)

Původ
zjištění: %%845 Typ zjištění: %%821 Zdroj zjištění: %%818 Uživatel: NT AUTHORITY\SYSTEM

Název
procesu: C:\Users\Megíska\Desktop\OTL.exe Akce: %%809 Stav akce: No additional actions
required Kód chyby: 0x80070070 Popis chyby: Na disku není dost místa. Verze podpisu:
AV: 1.149.328.0, AS: 1.149.328.0, NIS: 18.160.0.0 Verze modulu: AM: 1.1.9402.0,
NIS: 2.1.8904.0

Error - 22.4.2013 13:29:44 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 zjistil kritickou chybu při provádění akce u malwaru nebo jiného
potenciálně nežádoucího softwaru. Další informace získáte v následujícím seznamu:
http://go.microsoft.com/fwlink/?linkid= ... 2147678622

Název:
Trojan:JS/Reveton.A ID: 2147678622 Závažnost: Vážné Kategorie: Trojský kůň Cesta: file:_C:\ProgramData\inmjdz2.js;file:_C:\ProgramData\vq2mj.js

Původ
zjištění: %%845 Typ zjištění: %%822 Zdroj zjištění: %%818 Uživatel: NT AUTHORITY\SYSTEM

Název
procesu: C:\Users\Megíska\Desktop\OTL.exe Akce: %%809 Stav akce: No additional actions
required Kód chyby: 0x80070070 Popis chyby: Na disku není dost místa. Verze podpisu:
AV: 1.149.328.0, AS: 1.149.328.0, NIS: 18.160.0.0 Verze modulu: AM: 1.1.9402.0,
NIS: 2.1.8904.0

Error - 22.4.2013 13:29:44 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 zjistil kritickou chybu při provádění akce u malwaru nebo jiného
potenciálně nežádoucího softwaru. Další informace získáte v následujícím seznamu:
http://go.microsoft.com/fwlink/?linkid= ... 2147673909

Název:
VirTool:Win32/Obfuscator.ADH ID: 2147673909 Závažnost: Vážné Kategorie: Nástroj Cesta:
containerfile:_C:\Users\Megíska\1077424.dll;file:_C:\Users\Megíska\1077424.dll;file:_C:\Users\Megíska\1077424.dll->(VFS:bj8j.dat#1)

Původ
zjištění: %%845 Typ zjištění: %%821 Zdroj zjištění: %%818 Uživatel: NT AUTHORITY\SYSTEM

Název
procesu: C:\Users\Megíska\Desktop\OTL.exe Akce: %%809 Stav akce: No additional actions
required Kód chyby: 0x80070070 Popis chyby: Na disku není dost místa. Verze podpisu:
AV: 1.149.328.0, AS: 1.149.328.0, NIS: 18.160.0.0 Verze modulu: AM: 1.1.9402.0,
NIS: 2.1.8904.0

[ TuneUp Events ]
Error - 17.4.2013 6:29:57 | Computer Name = Megíska-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database or disk is full; when executing SQL: UPDATE StartMenuEntries
SET Outdated='1'

Error - 17.4.2013 6:29:57 | Computer Name = Megíska-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database or disk is full; when executing SQL: UPDATE SecurityProducts
SET Outdated='1'

< End of report >

VIRY.CZ

Policie ČR - váš počítač je zablokován

Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován