Vir - Policie ČR (Win7)

Zpráva

Razor339 · #1 Příspěvek od **Razor339** » 05 kvě 2013 11:09

Dobrý den, mám doma ntb od kámošky a má tam již známý problém Policie ČR. Při normálním spuštění ntb nejde hned naskočí obrazovka s nápisem Policie ČR.
Chtěl sem vložit log z RSIT, pomocí nouzového režimu, ale v tom to děla to samé. Tak nevím jak dál. Obnova systému na dřívější bod nejde, neboť ntb píše že žádný bod není vytvořen.

Předem děkuji za odpověď

Edit:
Tak se mi podařilo získat log z RSIT, spustil sem nouzový režim s příkazovým řádek a zde ho získal. Přikládám tedy

Razor339 · #2 Příspěvek od **Razor339** » 05 kvě 2013 11:21

Logfile of random's system information tool 1.09 (written by random/random)
Run by HP at 2013-05-05 12:16:51
WIN_7
System drive C: has 6 GB (8%) free of 69 GB
Total RAM: 2039 MB (76% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default

prefs.js - "Keyword.Enabled" - "true"
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "Cetrumcz@igeared:1.203.023.002, {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0, toolbar@ask.com:3.6.6.100010, engine@conduit.com:3.2.5.2, {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2, {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.9.0.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="

"Cetrumcz@igeared"=C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
Cetrumcz_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\
crossriderapp3491@crossrider.com
toolbar@ask.com
{1392b8d2-5c05-419f-a8f6-b9f15a596612}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\
askcom.xml
askcomsearch.xml
conduit.xml
inbox-hledn.xml
myplaycity-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191}]
Vid-Saver - C:\Program Files\Vid-Saver\Vid-Saver.dll [2012-09-06 611200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-04 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-04 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806} - Lišta Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2009-10-23 827904]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"PCPowerSpeed"=C:\Program Files\PCPowerSpeed\PCPowerTray.exe [2012-01-20 385664]
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe /run []
"NBAgent"=C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]
"Eraser"=C:\PROGRA~1\Eraser\Eraser.exe [2011-11-05 980368]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"PrivitizeVPN"=C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe [2012-09-10 196784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-10-25 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-02-29 17151624]
"Facebook Update"=C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-02 138096]
"ctfmon.exe"=C:\PROGRA~2\rundll32.exe [2013-04-30 44544]

C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
msconfig.lnk - C:\Windows\System32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-05-05 12:17:22 ----D---- C:\Program Files\trend micro
2013-05-05 12:16:51 ----D---- C:\rsit
2013-05-01 16:45:04 ----A---- C:\Windows\ntbtlog.txt
2013-04-30 16:40:00 ----A---- C:\ProgramData\wrb7.js
2013-04-30 16:40:00 ----A---- C:\ProgramData\as98213.txt
2013-04-30 16:39:38 ----A---- C:\ProgramData\1qrje.dat
2013-04-30 16:39:37 ----A---- C:\ProgramData\rundll32.exe
2013-04-30 16:39:37 ----A---- C:\ProgramData\7brw.dat

======List of files/folders modified in the last 1 month======

2013-05-05 12:17:22 ----RD---- C:\Program Files
2013-05-05 12:17:22 ----D---- C:\Windows\Temp
2013-05-05 12:12:35 ----HD---- C:\ProgramData
2013-05-05 11:53:53 ----D---- C:\Windows\Prefetch
2013-05-05 11:40:00 ----SHD---- C:\System Volume Information
2013-05-01 16:45:04 ----D---- C:\Windows
2013-05-01 16:38:34 ----D---- C:\Program Files\Mozilla Firefox
2013-04-30 16:41:14 ----D---- C:\Windows\System32
2013-04-30 16:41:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-30 16:41:13 ----D---- C:\Windows\inf
2013-04-30 16:40:38 ----D---- C:\Windows\tracing
2013-04-30 16:33:38 ----D---- C:\Users\HP\AppData\Roaming\Skype
2013-04-28 13:57:52 ----D---- C:\Users\HP\AppData\Roaming\PCPowerSpeed
2013-04-26 12:15:05 ----D---- C:\Windows\system32\config
2013-04-14 15:14:33 ----A---- C:\Windows\NeroDigital.ini
2013-04-07 19:56:12 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2011-03-05 18816]
S1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-14 159232]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 PAC7302;Eye 312; C:\Windows\system32\DRIVERS\PAC7302.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-04-22 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-09-28 44544]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-06 136176]
S2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2010-03-14 87336]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-06 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-04-22 720936]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 05 kvě 2013 12:11

Zdravim

Na zdravem PC stahnete Farbar Recovery Scan Tool http://www.bleepingcomputer.com/downloa ... scan-tool/

Ulozte na nejaky flash disk, primo na jeho koren

Na poskozenem PC nabootujte Nouzovy rezim s prikazovym radkem MS-DOS

Nyni si zjisteme pismeno flash disku

Zadejte prikaz notepad a odenterujte
Otebre se poznamkovy blok (notepad)
Dejte Soubor --> Otevrit --> najdete tento pocitac a otevrete USB klic je FRST ulozeny
Podivejte se, jake pismeno ma USB klic (F:\, G:\ apod)
Zavrete notepad krizkem

Ted si ziskame log

Pokud mate stazeny FRST pro 64 bit OS, tak se jmenuje FRST64.exe a je nutne jej tak zadat
Zadejte prikaz "pismeno disku":\FRST.exe a odenterujte (napr. F:\FRST.exe)
Spusti se FRST
Spuste prohledavani kliknutim na Scan
Po chvili se vytvori na flash disku log FRST.exe
Ten mi sem vlozte pres zdravy PC

Razor339 · #4 Příspěvek od **Razor339** » 05 kvě 2013 12:54

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-05-2013 02
Ran by HP (administrator) on 05-05-2013 13:39:49
Running from G:\
Windows 7 Ultimate (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) ===================

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe [827904 2009-10-23] ()
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [x]
HKLM\...\Run: [PCPowerSpeed] "C:\Program Files\PCPowerSpeed\PCPowerTray.exe" /startup [385664 2012-01-20] (Crawler.com)
HKLM\...\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run [x]
HKLM\...\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-03-26] (Nero AG)
HKLM\...\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart [980368 2011-11-05] (The Eraser Project)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe /autorun [196784 2012-09-10] (OOO Industry)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [x]
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17151624 2012-02-29] (Skype Technologies S.A.)
HKCU\...\Run: [Facebook Update] "C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-02] (Facebook Inc.)
HKCU\...\Run: [ctfmon.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\7brw.dat,FG00 [176128 2013-04-30] (?????????? ??????????)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~2\7brw.dat (?????????? ??????????)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
URLSearchHook: (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
HKLM SearchScopes: DefaultScope {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://home.myplaycity.com/results.php? ... earchTerms}
SearchScopes: HKLM - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://home.myplaycity.com/results.php? ... earchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1060933
HKCU SearchScopes: DefaultScope {6BB6936F-FAFE-4D57-93C5-C458E5D24451} URL = http://search.centrum.cz/index.php?q={s ... trum-1.0.0
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/custom/java/re ... tid=OSJ000
SearchScopes: HKCU - {6BB6936F-FAFE-4D57-93C5-C458E5D24451} URL = http://search.centrum.cz/index.php?q={s ... trum-1.0.0
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://home.myplaycity.com/results.php? ... earchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1060933
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... 096&lng=cs
BHO: Vid-Saver - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll (215 Apps)
BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Lišta Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKCU -Lišta Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKCU -No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
Toolbar: HKCU -No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [65024] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [65024] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [65024] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default
FF SearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\Extensions\crossriderapp3491@crossrider.com
FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\Extensions\toolbar@ask.com
FF Extension: Freecorder Community Toolbar - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\Extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF Extension: MyAshampoo Community Toolbar - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\Extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF Extension: Seznam lištička - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

Chrome:
=======
CHR HomePage: hxxp://home.myplaycity.com/
CHR RestoreOnStartup: "hxxp://home.myplaycity.com/"
CHR DefaultSearchURL: (MyPlayCity Search) - http://home.myplaycity.com/results.php? ... earchTerms}
CHR DefaultSuggestURL: (MyPlayCity Search) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Power Challenge Loader) - C:\Users\HP\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Vid-Saver) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.46_0

========================== Services (Whitelisted) =================

S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
S2 Winmgmt; C:\PROGRA~2\7brw.dat [176128 2013-04-30] (?????????? ??????????)
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [18816 2011-03-05] (RIF)
S3 PAC7302; system32\DRIVERS\PAC7302.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-05 13:23 - 2013-05-05 13:23 - 00000000 ____D C:\FRST
2013-05-05 12:17 - 2013-05-05 12:17 - 00000000 ____D C:\Program Files\trend micro
2013-05-05 12:16 - 2013-05-05 12:17 - 00000000 ____D C:\rsit
2013-04-30 16:40 - 2013-05-05 12:12 - 00000000 ____A C:\ProgramData\as98213.txt
2013-04-30 16:40 - 2013-04-30 16:40 - 00002583 ____A C:\ProgramData\wrb7.js
2013-04-30 16:39 - 2013-05-05 12:12 - 95023320 ___AT C:\ProgramData\wrb7.pad
2013-04-30 16:39 - 2013-04-30 16:39 - 95023320 ___AT C:\ProgramData\ejrq1.pad
2013-04-30 16:39 - 2013-04-30 16:39 - 00176128 ____A (?????????? ??????????) C:\ProgramData\7brw.dat
2013-04-30 16:39 - 2013-04-30 16:39 - 00176128 ____A (?????????? ??????????) C:\ProgramData\1qrje.dat
2013-04-30 16:39 - 2013-04-30 16:39 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe

==================== One Month Modified Files and Folders ========

2013-05-05 13:23 - 2013-05-05 13:23 - 00000000 ____D C:\FRST
2013-05-05 12:17 - 2013-05-05 12:17 - 00000000 ____D C:\Program Files\trend micro
2013-05-05 12:17 - 2013-05-05 12:16 - 00000000 ____D C:\rsit
2013-05-05 12:12 - 2013-04-30 16:40 - 00000000 ____A C:\ProgramData\as98213.txt
2013-05-05 12:12 - 2013-04-30 16:39 - 95023320 ___AT C:\ProgramData\wrb7.pad
2013-05-05 11:56 - 2011-03-05 12:02 - 01061384 ____A C:\Windows\WindowsUpdate.log
2013-05-05 11:54 - 2009-07-14 06:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-05 11:54 - 2009-07-14 06:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-05 11:53 - 2012-09-02 17:47 - 00000916 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000UA.job
2013-05-05 11:47 - 2012-10-10 08:43 - 00124454 ____A C:\Windows\setupact.log
2013-05-05 11:47 - 2011-03-06 18:37 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-05 11:47 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-05 11:31 - 2012-03-29 19:34 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-05 11:29 - 2012-09-02 17:47 - 00000894 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000Core.job
2013-05-05 11:26 - 2011-03-06 18:37 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-01 16:38 - 2011-03-05 14:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-30 16:41 - 2011-03-05 12:12 - 01470062 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-30 16:40 - 2013-04-30 16:40 - 00002583 ____A C:\ProgramData\wrb7.js
2013-04-30 16:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2013-04-30 16:39 - 2013-04-30 16:39 - 95023320 ___AT C:\ProgramData\ejrq1.pad
2013-04-30 16:39 - 2013-04-30 16:39 - 00176128 ____A (?????????? ??????????) C:\ProgramData\7brw.dat
2013-04-30 16:39 - 2013-04-30 16:39 - 00176128 ____A (?????????? ??????????) C:\ProgramData\1qrje.dat
2013-04-30 16:39 - 2013-04-30 16:39 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-04-30 16:33 - 2011-12-27 16:47 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype
2013-04-29 10:18 - 2012-03-21 10:52 - 00000000 ____D C:\Users\HP\Desktop\CENÍKY
2013-04-28 14:18 - 2012-03-10 18:57 - 00000000 ____D C:\Users\HP\.gimp-2.2
2013-04-28 13:57 - 2012-01-20 19:25 - 00000000 ____D C:\Users\HP\AppData\Roaming\PCPowerSpeed
2013-04-14 15:14 - 2011-06-19 15:32 - 00000069 ____A C:\Windows\NeroDigital.ini
2013-04-11 19:01 - 2011-03-06 18:39 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-07 19:56 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Libraries

Other Malware:
===========
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\\msconfig.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-04-25 20:40

==================== End Of Log ============================

#5 Příspěvek od **vyosek** » 05 kvě 2013 14:02

Tohle asi nebude zakoupena verze ze

Windows 7 Ultimate (X86) OS Language: Czech

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

2013-04-30 16:40 - 2013-05-05 12:12 - 00000000 ____A C:\ProgramData\as98213.txt
2013-04-30 16:40 - 2013-04-30 16:40 - 00002583 ____A C:\ProgramData\wrb7.js
2013-04-30 16:39 - 2013-05-05 12:12 - 95023320 ___AT C:\ProgramData\wrb7.pad
2013-04-30 16:39 - 2013-04-30 16:39 - 95023320 ___AT C:\ProgramData\ejrq1.pad
2013-04-30 16:39 - 2013-04-30 16:39 - 00176128 ____A (?????????? ??????????) C:\ProgramData\7brw.dat
2013-04-30 16:39 - 2013-04-30 16:39 - 00176128 ____A (?????????? ??????????) C:\ProgramData\1qrje.dat
2013-04-30 16:39 - 2013-04-30 16:39 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
S2 Winmgmt; C:\PROGRA~2\7brw.dat [176128 2013-04-30] (?????????? ??????????)CHR HomePage: hxxp://home.myplaycity.com/
CHR RestoreOnStartup: "hxxp://home.myplaycity.com/"
CHR DefaultSearchURL: (MyPlayCity Search) - http://home.myplaycity.com/results.php?category=web&s={searchTerms}
CHR DefaultSuggestURL: (MyPlayCity Search) - "suggest_url": ""
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
Toolbar: HKLM - Lišta Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKCU -Lišta Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKCU -No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
Toolbar: HKCU -No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
CMD: del "C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\\msconfig.lnk"
CMD: rmdir "C:\Program Files\Ask.com" /s /q
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
URLSearchHook: (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
HKLM SearchScopes: DefaultScope {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://home.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKLM - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://home.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
HKCU SearchScopes: DefaultScope {6BB6936F-FAFE-4D57-93C5-C458E5D24451} URL = http://search.centrum.cz/index.php?q={searchTerms}&toolbar=centrum-1.0.0
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/custom/java/re ... src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
SearchScopes: HKCU - {6BB6936F-FAFE-4D57-93C5-C458E5D24451} URL = http://search.centrum.cz/index.php?q={searchTerms}&toolbar=centrum-1.0.0
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://home.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80096&lng=cs
HKCU\...\Run: [ctfmon.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\7brw.dat,FG00 [176128 2013-04-30] (?????????? ??????????)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~2\7brw.dat (?????????? ??????????)
C:\PROGRA~2\7brw.dat

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

Kliknete na Fix
Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

Razor339 · #6 Příspěvek od **Razor339** » 05 kvě 2013 14:17

Zda se jedná o zakoupenou verzi netuším

Ntb spuštěn do normálního režimu a zatím funkční, děkuji. přikládám ještě fixlog.
Dívám se že v ntb nenajel žádný antivir, jen je zde program zrychlení počítače, který nemám rád

FixLog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-05-2013 02
Ran by HP at 2013-05-05 15:07:40 Run:1
Running from G:\
Boot Mode: Safe Mode (minimal)

==============================================

C:\ProgramData\as98213.txt => Moved successfully.
C:\ProgramData\wrb7.js => Moved successfully.
C:\ProgramData\wrb7.pad => Moved successfully.
C:\ProgramData\ejrq1.pad => Moved successfully.
C:\ProgramData\7brw.dat => Moved successfully.
C:\ProgramData\1qrje.dat => Moved successfully.
C:\ProgramData\rundll32.exe => Moved successfully.
S2 Winmgmt; C:\PROGRA~2\7brw.dat [176128 2013-04-30] (?????????? ??????????)CHR HomePage: hxxp://home.myplaycity.com/ ==> The Chrome "Settings" can be used to fix the entry.
Winmgmt => Service deleted successfully.
CHR RestoreOnStartup: "hxxp://home.myplaycity.com/" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: (MyPlayCity Search) - http://home.myplaycity.com/results.php? ... earchTerms} ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (MyPlayCity Search) - "suggest_url": "" ==> The Chrome "Settings" can be used to fix the entry.
Firefox Keyword.URL deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D5D47440-0750-463D-BAEF-A47D02414806} => Value deleted successfully.
HKCR\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D5D47440-0750-463D-BAEF-A47D02414806} => Value deleted successfully.
HKCR\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} => Value deleted successfully.
HKCR\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key not found.
HKCR\PROTOCOLS\Handler\centrumcztoolbar => Key deleted successfully.
HKCR\CLSID\{61A97628-7C82-4315-957A-C74C2CDD85DF} => Key deleted successfully.

========= del "C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\\msconfig.lnk" =========

========= End of CMD: =========

========= rmdir "C:\Program Files\Ask.com" /s /q =========

========= End of CMD: =========

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} => Key deleted successfully.
HKCR\CLSID\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
Default URLSearchHook was restored successfully .
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Value deleted successfully.
HKCR\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} => Value deleted successfully.
HKCR\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612} => Key not found.
HKCR\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key deleted successfully.
HKCR\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BB6936F-FAFE-4D57-93C5-C458E5D24451} => Key deleted successfully.
HKCR\CLSID\{6BB6936F-FAFE-4D57-93C5-C458E5D24451} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key deleted successfully.
HKCR\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key deleted successfully.
HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe => Value deleted successfully.
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk not found.
C:\PROGRA~2\7brw.dat not found.
C:\PROGRA~2\7brw.dat => File/Directory not found.

==== End of Fixlog ====

#7 Příspěvek od **vyosek** » 05 kvě 2013 14:19

Ten kram Zrychleni PC odinstalujte

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

Ulozte nejlepe na Plochu
Spustte tradicne dvouklikem a postupujte dle pokynu utility
Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?t=81939

Razor339 · #8 Příspěvek od **Razor339** » 05 kvě 2013 14:29

Tak zrychlení počítače odinstalováno, dívám se a sou zde ještě nějaký další Optimize your pc, pc power speed system optimizer. (dle mě naprosto k ničemu

).

LOG z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by HP at 2013-05-05 15:26:43
WIN_7
System drive C: has 6 GB (8%) free of 69 GB
Total RAM: 2039 MB (60% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default

prefs.js - "Keyword.Enabled" - "true"
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "Cetrumcz@igeared:1.203.023.002, {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0, toolbar@ask.com:3.6.6.100010, engine@conduit.com:3.2.5.2, {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2, {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.9.0.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="

"Cetrumcz@igeared"=C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
Cetrumcz_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\
crossriderapp3491@crossrider.com
toolbar@ask.com
{1392b8d2-5c05-419f-a8f6-b9f15a596612}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\
askcom.xml
askcomsearch.xml
conduit.xml
inbox-hledn.xml
myplaycity-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191}]
Vid-Saver - C:\Program Files\Vid-Saver\Vid-Saver.dll [2012-09-06 611200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-04 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-04 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2009-10-23 827904]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"PCPowerSpeed"=C:\Program Files\PCPowerSpeed\PCPowerTray.exe [2012-01-20 385664]
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe /run []
"NBAgent"=C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]
"Eraser"=C:\PROGRA~1\Eraser\Eraser.exe [2011-11-05 980368]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"PrivitizeVPN"=C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe [2012-09-10 196784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-10-25 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-02-29 17151624]
"Facebook Update"=C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-02 138096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-05-05 13:23:05 ----D---- C:\FRST
2013-05-05 12:17:22 ----D---- C:\Program Files\trend micro
2013-05-05 12:16:51 ----D---- C:\rsit
2013-05-01 16:45:04 ----A---- C:\Windows\ntbtlog.txt

======List of files/folders modified in the last 1 month======

2013-05-05 15:26:41 ----D---- C:\Windows\Temp
2013-05-05 15:26:12 ----D---- C:\Windows\Prefetch
2013-05-05 15:23:14 ----D---- C:\Users\HP\AppData\Roaming\PCPowerSpeed
2013-05-05 15:22:34 ----D---- C:\Program Files\Mozilla Firefox
2013-05-05 15:22:32 ----D---- C:\Program Files\Zrychleni Pocitace
2013-05-05 15:15:01 ----D---- C:\Windows\tracing
2013-05-05 15:12:50 ----D---- C:\Users\HP\AppData\Roaming\Skype
2013-05-05 15:07:41 ----HD---- C:\ProgramData
2013-05-05 13:23:09 ----D---- C:\Windows
2013-05-05 12:17:22 ----RD---- C:\Program Files
2013-05-05 11:40:00 ----SHD---- C:\System Volume Information
2013-04-30 16:41:14 ----D---- C:\Windows\System32
2013-04-30 16:41:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-30 16:41:13 ----D---- C:\Windows\inf
2013-04-26 12:15:05 ----D---- C:\Windows\system32\config
2013-04-14 15:14:33 ----A---- C:\Windows\NeroDigital.ini
2013-04-07 19:56:12 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2011-03-05 18816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-14 159232]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 PAC7302;Eye 312; C:\Windows\system32\DRIVERS\PAC7302.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-04-22 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-09-28 44544]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2010-03-14 87336]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-06 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-06 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-04-22 720936]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

LOG z SecurityCheck

Results of screen317's Security Check version 0.99.63
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.6.602.180
Mozilla Firefox 10.0 Firefox out of Date!
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#9 Příspěvek od **vyosek** » 05 kvě 2013 14:33

Optimize your pc, pc power speed system optimizer - oboji poslete do pryc

Tez odinstalujte PrivitizeVPN

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

Ulozte nejlepe na Plochu
U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
Kliknete na Scan
Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92

Razor339 · #10 Příspěvek od **Razor339** » 05 kvě 2013 15:11

Optimize your pc, pc power speed system optimizer, PrivitizeVPN odinstalováno.

LOG z FSS:

Farbar Service Scanner Version: 14-04-2013
Ran by HP (administrator) on 05-05-2013 at 16:09:51
Running from "C:\Users\HP\Desktop"
Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#11 Příspěvek od **vyosek** » 05 kvě 2013 15:13

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Razor339 · #12 Příspěvek od **Razor339** » 05 kvě 2013 16:08

LOG OTL:

OTL logfile created on: 5.5.2013 16:17:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,82% Memory free
3,98 Gb Paging File | 3,08 Gb Available in Paging File | 77,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,43 Gb Total Space | 4,83 Gb Free Space | 7,17% Space Free | Partition Type: NTFS
Drive D: | 5,55 Gb Total Space | 0,76 Gb Free Space | 13,70% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,92% Space Free | Partition Type: NTFS
Drive G: | 14,91 Gb Total Space | 2,31 Gb Free Space | 15,47% Space Free | Partition Type: FAT32

Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.05.05 16:14:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.11.05 12:17:04 | 000,980,368 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2010.03.26 11:52:24 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009.10.23 20:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2009.10.23 20:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
MOD - [2009.07.14 06:46:13 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\965b1fa2decab0efc0c837ab7252bba1\Microsoft.VisualBasic.ni.dll
MOD - [2009.07.14 06:43:48 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll
MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2013.03.13 22:31:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.02.29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PAC7302.SYS -- (PAC7302)
DRV - [2013.03.07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.03.07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-592935793-3253454749-611521338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
IE - HKU\S-1-5-21-592935793-3253454749-611521338-1000\..\SearchScopes,DefaultScope = {6BB6936F-FAFE-4D57-93C5-C458E5D24451}
IE - HKU\S-1-5-21-592935793-3253454749-611521338-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-592935793-3253454749-611521338-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-592935793-3253454749-611521338-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..Keyword.Enabled: "true"
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "Ask.com Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.18.0.7
FF - prefs.js..extensions.enabledAddons: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.18.0.7
FF - prefs.js..extensions.enabledAddons: {ea614400-e918-4741-9a97-7a972ff7c30b}:2.5.15
FF - prefs.js..extensions.enabledAddons: crossriderapp3491@crossrider.com:0.91.104
FF - prefs.js..extensions.enabledItems: Cetrumcz@igeared:1.203.023.002
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.100010
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.9.0.3
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... ource=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\HP\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\HP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\Cetrumcz@igeared: C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared [2011.03.05 14:50:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.05 16:13:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.30 14:55:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.03.05 14:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Extensions
[2013.05.01 15:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions
[2013.02.13 09:42:42 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2013.02.13 09:42:43 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2013.03.29 12:46:57 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2013.05.01 15:43:25 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\crossriderapp3491@crossrider.com
[2012.02.02 16:29:22 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com
[2013.05.01 15:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\crossriderapp3491@crossrider.com\chrome\content\extensionCode
[2012.08.30 09:23:08 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.02.01 23:14:35 | 000,002,253 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\askcom.xml
[2012.11.07 18:12:22 | 000,002,306 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\askcomsearch.xml
[2012.01.18 20:41:14 | 000,000,923 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\conduit.xml
[2012.01.22 11:28:03 | 000,002,305 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\inbox-hledn.xml
[2012.01.31 08:20:08 | 000,002,013 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\myplaycity-search.xml
[2012.03.10 17:10:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.10 17:10:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.03.10 17:10:24 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2012.01.29 18:10:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.03.26 08:34:16 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Cetrumcz_igeared.xml
[2012.01.29 17:37:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.01.29 17:37:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.01.29 17:37:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.01.29 17:37:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.01.29 17:37:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: MyPlayCity Search (Enabled)
CHR - default_search_provider: search_url = http://home.myplaycity.com/results.php? ... earchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://home.myplaycity.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Power Challenge Loader (Enabled) = C:\Users\HP\AppData\LocalLow\POWERC~1\nppowerloader.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Vid-Saver = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.46_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.46_0\

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-21-592935793-3253454749-611521338-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKU\S-1-5-21-592935793-3253454749-611521338-1000..\Run: [Facebook Update] C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3CA48EB-57A8-4A50-A6F2-EEB1B3C46B25}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
System Restore Service not available.

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: winmgmt - C:\Windows\System32\wbem\WinMgmt.exe (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.05.05 16:15:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2013.05.05 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.05.05 16:14:35 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.05 16:14:35 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.05 16:14:34 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.05.05 16:14:33 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.05 16:14:33 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.05 16:14:26 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.05 16:14:24 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.05 16:13:28 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.05 16:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.05.05 16:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.05 16:09:35 | 000,354,299 | ---- | C] (Farbar) -- C:\Users\HP\Desktop\FSS.exe
[2013.05.05 13:23:05 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.05 12:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.05.05 12:16:51 | 000,000,000 | ---D | C] -- C:\rsit
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.05.05 16:21:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.05.05 16:14:36 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.05 16:14:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.05 16:14:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2013.05.05 16:08:30 | 111,696,056 | ---- | M] () -- C:\Users\HP\Desktop\avast_free_antivirus_setup.exe
[2013.05.05 16:00:11 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.05 15:59:24 | 000,354,299 | ---- | M] (Farbar) -- C:\Users\HP\Desktop\FSS.exe
[2013.05.05 15:31:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.05 15:21:24 | 000,890,825 | ---- | M] () -- C:\Users\HP\Desktop\SecurityCheck.exe
[2013.05.05 15:17:59 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.05 15:17:59 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.05 15:10:56 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.05 15:10:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.05 15:10:04 | 1603,870,720 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.05 11:53:05 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000UA.job
[2013.05.05 11:29:56 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000Core.job
[2013.04.30 16:41:14 | 000,631,292 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.04.30 16:41:14 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.30 16:41:14 | 000,121,914 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.04.30 16:41:14 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.29 08:35:45 | 000,367,249 | R--- | M] () -- C:\Users\HP\Desktop\Faktura březen-duben.PDF
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.05 16:21:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.05.05 16:14:36 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.05 16:14:33 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.05 16:14:32 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.05 16:10:24 | 111,696,056 | ---- | C] () -- C:\Users\HP\Desktop\avast_free_antivirus_setup.exe
[2013.05.05 15:23:52 | 000,890,825 | ---- | C] () -- C:\Users\HP\Desktop\SecurityCheck.exe
[2013.04.29 08:35:50 | 000,367,249 | R--- | C] () -- C:\Users\HP\Desktop\Faktura březen-duben.PDF
[2012.07.26 16:00:49 | 000,000,291 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2012.07.26 16:00:47 | 000,000,885 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2012.07.13 22:05:42 | 000,000,076 | ---- | C] () -- C:\Users\HP\.gtk-bookmarks
[2012.01.31 21:17:36 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Roaming\.NANotifyHere
[2011.11.10 14:59:42 | 000,000,872 | ---- | C] () -- C:\Users\HP\AppData\Local\SRDownloader.nast
[2011.06.19 15:32:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.05.01 21:20:15 | 000,015,360 | ---- | C] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 06:53:46 | 000,032,584 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.03.06 18:37:22 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.03.06 18:37:24 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.03.29 19:34:53 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.09.02 17:47:19 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000Core.job
[2012.09.02 17:47:20 | 000,000,916 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000UA.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[18 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\avast_ash\IrfanView\*.tmp files -> C:\Windows\Temp\avast_ash\IrfanView\*.tmp -> ]
[1 C:\Windows\Temp\avast_ash\Java Runtime Environment 7 (32 Bit)\*.tmp files -> C:\Windows\Temp\avast_ash\Java Runtime Environment 7 (32 Bit)\*.tmp -> ]
[1 C:\Windows\Temp\avast_ash\Mozilla Firefox\*.tmp files -> C:\Windows\Temp\avast_ash\Mozilla Firefox\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.12.11 17:51:24 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\.minecraft
[2011.03.05 15:22:49 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Adobe
[2011.05.01 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Ahead
[2012.11.15 19:22:30 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Apple Computer
[2011.09.08 16:21:29 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Ashampoo
[2011.06.28 21:34:08 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Canneverbe Limited
[2012.05.26 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Canon
[2011.03.05 15:20:21 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Foxit
[2012.09.13 11:06:19 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\gtk-2.0
[2011.03.05 12:08:06 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Identities
[2011.03.05 19:43:16 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\IrfanView
[2012.09.19 13:36:36 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Jpeg Resampler
[2011.03.05 15:22:49 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Macromedia
[2009.07.14 11:20:06 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Media Center Programs
[2013.03.24 20:34:12 | 000,000,000 | --SD | M] -- C:\Users\HP\AppData\Roaming\Microsoft
[2011.03.05 14:54:35 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Mozilla
[2011.12.18 11:23:39 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Nero
[2011.06.28 21:33:51 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\OpenCandy
[2012.06.17 12:08:33 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\PC Suite
[2012.01.28 17:52:33 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Real
[2012.01.23 18:46:43 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Reallusion
[2012.05.13 11:54:17 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Sachy
[2013.05.05 15:12:50 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Skype
[2011.12.28 12:42:15 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Unity
[2011.08.18 21:06:36 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\vlc
[2012.07.25 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Windows Live Writer
[2012.09.19 13:58:03 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2012.02.01 22:35:02 | 003,486,088 | ---- | M] (Ask) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2010.12.18 00:07:06 | 000,043,440 | ---- | M] () -- C:\Users\HP\AppData\Roaming\OpenCandy\OpenCandy_6B6EBC435BBC4823A877BCAC1A8B9889\SpeedstarterCZ.exe
[2010.12.17 19:48:22 | 001,720,472 | ---- | M] (Speedchecker Limited ) -- C:\Users\HP\AppData\Roaming\OpenCandy\OpenCandy_6B6EBC435BBC4823A877BCAC1A8B9889\ZrychleniPocitace.exe
[2011.06.28 21:33:58 | 001,842,096 | ---- | M] () -- C:\Users\HP\AppData\Roaming\OpenCandy\OpenCandy_6B6EBC435BBC4823A877BCAC1A8B9889\ZrychleniPocitace_p2v1.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2013.05.05 16:31:05 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.05.05 11:29:56 | 000,000,894 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000Core.job
[2013.05.05 11:53:05 | 000,000,916 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000UA.job
[2013.05.05 15:10:56 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.05 16:00:11 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.05.05 15:17:59 | 000,014,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.05 15:17:59 | 000,014,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.05 16:14:26 | 000,002,577 | ---- | M] () -- C:\Windows\system32\config.nt
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2012.02.29 09:20:32 | 017,151,624 | R--- | M] (Skype Technologies S.A.)
"Facebook Update" = "C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver -- [2012.09.02 17:47:15 | 000,138,096 | ---- | M] (Facebook Inc.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.01.29 18:10:19 | 000,924,632 | ---- | M] (Mozilla Corporation) MD5=2DE2B92C4EFEF841CEAA9752FC8FA91F -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) MD5=4E9592BB2C100E571F82640E59E9ECD5 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.05.05 16:21:42 | 000,000,512 | ---- | M] () MD5=9679C2BAB738F74D51C89614FF8F9C0D -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2007.07.14 22:55:28 | 000,062,238 | ---- | M] () -- \Program Files\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat
[691 \Users\HP\AppData\Local\Temp\*.tmp files -> \Users\HP\AppData\Local\Temp\*.tmp -> ]
[2011.09.08 19:51:15 | 000,000,000 | ---- | M] () -- \Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\CT2475029\feed\http___crackle_com_rss_media_sxsw_featured_rss_history.xml
[2011.09.08 19:51:15 | 000,000,000 | ---- | M] () -- \Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\CT2475029\feed\http___crackle_com_rss_media_sxsw_featured_rss_structured.xml

< *keygen* /s >
[2011.04.03 13:54:28 | 000,655,872 | ---- | M] () -- \Users\HP\Desktop\NERO\Nero Multimedia Suite 10 - Keygen.exe

< *loader* /s >
[2010.03.26 08:33:30 | 000,003,754 | ---- | M] () -- \Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared\chrome\content\libs\loader.js
[2007.06.13 23:50:00 | 000,003,226 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\etc\gtk-2.0\gdk-pixbuf.loaders
[2007.07.06 23:24:00 | 000,019,248 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ani.dll
[2007.07.06 23:24:02 | 000,020,648 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-bmp.dll
[2007.07.06 23:24:04 | 000,030,520 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-gif.dll
[2007.07.06 23:24:04 | 000,019,440 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ico.dll
[2007.07.06 23:24:06 | 000,021,672 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll
[2007.07.06 23:24:08 | 000,016,216 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pcx.dll
[2007.07.06 23:24:10 | 000,023,528 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll
[2007.07.06 23:24:12 | 000,017,832 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pnm.dll
[2007.07.06 23:24:14 | 000,013,608 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ras.dll
[2007.07.06 23:24:16 | 000,018,704 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tga.dll
[2007.07.06 23:24:18 | 000,019,864 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tiff.dll
[2007.07.06 23:24:20 | 000,012,568 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-wbmp.dll
[2007.07.06 23:24:22 | 000,016,352 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xbm.dll
[2007.07.06 23:24:24 | 000,031,256 | ---- | M] () -- \Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xpm.dll
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2010.12.14 10:54:22 | 000,166,400 | ---- | M] () -- \Program Files\Fotolab\Fotolab Fotosvet 4\CWImageLoader0.dll
[2010.03.15 13:33:54 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.02.29 09:15:20 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.02.29 09:15:20 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2010.03.15 13:33:54 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.02.29 09:15:20 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.02.29 09:15:20 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2011.11.10 14:59:42 | 000,000,872 | ---- | M] () -- \Users\HP\AppData\Local\SRDownloader.nast
[2011.04.05 19:53:22 | 000,018,453 | ---- | M] () -- \Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AKKIHNH\FeatureLoader.js[1].php
[2011.03.14 19:43:11 | 000,016,376 | ---- | M] () -- \Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AKKIHNH\plarium-loader[1].gif
[2011.03.27 14:10:30 | 000,002,883 | ---- | M] () -- \Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TVTHLG73\QuickLoader[1].js
[2011.03.14 19:43:03 | 000,008,668 | ---- | M] () -- \Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWM7LCOP\FlashLoader[1].js
[2010.01.21 15:05:00 | 000,000,232 | ---- | M] () -- \Users\HP\AppData\Local\Temp\NERO02000168\express\CommonAppData\Nero\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2011.03.15 17:51:46 | 000,267,408 | ---- | M] () -- \Users\HP\AppData\LocalLow\PowerChallenge\axpowerloader.dll
[2011.03.15 17:51:48 | 000,656,528 | ---- | M] () -- \Users\HP\AppData\LocalLow\PowerChallenge\loader.dll
[2012.08.23 14:01:05 | 000,651,264 | ---- | M] () -- \Users\HP\AppData\LocalLow\PowerChallenge\loader9.dll
[2012.08.23 14:01:05 | 000,001,024 | ---- | M] () -- \Users\HP\AppData\LocalLow\PowerChallenge\loader9.dll.signature
[2012.08.23 14:01:05 | 000,000,029 | ---- | M] () -- \Users\HP\AppData\LocalLow\PowerChallenge\loader9.dll.timestamp
[2011.03.15 17:51:46 | 000,218,256 | ---- | M] () -- \Users\HP\AppData\LocalLow\PowerChallenge\nppowerloader.dll
[2012.07.07 20:27:01 | 000,000,060 | ---- | M] () -- \Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VNPE94HC\miniclip.com\game-files\milk-shake\en\milk_shake.dcr\MiniclipLoaderAd.sol
[2011.08.02 12:55:10 | 000,000,060 | ---- | M] () -- \Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VNPE94HC\miniclip.com\games\air-barons\en\air_barons.dcr\MiniclipLoaderAd.sol
[2011.12.10 17:29:26 | 000,000,060 | ---- | M] () -- \Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VNPE94HC\miniclip.com\games\china-2008\en\china_2008.dcr\MiniclipLoaderAd.sol
[2011.11.16 19:06:47 | 000,000,060 | ---- | M] () -- \Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VNPE94HC\miniclip.com\games\moon-rush\en\moonrush.dcr\MiniclipLoaderAd.sol
[2012.05.26 12:34:57 | 000,000,060 | ---- | M] () -- \Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VNPE94HC\miniclip.com\games\motocross-urban-fever\en\motocross_urban_fever.dcr\MiniclipLoaderAd.sol
[2012.07.08 20:35:32 | 000,000,121 | ---- | M] () -- \Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VNPE94HC\service.cdn.videoplaza.com\com.videoplaza.bootloader.sol
[2012.01.18 20:41:14 | 000,010,144 | ---- | M] () -- \Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\conduitCommon\modules\3.9.0.3\ExternalLibraryLoader.jsm
[2013.02.12 20:40:38 | 000,010,145 | ---- | M] () -- \Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules\ExternalLibraryLoader.jsm
[2013.02.12 23:07:00 | 000,010,145 | ---- | M] () -- \Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\modules\ExternalLibraryLoader.jsm
[2009.07.14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[1 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2012.04.26 14:26:34 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2012.05.03 12:45:42 | 000,009,622 | ---- | M] () -- \Windows\System32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 10:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 10:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 10:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2009.07.14 04:17:55 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 04:17:55 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winload.exe_75835076
[2009.07.14 04:17:55 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 10:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Razor339 · #13 Příspěvek od **Razor339** » 05 kvě 2013 16:09

LOG Extras:

OTL Extras logfile created on: 5.5.2013 16:17:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,82% Memory free
3,98 Gb Paging File | 3,08 Gb Available in Paging File | 77,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,43 Gb Total Space | 4,83 Gb Free Space | 7,17% Space Free | Partition Type: NTFS
Drive D: | 5,55 Gb Total Space | 0,76 Gb Free Space | 13,70% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,92% Space Free | Partition Type: NTFS
Drive G: | 14,91 Gb Total Space | 2,31 Gb Free Space | 15,47% Space Free | Partition Type: FAT32

Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-592935793-3253454749-611521338-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE prezentace fotografií] -- "C:\Program Files\Fotolab\Fotolab Fotosvet 4\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet 4] -- "C:\Program Files\Fotolab\Fotolab Fotosvet 4\Fotolab Fotosvet 4.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085DD584-273C-4875-80A2-94E6FDDC4C3F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0892F8F8-EC5B-4B8A-8EDE-74FEE956B6DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C98A262-CBA3-447C-B6EE-22694161F3AB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16F28D79-07A5-4ED2-A258-2ACD307344BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E5D9FDE-46B3-41BC-B14D-B99A5F785C6E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2FFFA270-5CC5-40B3-A5AE-A4C72C8C04CB}" = rport=139 | protocol=6 | dir=out | app=system |
"{3BA97ABE-9615-44E8-815B-38EEDDC2203A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C085749-020A-4C05-B1BA-04FC9256759D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3EF53AEF-A4C8-4CD5-9891-32C550975FB1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{48D13272-C266-4718-A288-F2AE2231B6A3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5532F665-CEBA-46FE-9DB4-6F18AB3AECB1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{56E86189-C422-471C-9B9D-2B137729676E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5AB6DE49-0459-4F2C-BE30-3C6CB8F6EE91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{625BCB4F-60F1-48B6-8026-A8B619EFCCF7}" = rport=445 | protocol=6 | dir=out | app=system |
"{76C124A4-FEE7-4029-A086-52CE4237D74F}" = rport=137 | protocol=17 | dir=out | app=system |
"{792F73F1-9D96-4776-8574-A1BD8DE1B8D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{798F518F-1732-4A99-A240-3B613B8E772C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A8E1DF1-9A9D-41E5-8E92-67F15852E8FE}" = rport=138 | protocol=17 | dir=out | app=system |
"{8E5465A0-A515-4312-9464-A271F5AE6EED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92F59B4B-26D1-4410-AC52-75E170A663EA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{98E3F1E8-3916-43DD-A84F-487786C5053C}" = lport=445 | protocol=6 | dir=in | app=system |
"{BE17D56A-E54A-4174-BD39-7FB7F374E417}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C51558CC-01C0-4894-BE6E-7AD15096583B}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5ECAF65-6198-41FC-8600-DE67B9EFE4F7}" = lport=139 | protocol=6 | dir=in | app=system |
"{C997A6C4-C555-4CF8-BBA9-5203ED2C654A}" = lport=138 | protocol=17 | dir=in | app=system |
"{CAE80303-6DB9-4281-85F8-E123BFAA3BEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC9B195B-5571-4E94-A8F3-822481DDDB2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0CD0C46-1A69-4A91-B117-2BFDBF46AEBF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E79BE211-BA2D-44AA-9E01-EE71F80AB3D3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EBAF5CE3-D274-4741-8CC1-D4363E312176}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9E77442-2546-44BE-96DB-E037C6C42F73}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FDB8750F-76D3-444D-8796-FFEE7C0C3D66}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEC73CFF-8606-4A73-BC44-6144C0A200E9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AC7AF76-BCDE-411C-BBC0-C3170BE8883A}" = dir=in | app=c:\users\hp\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{19F414CB-02B2-4467-9904-9954F618544F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{217672CA-F410-4207-B0BE-0F73B8E185E8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27E14548-6E83-412F-9D21-A04F633C29E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49720853-1C78-47EC-B101-F2352F9FA695}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{4A004E0C-2808-4E64-B241-6A1CF1822A16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56DE9D44-860E-474C-8B49-2C003F3B5D52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5DB4F1BB-B201-4AD4-A0BD-8D96A4D43A00}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{712BB240-41EF-42B7-85B1-A8CBBB029990}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73B2505D-8C91-4CDC-A0F9-95ABE0DE06AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7A063DEB-EE88-4A42-AE89-5C206037C971}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A8BD929-5988-4510-90F8-561459111CA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E98AFF1-62EE-4F95-9DA6-B4F7F6C1484B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86C9A938-75DB-433B-A223-47EA1A1A74E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EF87920-3554-4457-BA76-1D8B8BBB2FAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1B24CCF-9E4D-4B4C-BD9C-A85ABD53BA94}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB6B6E2C-43C9-482D-9749-A7FBDE2420AF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AE0ECBFD-A230-432E-8CC8-BC92C3EE04DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0AFD515-9F50-40C1-A2CB-AC9DBCA288CA}" = protocol=6 | dir=out | app=system |
"{C398567A-7CF4-4F38-964F-4ACBCB53891D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C831D79C-0B88-45E0-B28C-BBF0D828E09B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EAA1BD2D-DDE2-45AA-ADB2-7E6783783161}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F1F9770E-262D-40CB-8D8B-F25F25AA4B3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F83269CA-325F-4B4F-BA1C-0C57A58B3436}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{38D9F27C-1270-42CF-B93C-E84B51CAB7E8}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{81A8B789-51DF-4424-8F9C-293F3343DCE8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{842F5BB8-0E06-4400-BD85-B98A9EACDEB1}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{8DA449F9-11C3-47D9-B21B-710E6ABC485E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D97D37A2-9E71-48F5-80B7-2D1F7D341087}C:\hry\ut g.o.t.y\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\hry\ut g.o.t.y\system\unrealtournament.exe |
"TCP Query User{E796C5EF-48CC-406B-9351-D049CD460436}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{0BF6763E-605B-473A-AEAF-92FC02203C93}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{31BF87B7-F3D2-4592-AECD-7CD0187552D8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{59329E4D-C4D3-4398-8A60-12F67D2B5C28}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{6B79FEB4-8E00-49EF-A196-0728E0B71335}C:\hry\ut g.o.t.y\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\hry\ut g.o.t.y\system\unrealtournament.exe |
"UDP Query User{84001926-A49F-4BE7-91CC-2E9D3D13CB3C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{A069A5B1-D8BA-43B0-9730-D36F0828FFB1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0891B708-EF3F-4D7E-9724-265245F46276}" = Windows Live Remote Service Resources
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18026153-83A4-40E0-96B6-41E441607518}" = Eraser 6.0.9.2343
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28A25E3A-2855-4A39-B72B-50BF80FB86C5}" = Windows Live Family Safety
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{454F5782-A4C3-480E-A629-D435795DEFD8}" = Windows Live Remote Client Resources
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F62B1AE-E778-49E2-9C57-C1C65A122098}" = Zoner Callisto 5
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{74F923F2-2B11-4E2E-B638-A1772A9F7B7B}" = Eye 312
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"DVD43_is1" = DVD43 v4.6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fotolab Fotosvet 4" = Fotolab Fotosvet 4
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"Lišta Centrum.cz Toolbar_is1" = Lišta Centrum.cz Toolbar 1.203.023.002
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0 (x86 cs)" = Mozilla Firefox 10.0 (x86 cs)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"TmNationsForever_is1" = TmNationsForever
"Vid-Saver" = Vid-Saver
"WinGimp-2.0_is1" = The GIMP 2.2.17
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-592935793-3253454749-611521338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1.5.2013 19:02:58 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =

Error - 1.5.2013 19:03:00 | Computer Name = HP-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1.5.2013 19:03:00 | Computer Name = HP-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21620070

Error - 1.5.2013 19:03:00 | Computer Name = HP-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21620070

Error - 5.5.2013 5:26:08 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =

Error - 5.5.2013 5:30:37 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =

Error - 5.5.2013 5:32:36 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =

Error - 5.5.2013 5:34:31 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =

Error - 5.5.2013 5:38:52 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =

Error - 5.5.2013 5:48:13 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =

Error - 5.5.2013 5:52:05 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 13.3.2012 16:30:09 | Computer Name = HP-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 270
seconds with 240 seconds of active time. This session ended with a crash.

Error - 28.4.2013 10:02:55 | Computer Name = HP-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7205
seconds with 6960 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2.9.2012 10:32:51 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).

Error - 2.9.2012 15:46:53 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby lmhosts bylo dosaženo časového
limitu (30000 ms).

Error - 3.9.2012 3:19:47 | Computer Name = HP-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (21:55:02, ?2.?9.?2012) bylo neočekávané.

Error - 3.9.2012 13:33:20 | Computer Name = HP-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 6.9.2012 13:53:55 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Nero Update bylo dosaženo časového
limitu (30000 ms).

Error - 8.9.2012 8:14:39 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).

Error - 8.9.2012 13:15:39 | Computer Name = HP-PC | Source = DCOM | ID = 10010
Description =

Error - 8.9.2012 13:43:01 | Computer Name = HP-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (19:26:09, ?8.?9.?2012) bylo neočekávané.

Error - 13.9.2012 20:42:53 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby lmhosts bylo dosaženo časového
limitu (30000 ms).

Error - 16.9.2012 12:23:23 | Computer Name = HP-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

< End of report >

#14 Příspěvek od **vyosek** » 05 kvě 2013 18:35

Kamaradce doporucte zakoupeni legalizacniho balicku, jinak se muze stat, ze ji opravdu navstivi PČR či ČOI ohledne toho nelegalniho systemu co tam ma. Tentokrat to dokoncime ale priste bude pomoc odmitnuta

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PAC7302.SYS -- (PAC7302)
IE - HKLM\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-592935793-3253454749-611521338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
IE - HKU\S-1-5-21-592935793-3253454749-611521338-1000\..\SearchScopes,DefaultScope = {6BB6936F-FAFE-4D57-93C5-C458E5D24451}
IE - HKU\S-1-5-21-592935793-3253454749-611521338-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "Ask.com Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com Search"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.100010
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.9.0.3
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q="
[2013.02.13 09:42:42 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2013.02.13 09:42:43 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2012.02.02 16:29:22 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com
[2012.02.01 23:14:35 | 000,002,253 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\askcom.xml
[2012.11.07 18:12:22 | 000,002,306 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\askcomsearch.xml
[2012.01.18 20:41:14 | 000,000,923 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\conduit.xml
[2012.01.22 11:28:03 | 000,002,305 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\inbox-hledn.xml
[2012.01.31 08:20:08 | 000,002,013 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\myplaycity-search.xml
CHR - default_search_provider: MyPlayCity Search (Enabled)
CHR - default_search_provider: search_url = http://home.myplaycity.com/results.php?category=web&s={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://home.myplaycity.com/
O13 - gopher Prefix: missing
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013.05.05 16:09:35 | 000,354,299 | ---- | C] (Farbar) -- C:\Users\HP\Desktop\FSS.exe
[2013.05.05 13:23:05 | 000,000,000 | ---D | C] -- C:\FRST
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[18 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\avast_ash\IrfanView\*.tmp files -> C:\Windows\Temp\avast_ash\IrfanView\*.tmp -> ]
[1 C:\Windows\Temp\avast_ash\Java Runtime Environment 7 (32 Bit)\*.tmp files -> C:\Windows\Temp\avast_ash\Java Runtime Environment 7 (32 Bit)\*.tmp -> ]
[1 C:\Windows\Temp\avast_ash\Mozilla Firefox\*.tmp files -> C:\Windows\Temp\avast_ash\Mozilla Firefox\*.tmp -> ]
[2012.02.01 22:35:02 | 003,486,088 | ---- | M] (Ask) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2010.12.18 00:07:06 | 000,043,440 | ---- | M] () -- C:\Users\HP\AppData\Roaming\OpenCandy\OpenCandy_6B6EBC435BBC4823A877BCAC1A8B9889\SpeedstarterCZ.exe
[2010.12.17 19:48:22 | 001,720,472 | ---- | M] (Speedchecker Limited ) -- C:\Users\HP\AppData\Roaming\OpenCandy\OpenCandy_6B6EBC435BBC4823A877BCAC1A8B9889\ZrychleniPocitace.exe
[2011.06.28 21:33:58 | 001,842,096 | ---- | M] () -- C:\Users\HP\AppData\Roaming\OpenCandy\OpenCandy_6B6EBC435BBC4823A877BCAC1A8B9889\ZrychleniPocitace_p2v1.exe
[2013.05.05 16:31:05 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.05.05 11:29:56 | 000,000,894 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000Core.job
[2013.05.05 11:53:05 | 000,000,916 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000UA.job
[2013.05.05 15:10:56 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.05 16:00:11 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:services
NMIndexingService
NAUpdate

:reg
"WinampAgent"=-
"PCPowerSpeed"=-
"Freecorder FLV Service"=-
"NBAgent"=-
"SunJavaUpdateSched"=-
"PrivitizeVPN"=-
"QuickTime Task"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"Skype"=-
"Facebook Update"=-
"ctfmon.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
  00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
  72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\
  4d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
  00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
  00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
  00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
  7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
  00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt]
"DisplayName"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-205"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-204"
"ObjectName"="localSystem"
"ErrorControl"=dword:00000000
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"ServiceSidType"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ServiceMain"="ServiceMain"

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Razor339 · #15 Příspěvek od **Razor339** » 05 kvě 2013 19:16

Děkuji, vím že musí být originální Windows aby byla poskytnuta pomoc a je to dobré nejen kvůli pomoci, ale všeobecně.

LOG:

All processes killed
========== OTL ==========
Service PAC7302 stopped successfully!
Service PAC7302 deleted successfully!
File system32\DRIVERS\PAC7302.SYS not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-592935793-3253454749-611521338-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKEY_USERS\S-1-5-21-592935793-3253454749-611521338-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-592935793-3253454749-611521338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: "Ask.com Search" removed from browser.search.defaultengine
Prefs.js: "Ask.com Search" removed from browser.search.defaultenginename
Prefs.js: "Freecorder Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.as ... earchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com Search" removed from browser.search.order.1
Prefs.js: toolbar@ask.com:3.6.6.100010 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.9.0.3 removed from extensions.enabledItems
Prefs.js: "http://search.conduit.com/ResultsExt.as ... ource=2&q=" removed from keyword.URL
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\Plugins folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\searchplugin folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\Plugins folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\modules folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\META-INF folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\defaults folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\chrome folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-31-Jan-2012-19-37-08-GMT folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-31-Jan-2012-18-50-57-GMT folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\askcom.xml moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\askcomsearch.xml moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\conduit.xml moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\inbox-hledn.xml moved successfully.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\searchplugins\myplaycity-search.xml moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File C:\Users\HP\Desktop\FSS.exe not found.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\System32\ConduitEngine.tmp deleted successfully.
C:\Windows\Temp\DMI4C0C.tmp deleted successfully.
C:\Windows\Temp\GUR5A8D.tmp deleted successfully.
C:\Windows\Temp\GUR5CFD.tmp deleted successfully.
C:\Windows\Temp\is5FFA.tmp deleted successfully.
C:\Windows\Temp\is7394.tmp deleted successfully.
C:\Windows\Temp\is94EC.tmp deleted successfully.
C:\Windows\Temp\is954D.tmp deleted successfully.
C:\Windows\Temp\isB6AD.tmp deleted successfully.
C:\Windows\Temp\isE483.tmp deleted successfully.
C:\Windows\Temp\TS_1684.tmp deleted successfully.
C:\Windows\Temp\TS_1B07.tmp deleted successfully.
C:\Windows\Temp\TS_D93F.tmp deleted successfully.
C:\Windows\Temp\TS_E042.tmp deleted successfully.
C:\Windows\Temp\TS_E38D.tmp deleted successfully.
C:\Windows\Temp\TS_E987.tmp deleted successfully.
C:\Windows\Temp\TS_EDFB.tmp deleted successfully.
C:\Windows\Temp\TS_FA2C.tmp deleted successfully.
C:\Windows\Temp\TS_FEEE.tmp deleted successfully.
C:\Windows\Temp\avast_ash\IrfanView\BIT2DA6.tmp deleted successfully.
C:\Windows\Temp\avast_ash\Java Runtime Environment 7 (32 Bit)\BIT349A.tmp deleted successfully.
C:\Windows\Temp\avast_ash\Mozilla Firefox\BIT2858.tmp deleted successfully.
File C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\67fj62la.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe not found.
C:\Users\HP\AppData\Roaming\OpenCandy\OpenCandy_6B6EBC435BBC4823A877BCAC1A8B9889\SpeedstarterCZ.exe moved successfully.
C:\Users\HP\AppData\Roaming\OpenCandy\OpenCandy_6B6EBC435BBC4823A877BCAC1A8B9889\ZrychleniPocitace.exe moved successfully.
C:\Users\HP\AppData\Roaming\OpenCandy\OpenCandy_6B6EBC435BBC4823A877BCAC1A8B9889\ZrychleniPocitace_p2v1.exe moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000Core.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592935793-3253454749-611521338-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
ADS C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
Service NAUpdate stopped successfully!
Service NAUpdate deleted successfully!
========== REGISTRY ==========
Registry key Invalid\\"WinampAgent"\ not found.
Registry key Invalid\\"PCPowerSpeed"\ not found.
Registry key Invalid\\"Freecorder FLV Service"\ not found.
Registry key Invalid\\"NBAgent"\ not found.
Registry key Invalid\\"SunJavaUpdateSched"\ not found.
Registry key Invalid\\"PrivitizeVPN"\ not found.
Registry key Invalid\\"QuickTime Task"\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"DisplayName"|"@%SystemRoot%\\System32\\wscsvc.dll,-200" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,65,00,64,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"Description"|"@%SystemRoot%\\System32\\wscsvc.dll,-201" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"DependOnService"|hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ObjectName"|"NT AUTHORITY\\LocalService" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ServiceSidType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"RequiredPrivileges"|hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"DelayedAutoStart"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security\\"Security"|hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"DisplayName"|"@%Systemroot%\\system32\\wbem\\wmisvc.dll,-205" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"ImagePath"|hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"Description"|"@%Systemroot%\\system32\\wbem\\wmisvc.dll,-204" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"ObjectName"|"localSystem" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"ErrorControl"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"DependOnService"|hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"ServiceSidType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters\\"ServiceMain"|"ServiceMain" /E : value set successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP
->Temp folder emptied: 18542131424 bytes
->Temporary Internet Files folder emptied: 62688889 bytes
->Java cache emptied: 604753 bytes
->FireFox cache emptied: 8800032 bytes
->Google Chrome cache emptied: 227272614 bytes
->Flash cache emptied: 213118 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 289635960 bytes
RecycleBin emptied: 118890433 bytes

Total Files Cleaned = 18 358,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: HP
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: HP
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05052013_200542

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

VIRY.CZ

Vir - Policie ČR (Win7)

Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)

Re: Vir - Policie ČR (Win7)