Problém - přiložený log - prosím o radu

Zpráva

ŠárkaN · #1 Příspěvek od **ŠárkaN** » 03 čer 2013 13:20

Dobrý den, tak abych nastínila svůj problém, včera jsem otevřela omylem zprávu na FB - tedy odkaz, byl to sprostý obrázek a rovnou se mi asi zakousl do kompu a nechce se mu ven, něco se mi tam nejspíš nainstalovalo a pak se začaly stejné zprávy nekontrolovatelně odesílat dalším přátelům na FB. Zkoušela jsem to najít v aplikacích na FB, ale nic podezřelého tam není, pak jsem zkusila obnovit systém do bodu před tím, než jsem otevřela ten odkaz, ale tam se mi ten komp vubec nechce vrátit a vrací se pořád do doby, kdy už ten vir tady byl. Pak jsem zkusila stáhnout něco proti malwarům a při kontrole kompu se mi to seklo a pak už se počítač nechtěl ani spustit. Aspoň na to fungovalo to obnovení systému, že mi komp jde, ale virus je nejspíš furt na místě. Tak snad mi dokážete poradit, děkuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Šárka at 2013-06-03 13:49:09
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 1 GB (1%) free of 146 GB
Total RAM: 3037 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:49:22, on 3.6.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\RKA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Šárka\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Uniblue\DriverScanner\dsnotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Šárka\Downloads\RSIT.exe
C:\Program Files\trend micro\Šárka.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll
O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [SPMTray] C:\Program Files\PC Speed Maximizer\SPMTray.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Šárka\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Npcycl] C:\Users\Šárka\AppData\Roaming\Npcycl.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1267074299-434067822-3471845624-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1267074299-434067822-3471845624-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Facebook Messenger.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Šárka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 11994 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\dsmonitor.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1267074299-434067822-3471845624-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1267074299-434067822-3471845624-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Šárka.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-07 194912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-04 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files\Free Download Manager\iefdm2.dll [2012-04-25 230400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-04 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}]
Norton Safe Web Lite BHO - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll [2010-12-17 433592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - Norton Safe Web Lite - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll [2010-12-17 433592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-06 7600672]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-07-06 1833504]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2011-07-20 1136648]
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2011-07-20 3686400]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"IR_SERVER"=C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe []
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 947152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-04-18 421888]
"DivXMediaServer"=C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [2013-01-30 450560]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-02-13 1263952]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BlazeServoTool"=C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [2010-03-06 286720]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2012-04-25 6147584]
"SPMTray"=C:\Program Files\PC Speed Maximizer\SPMTray.exe [2011-06-10 203920]
"Facebook Update"=C:\Users\Šárka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-18 138096]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-04-19 18678376]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2012-01-20 719672]
"Npcycl"=C:\Users\Šárka\AppData\Roaming\Npcycl.exe [2013-06-03 142848]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Šárka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\Šárka\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2011-07-20 3077120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Acer\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-06-03 13:49:10 ----D---- C:\Program Files\trend micro
2013-06-03 13:49:09 ----D---- C:\rsit
2013-06-03 13:24:20 ----A---- C:\Users\Šárka\AppData\Roaming\Npcycl.exe
2013-06-03 10:02:02 ----D---- C:\Users\Šárka\AppData\Roaming\Malwarebytes
2013-06-03 10:01:22 ----D---- C:\ProgramData\Malwarebytes
2013-06-03 10:01:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-06-03 08:59:53 ----A---- C:\Users\Šárka\AppData\Roaming\8ABC.exe
2013-06-03 03:05:09 ----A---- C:\Users\Šárka\AppData\Roaming\83A.exe
2013-06-03 03:00:24 ----SHD---- C:\found.000
2013-06-03 02:09:56 ----A---- C:\Users\Šárka\AppData\Roaming\CD3D.exe
2013-06-03 00:52:41 ----A---- C:\Users\Šárka\AppData\Roaming\x.exe
2013-05-31 16:06:35 ----D---- C:\Users\Šárka\AppData\Roaming\U3
2013-05-16 12:37:54 ----A---- C:\Windows\system32\jscript9.dll
2013-05-16 12:37:54 ----A---- C:\Windows\system32\jscript.dll
2013-05-16 12:37:53 ----A---- C:\Windows\system32\jsproxy.dll
2013-05-16 12:37:53 ----A---- C:\Windows\system32\iesetup.dll
2013-05-16 12:37:52 ----A---- C:\Windows\system32\ieui.dll
2013-05-16 12:37:51 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-05-16 12:37:51 ----A---- C:\Windows\system32\msfeeds.dll
2013-05-16 12:37:51 ----A---- C:\Windows\system32\iesysprep.dll
2013-05-16 12:37:51 ----A---- C:\Windows\system32\iernonce.dll
2013-05-16 12:37:51 ----A---- C:\Windows\system32\ie4uinit.exe
2013-05-16 12:37:50 ----A---- C:\Windows\system32\urlmon.dll
2013-05-16 12:37:50 ----A---- C:\Windows\system32\iertutil.dll
2013-05-16 12:37:47 ----A---- C:\Windows\system32\wininet.dll
2013-05-16 12:37:47 ----A---- C:\Windows\system32\ieframe.dll
2013-05-16 12:37:43 ----A---- C:\Windows\system32\mshtml.dll
2013-05-15 07:57:36 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-15 07:57:36 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-15 07:57:31 ----A---- C:\Windows\system32\shell32.dll
2013-05-15 07:57:30 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-15 07:57:30 ----A---- C:\Windows\system32\consent.exe
2013-05-15 07:57:30 ----A---- C:\Windows\system32\authui.dll
2013-05-15 07:57:30 ----A---- C:\Windows\system32\appinfo.dll
2013-05-15 07:57:24 ----A---- C:\Windows\system32\win32k.sys
2013-05-15 07:57:23 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-15 07:57:23 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-08 21:33:50 ----D---- C:\Users\Šárka\AppData\Roaming\LibreOffice
2013-05-08 03:48:50 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-05-08 03:48:50 ----A---- C:\Windows\system32\elshyph.dll
2013-05-08 03:48:49 ----A---- C:\Windows\system32\wextract.exe
2013-05-08 03:48:49 ----A---- C:\Windows\system32\msrating.dll
2013-05-08 03:48:49 ----A---- C:\Windows\system32\msls31.dll
2013-05-08 03:48:49 ----A---- C:\Windows\system32\mshtmled.dll
2013-05-08 03:48:49 ----A---- C:\Windows\system32\inseng.dll
2013-05-08 03:48:49 ----A---- C:\Windows\system32\iexpress.exe
2013-05-08 03:48:48 ----A---- C:\Windows\system32\vbscript.dll
2013-05-08 03:48:48 ----A---- C:\Windows\system32\pngfilt.dll
2013-05-08 03:48:48 ----A---- C:\Windows\system32\occache.dll
2013-05-08 03:48:48 ----A---- C:\Windows\system32\mshta.exe
2013-05-08 03:48:48 ----A---- C:\Windows\system32\msfeedssync.exe
2013-05-08 03:48:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-05-08 03:48:48 ----A---- C:\Windows\system32\imgutil.dll
2013-05-08 03:48:48 ----A---- C:\Windows\system32\ieUnatt.exe
2013-05-08 03:48:48 ----A---- C:\Windows\system32\iepeers.dll
2013-05-08 03:48:48 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-05-08 03:48:47 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-05-08 03:48:47 ----A---- C:\Windows\system32\mshtmler.dll
2013-05-08 03:48:47 ----A---- C:\Windows\system32\ieapfltr.dll
2013-05-08 03:48:47 ----A---- C:\Windows\system32\ieapfltr.dat
2013-05-08 03:48:47 ----A---- C:\Windows\system32\dxtrans.dll
2013-05-08 03:48:47 ----A---- C:\Windows\system32\dxtmsft.dll
2013-05-08 03:48:46 ----A---- C:\Windows\system32\webcheck.dll
2013-05-08 03:48:46 ----A---- C:\Windows\system32\url.dll
2013-05-08 03:48:46 ----A---- C:\Windows\system32\mshtmlmedia.dll
2013-05-08 03:48:46 ----A---- C:\Windows\system32\iedkcs32.dll
2013-05-08 03:48:46 ----A---- C:\Windows\system32\icardie.dll
2013-05-08 03:48:45 ----A---- C:\Windows\system32\licmgr10.dll

======List of files/folders modified in the last 1 month======

2013-06-03 13:49:22 ----D---- C:\Windows\Prefetch
2013-06-03 13:49:10 ----RD---- C:\Program Files
2013-06-03 13:49:00 ----D---- C:\Windows\Temp
2013-06-03 13:46:42 ----D---- C:\Users\Šárka\AppData\Roaming\Free Download Manager
2013-06-03 13:27:38 ----D---- C:\Users\Šárka\AppData\Roaming\Skype
2013-06-03 13:14:11 ----D---- C:\Windows\system32\config
2013-06-03 12:01:41 ----D---- C:\Windows\Tasks
2013-06-03 12:01:41 ----D---- C:\Windows\system32\wfp
2013-06-03 12:01:41 ----D---- C:\Windows\system32\DriverStore
2013-06-03 12:01:41 ----D---- C:\Windows
2013-06-03 12:01:40 ----D---- C:\Windows\System32
2013-06-03 12:01:39 ----D---- C:\Windows\system32\catroot2
2013-06-03 12:01:38 ----D---- C:\Windows\registration
2013-06-03 12:01:33 ----HD---- C:\ProgramData
2013-06-03 11:14:13 ----SHD---- C:\System Volume Information
2013-06-03 11:05:42 ----SHD---- C:\Windows\Installer
2013-06-03 11:05:39 ----D---- C:\ProgramData\Skype
2013-06-03 11:05:33 ----RD---- C:\Program Files\Skype
2013-06-03 11:03:06 ----D---- C:\ProgramData\NVIDIA
2013-06-03 04:24:42 ----D---- C:\Windows\system32\LogFiles
2013-06-03 02:53:43 ----D---- C:\Windows\system32\wbem
2013-06-03 02:37:53 ----D---- C:\Windows\inf
2013-06-02 18:53:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-31 10:19:02 ----D---- C:\Windows\Minidump
2013-05-29 02:06:30 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-05-19 22:52:48 ----D---- C:\Windows\rescache
2013-05-16 22:25:26 ----D---- C:\Windows\Microsoft.NET
2013-05-16 22:24:33 ----RSD---- C:\Windows\assembly
2013-05-16 19:16:57 ----D---- C:\Windows\winsxs
2013-05-16 19:14:03 ----D---- C:\Program Files\Internet Explorer
2013-05-16 19:14:02 ----D---- C:\Windows\system32\drivers
2013-05-16 19:14:02 ----D---- C:\Windows\AppPatch
2013-05-16 19:14:01 ----D---- C:\Windows\system32\cs-CZ
2013-05-16 12:38:10 ----D---- C:\Windows\system32\catroot
2013-05-16 12:34:39 ----D---- C:\ProgramData\Microsoft Help
2013-05-16 12:31:38 ----A---- C:\Windows\system32\MRT.exe
2013-05-15 19:31:49 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-05-12 20:23:43 ----D---- C:\Windows\system32\NDF
2013-05-08 04:09:20 ----D---- C:\Windows\system32\migration
2013-05-08 04:09:20 ----D---- C:\Windows\PolicyDefinitions
2013-05-08 04:09:19 ----D---- C:\Windows\system32\en-US
2013-05-08 03:51:58 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF File System mini-filter; C:\Windows\system32\Drivers\AlfaFF.sys [2011-07-20 43184]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 195296]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 Int15;Int 15; \??\C:\Windows\System32\drivers\int15.sys [2007-01-26 69632]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2011-07-20 21000]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-06 2657120]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2011-07-20 119256]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S1 DritekPortIO;Dritek General Port I/O; \??\C:\Program Files\Launch Manager\DPortIO.sys []
S1 MpKsl02cf93a3;MpKsl02cf93a3; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{709FE32B-C879-46E1-8D9A-F9335606CF10}\MpKsl02cf93a3.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2010-07-01 188392]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2010-07-01 32872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;Ovladač WinUsb; C:\Windows\system32\drivers\WinUSB.SYS [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2011-07-20 3481088]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 20456]
R2 NSL;Norton Safe Web Lite; C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe [2010-11-24 130000]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 639776]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-28 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-15 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-28 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-20 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 03 čer 2013 13:25

Zdravim, pekne odpoledne preji a vitam Vas u nas na foru

Jeste si tam nejake ty konicky trojske chovate

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ŠárkaN · #3 Příspěvek od **ŠárkaN** » 03 čer 2013 14:58

Rkill 2.5.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/03/2013 03:55:21 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\RKA~1\AppData\Local\Temp\RtkBtMnt.exe (PID: 3792) [SUP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 06/03/2013 03:56:54 PM
Execution time: 0 hours(s), 1 minute(s), and 32 seconds(s)

#4 Příspěvek od **vyosek** » 03 čer 2013 16:58

Pokracujte ComboFixem

ŠárkaN · #5 Příspěvek od **ŠárkaN** » 03 čer 2013 17:22

ComboFix 13-06-03.05 - Šárka 03.06.2013 18:04:17.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3037.1490 [GMT 2:00]
Spuštěný z: c:\users\Őßrka\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\users\Šárka\AppData\Roaming\83A.exe
c:\users\Šárka\AppData\Roaming\8ABC.exe
c:\users\Šárka\AppData\Roaming\CD3D.exe
c:\users\Šárka\AppData\Roaming\Npcycl.exe
c:\users\Šárka\AppData\Roaming\x.exe
c:\windows\system64
c:\windows\system64\msvcp100.dll
c:\windows\system64\msvcr100.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-03 do 2013-06-03 )))))))))))))))))))))))))))))))
.
.
2013-06-03 15:59 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79DFFDD9-05DD-487A-8020-0B5F90D586B8}\mpengine.dll
2013-06-03 11:49 . 2013-06-03 11:49 -------- d-----w- c:\program files\trend micro
2013-06-03 11:49 . 2013-06-03 11:49 -------- d-----w- C:\rsit
2013-06-03 09:14 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-03 08:02 . 2013-06-03 08:02 -------- d-----w- c:\users\Šárka\AppData\Roaming\Malwarebytes
2013-06-03 08:01 . 2013-06-03 08:01 -------- d-----w- c:\programdata\Malwarebytes
2013-06-03 08:01 . 2013-06-03 09:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-03 08:00 . 2013-06-03 08:00 -------- d-----w- c:\users\Šárka\AppData\Local\Programs
2013-06-03 01:00 . 2013-06-03 01:00 -------- d-----w- C:\found.000
2013-05-31 14:06 . 2013-05-31 15:20 -------- d-----w- c:\users\Šárka\AppData\Roaming\U3
2013-05-21 17:21 . 2013-05-21 17:21 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19C1D9DC-E74C-4E38-B471-F4225B226A02}\gapaengine.dll
2013-05-15 05:57 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 05:57 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 05:57 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 05:57 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 05:57 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 05:57 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 05:57 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 05:57 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-12 18:29 . 2013-05-12 18:29 -------- d-----w- c:\users\Šárka\AppData\Local\Diagnostics
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-05-08 19:33 . 2013-05-08 19:33 -------- d-----w- c:\users\Šárka\AppData\Roaming\LibreOffice
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 17:31 . 2012-09-05 14:54 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 17:31 . 2011-07-20 11:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2011-07-20 10:58 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-23 17:35 . 2011-08-27 11:20 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 04:45 . 2013-05-15 05:57 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 05:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 07:35 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 16:56 . 2013-04-04 16:57 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-04 16:56 . 2013-04-04 16:58 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-04 16:56 . 2013-04-04 16:58 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-19 05:04 . 2013-04-10 22:02 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 22:03 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 22:02 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 22:02 69632 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlazeServoTool"="c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" [2010-03-06 286720]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2012-04-25 6147584]
"SPMTray"="c:\program files\PC Speed Maximizer\SPMTray.exe" [2011-06-10 203920]
"Facebook Update"="c:\users\Šárka\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-18 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-07-20 1136648]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2011-07-20 3686400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Šárka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Šárka\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-17 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2011-07-20 12:49 3077120 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl02cf93a3;MpKsl02cf93a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{709FE32B-C879-46E1-8D9A-F9335606CF10}\MpKsl02cf93a3.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-07-01 188392]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-07-01 32872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-20 1343400]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2011-07-20 43184]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2011-07-20 3481088]
S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe [2010-11-24 130000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-07-20 119256]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-23 14:15 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 17:31]
.
2013-06-03 c:\windows\Tasks\dsmonitor.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-03-31 12:47]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-28 18:22]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-28 18:22]
.
2013-06-01 c:\windows\Tasks\Norton Security Scan for Šárka.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-09-17 01:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Šárka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: DhcpNameServer = 192.168.11.11
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Npcycl - c:\users\Šárka\AppData\Roaming\Npcycl.exe
HKLM-Run-IR_SERVER - c:\progra~1\Realtek\REALTE~1\IR_SERVER.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2013-06-03 18:19:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-03 16:19
.
Před spuštěním: Volných bajtů: 45 612 838 912
Po spuštění: Volných bajtů: 48 617 578 496
.
- - End Of File - - 61712FFBE00BFE1DA673A31B6E6C01AF

#6 Příspěvek od **vyosek** » 03 čer 2013 18:07

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

ŠárkaN · #7 Příspěvek od **ŠárkaN** » 03 čer 2013 18:16

# AdwCleaner v2.301 - Log vytvooen 03/06/2013 v 19:14:48
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Professional Service Pack 1 (32 bits)
# Uživatel : Šárka - ŠÁRKA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Šárka\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Users\Šárka\AppData\LocalLow\boost_interprocess
Složka Nalezeno : C:\Users\Šárka\AppData\Roaming\dvdvideosoftiehelpers

***** [Registry] *****

Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Klíe Nalezeno : HKU\S-1-5-21-1267074299-434067822-3471845624-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16576

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://qip.ru
[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie

-\\ Google Chrome v27.0.1453.94

Soubor : C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [1485 octets] - [03/06/2013 19:14:48]

########## EOF - C:\AdwCleaner[R1].txt - [1545 octets] ##########

#8 Příspěvek od **vyosek** » 03 čer 2013 18:20

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

ŠárkaN · #9 Příspěvek od **ŠárkaN** » 03 čer 2013 18:31

# AdwCleaner v2.301 - Log vytvooen 03/06/2013 v 19:24:47
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Professional Service Pack 1 (32 bits)
# Uživatel : Šárka - ŠÁRKA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Šárka\Desktop\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Users\Šárka\AppData\LocalLow\boost_interprocess
Složka Vymazáno : C:\Users\Šárka\AppData\Roaming\dvdvideosoftiehelpers

***** [Registry] *****

Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16576

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://qip.ru --> hxxp://www.google.com
Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru --> hxxp://www.google.com
Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie --> hxxp://www.google.com

-\\ Google Chrome v27.0.1453.94

Soubor : C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [1614 octets] - [03/06/2013 19:14:48]
AdwCleaner[S1].txt - [1498 octets] - [03/06/2013 19:24:47]

########## EOF - C:\AdwCleaner[S1].txt - [1558 octets] ##########

#10 Příspěvek od **vyosek** » 04 čer 2013 08:11

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

ŠárkaN · #11 Příspěvek od **ŠárkaN** » 04 čer 2013 17:55

Udělala jsem vše podle Vašeho psaného postupu, scan dlouze proběhl a pak se to zastavilo na "Getting folder structure..." . Zkusila jsem to již třikrát a stále stejný konec. Taky mi vyskočilo okénko "Out of memory" při prvních dvou pokusech. Třetí mi stále stojí na již zmíněném "bodě". Kde je chyba?

#12 Příspěvek od **vyosek** » 04 čer 2013 20:09

Spustte skenovani ale do spodniho okenka nevkladejte skript

ŠárkaN · #13 Příspěvek od **ŠárkaN** » 05 čer 2013 14:57

OTL logfile created on: 5.6.2013 15:45:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Šárka\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,97 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,78% Memory free
5,93 Gb Paging File | 4,25 Gb Available in Paging File | 71,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,69 Gb Total Space | 44,55 Gb Free Space | 31,22% Space Free | Partition Type: NTFS
Drive D: | 142,70 Gb Total Space | 7,69 Gb Free Space | 5,39% Space Free | Partition Type: NTFS

Computer Name: ŠÁRKA-PC | User Name: Šárka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.06.04 15:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Šárka\Desktop\OTL.exe
PRC - [2013.06.03 19:28:37 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Šárka\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2013.05.29 14:19:04 | 002,094,216 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2013.05.23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.26 17:32:00 | 001,815,248 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
PRC - [2013.04.25 01:30:16 | 004,443,912 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2013.04.25 01:29:50 | 009,478,352 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cis.exe
PRC - [2013.04.17 13:27:24 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2013.04.17 11:57:08 | 000,207,560 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
PRC - [2013.04.17 11:57:08 | 000,194,760 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe
PRC - [2013.04.17 11:57:08 | 000,070,344 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\COMODO\launcher_service.exe
PRC - [2013.04.15 18:38:18 | 003,012,816 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe
PRC - [2013.03.07 22:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Šárka\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.01.16 14:47:30 | 000,026,456 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.04.25 19:15:58 | 006,147,584 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2012.01.20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.07.20 14:49:34 | 003,401,216 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2011.07.20 14:49:28 | 003,481,088 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
PRC - [2011.07.20 14:49:19 | 003,686,400 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2011.07.20 14:32:37 | 001,136,648 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe
PRC - [2010.03.06 17:46:14 | 000,286,720 | ---- | M] (BlazeVideo Company) -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
PRC - [2009.07.17 16:30:50 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2013.05.23 07:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013.05.16 19:20:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 19:19:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.03.07 22:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Šárka\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013.03.07 22:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Šárka\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013.03.07 22:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Šárka\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013.01.10 04:39:42 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 04:39:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 04:39:12 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 04:38:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.04.25 19:23:18 | 003,522,048 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmbtsupp.dll
MOD - [2012.04.25 19:14:04 | 000,230,400 | ---- | M] () -- C:\Program Files\Free Download Manager\iefdm2.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.03.02 12:40:52 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.11.13 04:37:03 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.08.26 08:49:20 | 000,024,576 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\RemoteControl\RTKIR.dll
MOD - [2009.07.17 16:31:00 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008.12.30 12:40:30 | 000,073,728 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\VersionInfo.dll
MOD - [2008.12.30 12:40:26 | 000,106,496 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\mlutil.dll
MOD - [2008.12.30 12:40:26 | 000,032,768 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\MMKeyboardHook.dll

========== Services (SafeList) ==========

SRV - [2013.05.29 14:19:04 | 002,094,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013.05.15 19:31:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.25 01:30:16 | 004,443,912 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013.04.17 13:27:24 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2013.04.17 11:57:08 | 000,070,344 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2013.04.15 18:38:20 | 000,127,184 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.07.20 14:49:28 | 003,481,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2011.07.20 13:33:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe -- (NSL)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\RKA~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.04.25 11:05:12 | 000,084,928 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2013.04.15 18:38:52 | 000,043,728 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013.04.15 18:38:50 | 000,581,912 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2013.04.15 18:38:50 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.09.03 09:20:00 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2011.07.20 14:49:21 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2011.07.20 14:32:17 | 000,119,256 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.01 12:10:00 | 000,188,392 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2010.07.01 12:10:00 | 000,032,872 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.10.05 20:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (Int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1003\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Šárka\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\ [2011.11.03 22:50:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.31 16:44:48 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.seznam.cz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\

O1 HOSTS File: ([2013.06.03 18:15:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-21-1267074299-434067822-3471845624-1000..\Run: [BlazeServoTool] C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe (BlazeVideo Company)
O4 - HKU\S-1-5-21-1267074299-434067822-3471845624-1000..\Run: [Facebook Update] C:\Users\Šárka\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1267074299-434067822-3471845624-1000..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKU\S-1-5-21-1267074299-434067822-3471845624-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1267074299-434067822-3471845624-1000..\Run: [SPMTray] C:\Program Files\PC Speed Maximizer\SPMTray.exe (Avanquest Software)
O4 - HKU\S-1-5-21-1267074299-434067822-3471845624-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Šárka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Šárka\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1267074299-434067822-3471845624-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Šárka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Stáhnout Free Download Managerem - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Stáhnout video Free Download Managerem - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - C:\Program Files\Free Download Manager\dlselected.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74AFEA11-633B-46AB-BDD4-978A6EF1DC28}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9D8B4A3-E737-4F21-BAB7-E8D851810DB2}: DhcpNameServer = 192.168.11.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9D8B4A3-E737-4F21-BAB7-E8D851810DB2}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 7 Days ==========

[2013.06.04 15:38:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Šárka\Desktop\OTL.exe
[2013.06.04 12:50:03 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013.06.04 12:49:54 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2013.06.04 12:49:54 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2013.06.04 12:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013.06.04 12:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO
[2013.06.04 12:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013.06.04 12:48:37 | 000,000,000 | ---D | C] -- C:\Users\Šárka\AppData\Local\Comodo
[2013.06.04 12:48:33 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013.06.04 12:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2013.06.04 12:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013.06.04 12:30:45 | 151,247,144 | ---- | C] (COMODO) -- C:\Users\Šárka\Desktop\cfw_installer.exe
[2013.06.03 20:08:22 | 003,085,288 | ---- | C] (McAfee, Inc.) -- C:\Users\Šárka\Desktop\McAfeeScanAndRepair1_Release.exe
[2013.06.03 18:19:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.03 18:15:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.06.03 18:01:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.03 18:01:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.03 18:01:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.03 18:01:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.03 18:01:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.03 17:48:12 | 005,077,724 | R--- | C] (Swearware) -- C:\Users\Šárka\Desktop\ComboFix.exe
[2013.06.03 15:53:48 | 001,804,416 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Šárka\Desktop\rkill.com
[2013.06.03 13:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.06.03 13:49:09 | 000,000,000 | ---D | C] -- C:\rsit
[2013.06.03 10:02:02 | 000,000,000 | ---D | C] -- C:\Users\Šárka\AppData\Roaming\Malwarebytes
[2013.06.03 10:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.03 10:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.03 10:00:48 | 000,000,000 | ---D | C] -- C:\Users\Šárka\AppData\Local\Programs
[2013.06.03 03:00:24 | 000,000,000 | ---D | C] -- C:\found.000
[2013.05.31 16:06:35 | 000,000,000 | ---D | C] -- C:\Users\Šárka\AppData\Roaming\U3

========== Files - Modified Within 7 Days ==========

[2013.06.05 15:48:23 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 15:48:23 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 15:40:57 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.05 15:40:53 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2013.06.05 15:40:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.05 15:40:16 | 2388,283,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.04 23:39:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.04 23:31:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.04 23:24:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1267074299-434067822-3471845624-1000UA.job
[2013.06.04 19:50:36 | 000,666,444 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.06.04 19:50:36 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.04 19:50:36 | 000,140,108 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.06.04 19:50:36 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.04 18:14:50 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.06.04 17:24:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1267074299-434067822-3471845624-1000Core.job
[2013.06.04 15:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Šárka\Desktop\OTL.exe
[2013.06.04 12:51:48 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2013.06.04 12:51:48 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2013.06.04 12:51:47 | 000,000,597 | ---- | M] () -- C:\Users\Public\Desktop\Sdílený prostor.lnk
[2013.06.04 12:50:20 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013.06.04 12:49:55 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2013.06.04 12:49:54 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2013.06.04 12:49:20 | 000,001,493 | ---- | M] () -- C:\Users\Šárka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.06.04 12:48:54 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2013.06.04 12:48:54 | 000,002,017 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.06.04 12:48:54 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013.06.04 12:48:38 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013.06.04 12:33:18 | 151,247,144 | ---- | M] (COMODO) -- C:\Users\Šárka\Desktop\cfw_installer.exe
[2013.06.03 20:09:27 | 003,085,288 | ---- | M] (McAfee, Inc.) -- C:\Users\Šárka\Desktop\McAfeeScanAndRepair1_Release.exe
[2013.06.03 19:12:43 | 000,632,031 | ---- | M] () -- C:\Users\Šárka\Desktop\adwcleaner.exe
[2013.06.03 18:15:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.03 17:49:14 | 005,077,724 | R--- | M] (Swearware) -- C:\Users\Šárka\Desktop\ComboFix.exe
[2013.06.03 15:54:28 | 001,804,416 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Šárka\Desktop\rkill.com
[2013.06.01 14:12:12 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Šárka.job

========== Files Created - No Company Name ==========

[2013.06.04 19:56:09 | 000,019,801 | ---- | C] () -- C:\Users\Šárka\Desktop\ICT.odt
[2013.06.04 19:56:08 | 000,185,865 | ---- | C] () -- C:\Users\Šárka\Desktop\neuma1.odt
[2013.06.04 19:55:25 | 000,017,723 | ---- | C] () -- C:\Users\Šárka\Desktop\calc_A.ods
[2013.06.04 15:47:53 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.06.04 12:51:48 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2013.06.04 12:51:48 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2013.06.04 12:51:47 | 000,000,597 | ---- | C] () -- C:\Users\Public\Desktop\Sdílený prostor.lnk
[2013.06.04 12:48:54 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
[2013.06.04 12:48:54 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.06.04 12:48:54 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013.06.04 12:48:38 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013.06.03 19:12:29 | 000,632,031 | ---- | C] () -- C:\Users\Šárka\Desktop\adwcleaner.exe
[2013.06.03 18:01:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.03 18:01:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.03 18:01:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.03 18:01:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.03 18:01:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.03 00:49:23 | 000,014,958 | ---- | C] () -- C:\Users\Šárka\AppData\Roaming\9.jpg
[2012.04.05 22:33:27 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2011.07.20 15:30:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.07.20 14:49:39 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2011.07.20 14:22:55 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2011.07.20 14:09:42 | 000,001,496 | ---- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat
[2011.07.20 14:09:42 | 000,000,728 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011.07.20 14:09:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011.07.20 14:09:41 | 000,123,780 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2011.07.20 14:09:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011.07.20 14:09:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011.07.20 14:09:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.10.30 15:48:40 | 000,000,000 | ---D | M] -- C:\Users\Šárka\AppData\Roaming\DVDVideoSoft
[2013.06.05 15:50:44 | 000,000,000 | ---D | M] -- C:\Users\Šárka\AppData\Roaming\Free Download Manager
[2013.05.08 21:33:50 | 000,000,000 | ---D | M] -- C:\Users\Šárka\AppData\Roaming\LibreOffice
[2012.05.06 02:54:23 | 000,000,000 | ---D | M] -- C:\Users\Šárka\AppData\Roaming\PC Speed Maximizer
[2012.05.06 02:54:23 | 000,000,000 | ---D | M] -- C:\Users\Šárka\AppData\Roaming\RegistryKeys
[2012.10.22 22:33:10 | 000,000,000 | ---D | M] -- C:\Users\Šárka\AppData\Roaming\Synthesia
[2013.03.31 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\Šárka\AppData\Roaming\Uniblue
[2011.07.20 14:44:14 | 000,000,000 | ---D | M] -- C:\Users\Šárka\AppData\Roaming\Zoner

========== Purity Check ==========

< End of report >

ŠárkaN · #14 Příspěvek od **ŠárkaN** » 05 čer 2013 14:58

OTL Extras logfile created on: 5.6.2013 15:45:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Šárka\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,97 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,78% Memory free
5,93 Gb Paging File | 4,25 Gb Available in Paging File | 71,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,69 Gb Total Space | 44,55 Gb Free Space | 31,22% Space Free | Partition Type: NTFS
Drive D: | 142,70 Gb Total Space | 7,69 Gb Free Space | 5,39% Space Free | Partition Type: NTFS

Computer Name: ŠÁRKA-PC | User Name: Šárka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D685699-79B8-47C9-86D4-B6AA5F35C651}" = rport=139 | protocol=6 | dir=out | app=system |
"{2A089BE7-9093-456C-BAD1-23DCD4C6B9CE}" = rport=445 | protocol=6 | dir=out | app=system |
"{2C991CCF-0422-4099-A1E4-EF5171EC288A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D59BFF9-4247-4E98-BD2E-A17E3BCECCE4}" = lport=139 | protocol=6 | dir=in | app=system |
"{2F18DD04-A009-4BCA-BDE8-1189F309C7EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{303A57B9-5607-4F8E-83FD-EB8C86600086}" = lport=445 | protocol=6 | dir=in | app=system |
"{49B52459-4A0A-4D8B-B5B7-BC1914CE1E46}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5532D2A1-4A4B-4938-B17B-20D8729526EF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{638B8201-7434-4205-B56D-C7CC650A9EFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66DBC8D3-423B-4FB0-A43D-6E1C4CC92F57}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{84EE9BCE-8695-4A5F-AA0C-CA1CA4B82339}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85434BA6-DEB8-4E34-A603-3B1B04408A71}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8778E8B0-2143-4487-8CD9-5FC4789820CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9070D6BE-2AA9-43BC-A964-376A8E343D30}" = rport=137 | protocol=17 | dir=out | app=system |
"{9FA8234E-DEB4-45FA-9501-51F4CA198425}" = lport=137 | protocol=17 | dir=in | app=system |
"{AAB183F3-3951-4A04-9287-646DD5AB1310}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACD37E90-EEA3-4483-82C9-CA0FB2D895F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B827E4EF-A7EA-4632-8EB3-B2A949C93DC8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D803CDB7-E9F1-4D8B-AEE9-B03DE3D0299D}" = rport=138 | protocol=17 | dir=out | app=system |
"{DBB44642-067F-40E5-A776-0706752D930A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0C315AA-8E58-4DF1-80C6-F019298020A7}" = lport=138 | protocol=17 | dir=in | app=system |
"{F2FAD0ED-DDAC-40BD-8372-BEA4AE7D8B1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{F90DFA77-4028-4123-93EC-449015B2D293}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C6B508-6B0D-4FB1-8C2D-D51B422FE2CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{132C7C06-0CF3-4362-A029-467C5D829CCC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{177FA93E-E64E-4D90-98CE-D8AD4B0A1B71}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{30575074-2AA3-404A-8ACE-27A7767CBC74}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{320E4131-508B-4C87-88C3-80FD6D3B9468}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{34E20773-9D6A-4FA8-90BA-694528459EDE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4A72E9C9-87F5-4709-83A3-A7E30921D599}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4C2139EE-C38D-4148-BDA9-2B7FEB6618D1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4DB6D1B8-5B6F-4472-8820-30F596598D5F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{54AE412F-B89A-4C69-8805-480799C2210A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{577C1421-97D2-4FED-9B80-10846786FEB2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{5961BED8-8959-45D3-A8DA-83417646E77C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5DD73247-B1BB-4A3F-A85C-CFF00D6B15EB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5FFB2DB2-59F9-4272-9C0F-2BEF1619A6DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78B18999-75B0-4EE5-AC98-0A1C217A8191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{916E70FD-C2E3-441D-8213-156CDD0DF8C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97E77FA5-A30B-4D5A-A36C-FDFF870C3A3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0325BD3-B446-46DA-A551-CB48CB8D350C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA692EDD-C39E-4E0A-854D-978E2B3B6F10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D42C84D9-D8A1-4F9F-ACC2-A2094B8FBB1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6CBD923-879C-4832-831F-F572FCBEE344}" = protocol=6 | dir=out | app=system |
"{DB0A8005-2C97-4940-9D41-7B826C7639A6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{DE7185D2-2132-4A6E-9C04-6A31275C3FA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB5ECC8E-11EE-437C-8FFB-0344272F9DE4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FAD07480-8195-4D6B-87F7-707EFA3B5DA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{DEB81AB3-54FF-410D-B053-5CC5291279FF}C:\users\šárka\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\šárka\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{E50B15D5-AB4A-4B00-8AD4-CD00BC4816E7}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F3304315-9E19-4C6F-97BD-36AE58303FA3}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{F8D3DE40-6D1E-4442-85FA-9CD4BBA4F26A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{2203D2AA-2BB5-45BF-A910-BD5E950EEBC5}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{341731E2-E149-4A92-8515-5A54D7D8543B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{71670B48-11BD-4B7E-9AD9-7519615E422A}C:\users\šárka\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\šárka\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{8586523F-36C9-4172-8292-560136C397DE}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client CS-CZ Language Pack
"{604B2A5C-B1CE-45B2-ADCC-6B7C721AC3AC}" = LibreOffice 4.0.1.2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0015-0405-0000-0000000FF1CE}_Office14.PROPLUS_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}_Office14.PROPLUS_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}_Office14.PROPLUS_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}_Office14.PROPLUS_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}_Office14.PROPLUS_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}_Office14.PROPLUS_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}_Office14.PROPLUS_{2304F942-79D2-46F7-A512-269A7F5B7EFC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041B-0000-0000000FF1CE}_Office14.PROPLUS_{A162C5E6-7778-4D5B-9F0A-38F0122DD859}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-002C-0405-0000-0000000FF1CE}_Office14.PROPLUS_{8148DB19-71B1-4415-8B26-DF5B9E873FC3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}_Office14.PROPLUS_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}_Office14.PROPLUS_{EEF3E2C0-135B-44DC-BEDD-7F01CFBEFF46}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}_Office14.PROPLUS_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}_Office14.PROPLUS_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum zařízení Windows Mobile
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Software Bluetooth WIDCOMM
"{A47642B2-4CB5-4325-8093-C88D4747953F}" = GeekBuddy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Czech
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.104.803
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EC4151-805B-4097-B9BB-7D71A417AAF1}" = COMODO Firewall
"Acer Acer Bio Protection 6.0.00.18" = Acer Bio Protection

ATA 6.0.00.18
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BlazeDTV 6.0_is1" = BlazeDTV 6.0
"Comodo Dragon" = Comodo Dragon
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Setup" = DivX Setup
"Free Download Manager_is1" = Free Download Manager 3.8 - Prime Time Freeware Edition
"Google Chrome" = Google Chrome
"LManager" = Launch Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NSS" = Norton Security Scan
"NST" = Norton Safe Web Lite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC Speed Maximizer_is1" = PC Speed Maximizer v2.2
"stepmania.com1.0" = stepmania.com
"Synthesia" = Synthesia (remove only)
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"ZonerPhotoStudio13_CZ_is1" = Zoner Photo Studio 13

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17.5.2013 22:58:27 | Computer Name = Šárka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: DivXUpdate.exe, verze: 1.0.6.88, časové
razítko: 0x511afc59 Název chybujícího modulu: netprofm.dll, verze: 6.1.7600.16385,
časové razítko: 0x4a5bda75 Kód výjimky: 0xc0000005 Posun chyby: 0x00002505 ID chybujícího
procesu: 0xfe4 Čas spuštění chybující aplikace: 0x01ce525943cddc6e Cesta k chybující
aplikaci: C:\Program Files\DivX\DivX Update\DivXUpdate.exe Cesta k chybujícímu modulu:
C:\Windows\System32\netprofm.dll ID zprávy: cfca285c-bf66-11e2-98ac-001e68df8be6

Error - 31.5.2013 9:43:59 | Computer Name = Šárka-PC | Source = Google Update | ID = 20
Description =

Error - 31.5.2013 11:25:51 | Computer Name = Šárka-PC | Source = Google Update | ID = 20
Description =

Error - 2.6.2013 18:59:01 | Computer Name = Šárka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 10.0.9200.16576, časové
razítko: 0x515e30fe Název chybujícího modulu: user32.DLL, verze: 6.1.7601.17514,
časové razítko: 0x4ce7ba26 Kód výjimky: 0xc0000005 Posun chyby: 0x0001405d ID chybujícího
procesu: 0xa20 Čas spuštění chybující aplikace: 0x01ce5fe3cea324a9 Cesta k chybující
aplikaci: C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu modulu:
C:\Windows\system32\user32.DLL ID zprávy: 03aa4ed4-cbd8-11e2-983a-001e68df8be6

Error - 2.6.2013 19:34:21 | Computer Name = Šárka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 10.0.9200.16576, časové
razítko: 0x515e30fe Název chybujícího modulu: user32.DLL, verze: 6.1.7601.17514,
časové razítko: 0x4ce7ba26 Kód výjimky: 0xc0000005 Posun chyby: 0x0001405d ID chybujícího
procesu: 0x2b78 Čas spuštění chybující aplikace: 0x01ce5fe8bea6fcc1 Cesta k chybující
aplikaci: C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu modulu:
C:\Windows\system32\user32.DLL ID zprávy: f33d13f3-cbdc-11e2-983a-001e68df8be6

Error - 2.6.2013 19:44:03 | Computer Name = Šárka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 10.0.9200.16576, časové
razítko: 0x515e30fe Název chybujícího modulu: user32.DLL, verze: 6.1.7601.17514,
časové razítko: 0x4ce7ba26 Kód výjimky: 0xc0000005 Posun chyby: 0x0001405d ID chybujícího
procesu: 0x1928 Čas spuštění chybující aplikace: 0x01ce5fea17f487aa Cesta k chybující
aplikaci: C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu modulu:
C:\Windows\system32\user32.DLL ID zprávy: 4ddd89a3-cbde-11e2-983a-001e68df8be6

Error - 2.6.2013 19:52:05 | Computer Name = Šárka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 10.0.9200.16576, časové
razítko: 0x515e30fe Název chybujícího modulu: user32.DLL, verze: 6.1.7601.17514,
časové razítko: 0x4ce7ba26 Kód výjimky: 0xc0000005 Posun chyby: 0x0001405d ID chybujícího
procesu: 0x1b1c Čas spuštění chybující aplikace: 0x01ce5feb38e6fa54 Cesta k chybující
aplikaci: C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu modulu:
C:\Windows\system32\user32.DLL ID zprávy: 6cdf96b8-cbdf-11e2-983a-001e68df8be6

Error - 2.6.2013 20:49:30 | Computer Name = Šárka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 10.0.9200.16576, časové
razítko: 0x515e30fe Název chybujícího modulu: user32.DLL, verze: 6.1.7601.17514,
časové razítko: 0x4ce7ba26 Kód výjimky: 0xc0000005 Posun chyby: 0x0001405d ID chybujícího
procesu: 0x13dc Čas spuštění chybující aplikace: 0x01ce5ff33dcb396b Cesta k chybující
aplikaci: C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu modulu:
C:\Windows\system32\user32.DLL ID zprávy: 72d0db29-cbe7-11e2-a5a1-001e68df8be6

Error - 4.6.2013 5:35:20 | Computer Name = Šárka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: jusched.exe, verze: 2.1.9.0, časové razítko:
0x4ff31820 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x00000000 ID chybujícího procesu: 0xfa0 Čas spuštění
chybující aplikace: 0x01ce607fcbb34c4e Cesta k chybující aplikaci: C:\Program Files\Common
Files\Java\Java Update\jusched.exe Cesta k chybujícímu modulu: unknown ID zprávy:
127ed895-ccfa-11e2-9950-001e68df8be6

Error - 4.6.2013 12:02:55 | Computer Name = Šárka-PC | Source = Application Hang | ID = 1002
Description = Program OTL.exe verze 3.2.69.0 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: f7c Čas
spuštění: 01ce613af6b50885 Čas ukončení: 15 Cesta k aplikaci: C:\Users\Šárka\Desktop\OTL.exe

ID
hlášení:

[ System Events ]
Error - 3.2.2013 16:18:56 | Computer Name = Šárka-PC | Source = Service Control Manager | ID = 7016
Description = Služba NVIDIA Display Driver Service ohlásila neplatný současný stav
32.

Error - 3.2.2013 19:02:43 | Computer Name = Šárka-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 6.2.2013 5:40:50 | Computer Name = Šárka-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (23:27:30, ?5.?2.?2013) bylo neočekávané.

Error - 11.2.2013 7:47:33 | Computer Name = Šárka-PC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby NSL bylo dosaženo časového limitu
(30000 ms).

Error - 13.2.2013 6:30:47 | Computer Name = Šárka-PC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Netman bylo dosaženo časového
limitu (30000 ms).

Error - 14.2.2013 0:31:51 | Computer Name = Šárka-PC | Source = Service Control Manager | ID = 7016
Description = Služba NVIDIA Display Driver Service ohlásila neplatný současný stav
32.

Error - 17.2.2013 15:43:16 | Computer Name = Šárka-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (21:27:47, ?15.?2.?2013) bylo neočekávané.

Error - 17.2.2013 15:43:28 | Computer Name = Šárka-PC | Source = BugCheck | ID = 1001
Description =

Error - 17.2.2013 15:49:08 | Computer Name = Šárka-PC | Source = Service Control Manager | ID = 7022
Description = Služba Windows Update přestala během spouštění reagovat.

Error - 21.2.2013 17:08:31 | Computer Name = Šárka-PC | Source = DCOM | ID = 10010
Description =

< End of report >

#15 Příspěvek od **vyosek** » 05 čer 2013 16:46

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\RKA~1\AppData\Local\Temp\catchme.sys -- (catchme)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1267074299-434067822-3471845624-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013.06.03 20:08:22 | 003,085,288 | ---- | C] (McAfee, Inc.) -- C:\Users\Šárka\Desktop\McAfeeScanAndRepair1_Release.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"BCSSync"=-
"IR_SERVER"=-
"QuickTime Task"=-
"DivXMediaServer"=-
"DivXUpdate"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BlazeServoTool"=-
"Free Download Manager"=-
"SPMTray"=-
"Facebook Update"=-
"Skype"=-
"OfficeSyncProcess"=-
"Npcycl"=-

:files
C:\Users\Šárka\AppData\Roaming\*.exe
c:\users\Šárka\AppData\Roaming\U3
C:\Windows\tasks\*.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

VIRY.CZ

Problém - přiložený log - prosím o radu

Problém - přiložený log - prosím o radu

Re: Problém - přiložený log - prosím o radu

log Rkill. txt

Re: Problém - přiložený log - prosím o radu

Log po Combofixu a co dál? :)

Re: Problém - přiložený log - prosím o radu

AdwCleaner - log

Re: Problém - přiložený log - prosím o radu

Znovu AdwCLeaner - vymazat

Re: Problém - přiložený log - prosím o radu

Problém s OTL

Re: Problém - přiložený log - prosím o radu

Log OTL bez skriptu

Log Extras

Re: Problém - přiložený log - prosím o radu