VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu po odvirování

https://forum.viry.cz:443/viewtopic.php?t=138079

Stránka 2 z 3

Re: Prosím o kontrolu logu po odvirování

Napsal: 19 kvě 2014 09:10
od pepis09
Dobrý den,

log z OTL

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\ deleted successfully.
========== FILES ==========
c:\users\svetla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk moved successfully.
Invalid Switch: *.job
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 15423403 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: svetla
->Temp folder emptied: 27416 bytes
->Temporary Internet Files folder emptied: 1425164 bytes
->Java cache emptied: 29803057 bytes
->FireFox cache emptied: 80339462 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 9826521 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 632 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 131,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: svetla
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: svetla
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05192014_095601

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: Prosím o kontrolu logu po odvirování

Napsal: 19 kvě 2014 09:13
od vyosek
Dobre rano :)

:arrow: Jeste jednou OTL s timto skriptem, postup stejny, log pak sem

Kód: Vybrat vše

:files
c:\windows\Tasks\*.job

:commands
[REBOOT]

Re: Prosím o kontrolu logu po odvirování

Napsal: 19 kvě 2014 09:36
od pepis09
========== FILES ==========
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\Tasks\Check Updates for Windows Live Toolbar.job moved successfully.
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1404084969-4032197657-1012067246-1003.job moved successfully.
c:\windows\Tasks\ReclaimerResumeInstall_svetla.job moved successfully.
c:\windows\Tasks\RunAsStdUser Task.job moved successfully.
c:\windows\Tasks\{1B6413DF-7003-4E2B-852E-1973F6362F7E}.job moved successfully.
c:\windows\Tasks\{4C5C00E5-C69F-43B7-855C-A0559061AB5B}.job moved successfully.
c:\windows\Tasks\{503AC2A6-3E45-4395-9783-F6752AA8862E}.job moved successfully.
c:\windows\Tasks\{6CB78A56-5736-4D0F-8BFC-C31F3364F4EF}.job moved successfully.
c:\windows\Tasks\{9A094B20-F70C-4FE7-A0B9-613C6E3F7842}.job moved successfully.
c:\windows\Tasks\{A6D19408-C0A4-44A7-ADC6-717CD2C03153}.job moved successfully.
c:\windows\Tasks\{C2D793D0-8829-40A9-8609-5FDED661FF22}.job moved successfully.
c:\windows\Tasks\{C98388BC-B9AA-4625-9CB0-3BDA05C94C26}.job moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 05192014_102348

Re: Prosím o kontrolu logu po odvirování

Napsal: 19 kvě 2014 09:40
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

DDS::
uInternet Settings,ProxyServer = proxy.army.cz:8080

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Prosím o kontrolu logu po odvirování

Napsal: 19 kvě 2014 13:14
od pepis09
No jsem to tak provedl podle návodu, naběhl scan a 3 hodiny nic, pořád jenom to modré okno s hláškou, že scanování trvá okolo 10 min :) .

Tak jsem restartnul pc, zkusil znova a scan zase hodku a nic.

Mám to nechat běžet nebo mám něco špatně.

Re: Prosím o kontrolu logu po odvirování

Napsal: 19 kvě 2014 13:30
od vyosek
:arrow: Spustte znovu OTL
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
  • Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Re: Prosím o kontrolu logu po odvirování

Napsal: 19 kvě 2014 17:01
od pepis09
Tak na potřetí se mi to rozeběhlo
mám tedy spustit ještě to OTL?

LOG z combofixu:

ComboFix 14-05-19.01 - svetla 19.05.2014 14:34:27.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2025.1233 [GMT 2:00]
Spuštěný z: c:\users\svetla\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\svetla\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\svetla\AppData\Roaming\inst.exe
c:\users\svetla\AppData\Roaming\vso_ts_preview.xml
c:\windows\iun6002.exe
c:\windows\msvcr71.dll
c:\windows\ST6UNST.000
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Thumbs.db
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-19 do 2014-05-19 )))))))))))))))))))))))))))))))
.
.
2014-05-19 12:47 . 2014-05-19 15:42 -------- d-----w- c:\users\svetla\AppData\Local\temp
2014-05-19 12:47 . 2014-05-19 12:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-19 07:56 . 2014-05-19 07:56 -------- d-----w- C:\_OTL
2014-05-18 09:22 . 2014-05-18 09:22 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-18 09:21 . 2014-05-18 09:21 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 08:10 . 2014-05-18 08:11 -------- d-----w- c:\users\Administrator
2014-05-17 21:29 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-17 21:29 . 2014-05-17 21:30 -------- d-----w- C:\AdwCleaner
2014-05-17 20:22 . 2014-05-17 20:23 -------- d-----w- C:\FRST
2014-05-17 14:15 . 2014-05-17 14:16 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-21 08:35 . 2012-07-31 08:33 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-21 08:35 . 2011-09-28 05:47 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 adusbnet;Anydata USB-NDIS miniport;c:\windows\system32\DRIVERS\adusbnet.sys [x]
R3 adusbser;Anydata USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Inspect Element with DebugBar - c:\program files\Core Services\DebugBar\DebugInfoBar.dll/247
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: uhk.cz\www
TCP: DhcpNameServer = 192.168.3.181 188.75.176.2 85.132.179.206 10.100.0.1
FF - ProfilePath - c:\users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-19 17:42
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5508)
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\AtService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Apoint2K\ApRunSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Apoint2K\Apoint.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\SLUI.exe
.
**************************************************************************
.
Celkový čas: 2014-05-19 17:47:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-19 15:47
ComboFix2.txt 2014-05-18 14:56
.
Před spuštěním: Volných bajtů: 31 279 312 896
Po spuštění: Volných bajtů: 31 238 512 640
.
- - End Of File - - 5BBC37DBDE1C285E1E632C163AE1954A
68AF06DDEFC5BFA52A09EE25870ECC3B

Re: Prosím o kontrolu logu po odvirování

Napsal: 19 kvě 2014 17:03
od vyosek
:arrow: OTL spustte, udela nam prehled jestli jeste neni nekde neco schovaneho

Re: Prosím o kontrolu logu po odvirování

Napsal: 19 kvě 2014 19:24
od pepis09
--------------------OLT-------------------------------------

OTL logfile created on: 19.5.2014 19:57:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\svetla\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,98 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,35% Memory free
4,19 Gb Paging File | 2,77 Gb Available in Paging File | 65,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,82 Gb Total Space | 29,14 Gb Free Space | 21,15% Space Free | Partition Type: NTFS
Drive D: | 3,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 9,77 Gb Total Space | 3,22 Gb Free Space | 33,01% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,16% Space Free | Partition Type: NTFS

Computer Name: SVETLA-PC | User Name: svetla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014.05.19 09:54:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\svetla\Downloads\OTL.exe
PRC - [2014.05.09 22:38:19 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.25 09:47:04 | 008,176,640 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
PRC - [2011.09.26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
PRC - [2011.09.26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.30 22:49:04 | 000,558,368 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008.07.30 22:48:48 | 000,238,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008.07.30 22:48:46 | 000,116,000 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008.07.28 19:33:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008.06.14 02:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008.05.25 01:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008.05.25 00:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008.05.10 16:11:06 | 001,160,440 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2008.05.06 05:35:22 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.06 05:06:30 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.03.27 03:45:12 | 000,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2008.03.17 19:32:08 | 000,518,696 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.07.23 14:29:22 | 000,036,864 | ---- | M] () -- C:\Program Files\Apoint2K\ApRunSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014.05.09 22:38:19 | 003,839,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV - [2014.05.09 22:38:19 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.04.21 10:35:43 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.07.25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.01.25 09:47:04 | 008,176,640 | ---- | M] () [Auto | Running] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2011.09.26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2010.02.21 01:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.04.11 00:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.12.31 22:12:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.07.30 22:48:48 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008.07.30 22:48:46 | 000,116,000 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008.07.28 19:33:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2008.06.14 02:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008.05.25 01:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008.05.25 00:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008.05.25 00:28:20 | 000,253,952 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008.05.10 16:11:06 | 001,160,440 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2008.05.06 05:35:22 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.06 05:06:30 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.03.27 03:45:12 | 000,058,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2008.03.17 19:32:08 | 000,518,696 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.23 14:29:22 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Apoint2K\ApRunSvc.exe -- (ApRunSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\svetla\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\appliand.sys -- (appliandMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adusbser.sys -- (adusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adusbnet.sys -- (adusbnet)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.04.03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2008.08.16 20:50:23 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008.07.28 19:33:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2008.06.23 17:45:14 | 003,698,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.28 07:10:44 | 000,220,672 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.05.25 00:28:22 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008.05.15 01:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2008.05.15 01:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008.05.12 11:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.05.10 16:28:10 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008.05.01 17:35:54 | 003,660,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.04.19 01:40:24 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.03.26 07:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2008.03.07 12:08:08 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.02.23 00:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008.02.15 11:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.01.21 04:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008.01.21 04:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.10.18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.30 04:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 03:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.20 11:10:32 | 000,048,640 | ---- | M] (Aten Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... FORM=LENIE
IE - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\..\SearchScopes\{0FE6B537-E2EE-47A6-8AF4-AFB170296705}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\..\SearchScopes\{2CF8FB46-D710-4244-AB77-3FA3A17B6846}: "URL" = http://www.google.com/search?q={searchT ... 1I7IRFC_cs
IE - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.25 08:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.05.09 22:38:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.05.09 22:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.28 20:56:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2008.11.17 14:59:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.05.09 22:38:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.05.09 22:38:14 | 000,000,000 | ---D | M]

[2011.05.17 23:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svetla\AppData\Roaming\Mozilla\Extensions
[2014.05.17 23:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\extensions
[2014.03.26 15:43:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.05.04 20:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\extensions\trash
[2014.04.10 22:01:48 | 002,298,147 | ---- | M] () (No name found) -- C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\extensions\firebug@software.joehewitt.com.xpi
[2014.05.01 17:05:09 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.05.09 22:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.05.09 22:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.05.09 22:38:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.07.25 08:05:23 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTer ... 16eac51966
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: DivX HiQ = C:\Users\svetla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\svetla\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 <video> = C:\Users\svetla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: DivX HiQ = C:\Users\svetla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\svetla\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 <video> = C:\Users\svetla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2014.05.19 17:42:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (DebugBar (Toolbar)) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 67108863
O7 - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Inspect Element with DebugBar - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\..Trusted Domains: uhk.cz ([www] https in Důvěryhodné servery)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.181 188.75.176.2 85.132.179.206 10.100.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E13C452-3285-477A-87AA-4FD7CAE19EAF}: DhcpNameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94BE46BD-1698-46D1-92F0-AE4FFC1771E5}: DhcpNameServer = 10.168.38.53 10.168.38.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB48A58E-B505-4306-B9B2-C9D3F6D36E06}: DhcpNameServer = 192.168.3.181 188.75.176.2 85.132.179.206 10.100.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\svetla\Desktop\pepís.jpg
O24 - Desktop BackupWallPaper: C:\Users\svetla\Desktop\pepís.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2014.05.19 17:42:24 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014.05.19 14:47:40 | 000,000,000 | ---D | C] -- C:\Users\svetla\AppData\Local\temp
[2014.05.19 10:46:50 | 005,200,426 | R--- | C] (Swearware) -- C:\Users\svetla\Desktop\ComboFix.exe
[2014.05.19 09:56:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014.05.18 14:40:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.05.18 14:40:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.05.18 14:40:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.05.18 14:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.05.18 14:39:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.05.18 11:22:31 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.05.18 11:21:23 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.05.18 11:21:21 | 000,000,000 | ---D | C] -- C:\Users\svetla\Desktop\mbar
[2014.05.17 23:29:50 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.05.17 23:29:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.05.17 22:22:31 | 000,000,000 | ---D | C] -- C:\FRST
[2014.05.17 16:15:45 | 000,000,000 | ---D | C] -- C:\rsit
[2014.05.17 14:49:40 | 000,000,000 | ---D | C] -- C:\Users\svetla\Desktop\viry
[2010.11.08 22:53:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\svetla\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 7 Days ==========

[2014.05.19 19:59:30 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.05.19 18:51:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.19 18:51:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.19 17:42:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014.05.19 14:51:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.19 14:51:20 | 2124,378,112 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.19 14:48:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014.05.19 13:11:20 | 005,200,426 | R--- | M] (Swearware) -- C:\Users\svetla\Desktop\ComboFix.exe
[2014.05.18 11:22:31 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.05.18 11:21:23 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.05.15 13:46:04 | 000,000,600 | ---- | M] () -- C:\Users\svetla\AppData\Roaming\winscp.rnd

========== Files Created - No Company Name ==========

[2014.05.19 19:59:30 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.05.18 14:40:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.05.18 14:40:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.05.18 14:40:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.05.18 14:40:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.05.18 14:40:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.05.18 11:09:36 | 000,000,954 | ---- | C] () -- C:\Users\svetla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014.05.17 12:39:30 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2013.04.09 16:01:27 | 000,297,805 | ---- | C] () -- C:\Windows\System32\mscoreebak.dll
[2012.07.31 10:24:07 | 000,488,448 | ---- | C] () -- C:\Windows\System32\apdfprintmon.dll
[2012.04.20 14:13:33 | 000,002,468 | ---- | C] () -- C:\Users\svetla\.powerupdate.user.properties
[2012.02.07 14:47:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\k4bel1vX.dat
[2011.12.28 22:30:57 | 000,000,200 | ---- | C] () -- C:\Program Files\Install.ini
[2011.12.28 18:43:00 | 000,199,937 | ---- | C] () -- C:\Program Files\Protege_3.3.pprj
[2011.12.28 18:43:00 | 000,000,558 | ---- | C] () -- C:\Program Files\SramkovaSvetla.owl
[2011.12.28 18:43:00 | 000,000,026 | ---- | C] () -- C:\Program Files\SramkovaSvetla.repository
[2011.12.15 08:09:26 | 000,004,096 | -H-- | C] () -- C:\Users\svetla\AppData\Local\keyfile3.drm
[2011.11.23 00:05:35 | 000,149,507 | ---- | C] () -- C:\Users\svetla\jura.jpg
[2011.08.01 09:00:02 | 000,006,915 | ---- | C] () -- C:\Users\svetla\T-mobile.pdf
[2011.07.17 14:57:25 | 000,000,146 | ---- | C] () -- C:\Users\svetla\.appletviewer
[2011.07.14 23:31:09 | 000,063,910 | ---- | C] () -- C:\Users\svetla\porod doma.htm
[2011.07.12 20:27:19 | 000,000,036 | ---- | C] () -- C:\Users\svetla\.org.eclipse.epp.usagedata.recording.userId
[2011.03.31 21:15:36 | 000,000,163 | ---- | C] () -- C:\Users\svetla\webct_upload_applet.properties
[2011.03.01 00:24:06 | 000,000,173 | ---- | C] () -- C:\Users\svetla\AppData\Local\msmathematics.qat.svetla
[2011.02.09 22:48:35 | 000,000,218 | ---- | C] () -- C:\Users\svetla\.recently-used.xbel
[2011.02.08 14:20:02 | 000,212,237 | ---- | C] () -- C:\Users\svetla\ECDL.pdf
[2010.12.26 18:31:12 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2010.12.26 18:30:40 | 014,835,712 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.11.08 22:53:30 | 000,007,887 | ---- | C] () -- C:\Users\svetla\AppData\Roaming\pcouffin.cat
[2010.11.08 22:53:30 | 000,001,144 | ---- | C] () -- C:\Users\svetla\AppData\Roaming\pcouffin.inf
[2010.10.24 13:47:16 | 000,000,052 | ---- | C] () -- C:\ProgramData\lxdd
[2009.03.14 23:41:08 | 000,001,893 | -H-- | C] () -- C:\Users\svetla\AppData\Roaming\vispa.ini
[2009.01.30 17:29:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.05 20:38:13 | 000,018,889 | ---- | C] () -- C:\Program Files\settings.dat
[2008.12.05 12:32:22 | 000,000,600 | ---- | C] () -- C:\Users\svetla\AppData\Roaming\winscp.rnd
[2008.11.17 17:10:13 | 000,209,920 | ---- | C] () -- C:\Users\svetla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.17 15:10:09 | 000,000,430 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.11.15 16:40:21 | 000,000,680 | ---- | C] () -- C:\Users\svetla\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.04.11 00:28:26 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.12.15 09:01:57 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Audacity
[2011.12.15 13:10:06 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Boilsoft
[2013.11.07 23:27:09 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Canneverbe Limited
[2013.11.07 10:18:21 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.30 00:58:38 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\CmapTools
[2010.11.09 12:42:59 | 000,000,000 | R--D | M] -- C:\Users\svetla\AppData\Roaming\Contacts
[2013.06.26 12:42:21 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Design Science
[2011.04.27 16:23:14 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Devart
[2011.06.24 21:31:34 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\go
[2011.02.09 23:01:50 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\inkscape
[2008.11.26 07:47:47 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\InterVideo
[2011.04.21 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\IrfanView
[2011.07.16 22:00:14 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\JCreator
[2009.05.26 18:49:23 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Leadertech
[2008.11.15 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Lenovo
[2010.10.24 13:52:25 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Lexmark Productivity Studio
[2011.12.08 19:08:21 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Mikrotik
[2013.04.10 09:53:59 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\OpenOffice.org
[2013.11.11 00:25:32 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Opera
[2011.05.18 12:18:35 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\passport_photo
[2013.11.07 14:06:22 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Seznam.cz
[2012.01.25 14:51:39 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\SolidDocuments
[2008.11.17 15:48:21 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Sparx Systems
[2014.02.10 12:37:58 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Sublime Text 2
[2010.12.31 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\SWI-Prolog
[2011.09.20 17:37:23 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Thunderbird
[2008.12.23 17:59:57 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\TuneUp Software
[2012.10.12 16:09:51 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Vso
[2010.12.31 21:33:28 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\xpce
[2010.06.22 20:35:33 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< >
[2006.11.02 15:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:23 | 000,032,638 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< >

< MD5 for: ATAPI.SYS >
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 00:27:22 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 00:27:22 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.21 04:25:09 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.21 04:23:28 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.21 04:23:28 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 00:32:48 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: SCECLI.DLL >
[2008.01.21 04:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\erdnt\cache\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SERVICES.EXE >
[2008.01.21 04:25:14 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009.04.11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009.04.11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009.04.11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008.01.21 04:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008.01.21 04:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 04:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.08.16 20:13:32 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009.04.11 00:33:04 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010.06.16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010.06.16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008.08.16 20:13:32 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\erdnt\cache\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2008.01.21 04:25:29 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< >

< %systemroot%*.* /U /s >
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[577 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp files -> C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp -> ]
[5 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.11.13 14:33:55 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Adobe
[2011.03.17 15:30:44 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Ahead
[2012.01.16 16:57:24 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Apple Computer
[2008.11.15 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\ATI
[2011.12.15 09:01:57 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Audacity
[2011.12.15 13:10:06 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Boilsoft
[2013.11.07 23:27:09 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Canneverbe Limited
[2013.11.07 10:18:21 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.30 00:58:38 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\CmapTools
[2010.11.09 12:42:59 | 000,000,000 | R--D | M] -- C:\Users\svetla\AppData\Roaming\Contacts
[2013.06.26 12:42:21 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Design Science
[2011.04.27 16:23:14 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Devart
[2011.04.22 14:30:48 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\DivX
[2011.04.19 18:10:16 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Download Manager
[2010.10.29 21:48:15 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\FaxCtr
[2011.06.24 21:31:34 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\go
[2008.11.15 16:33:55 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Identities
[2011.02.09 23:01:50 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\inkscape
[2012.10.29 11:41:01 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\InstallShield
[2011.01.01 10:59:48 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Intel
[2008.11.26 07:47:47 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\InterVideo
[2011.04.21 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\IrfanView
[2011.07.16 22:00:14 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\JCreator
[2009.05.26 18:49:23 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Leadertech
[2008.11.15 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Lenovo
[2010.10.24 13:52:25 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Lexmark Productivity Studio
[2008.11.15 17:17:00 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Macromedia
[2012.02.14 17:01:42 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Malwarebytes
[2013.10.09 12:51:46 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Media Player Classic
[2012.07.31 10:42:56 | 000,000,000 | --SD | M] -- C:\Users\svetla\AppData\Roaming\Microsoft
[2011.12.08 19:08:21 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Mikrotik
[2008.11.15 19:36:37 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Mozilla
[2013.04.10 09:53:59 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\OpenOffice.org
[2013.11.11 00:25:32 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Opera
[2011.05.18 12:18:35 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\passport_photo
[2012.02.13 22:50:27 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\PSpad
[2012.07.25 08:07:01 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Real
[2013.11.07 14:06:22 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Seznam.cz
[2014.05.19 09:52:04 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Skype
[2011.05.28 21:46:17 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\skypePM
[2012.01.25 14:51:39 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\SolidDocuments
[2008.11.17 15:48:21 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Sparx Systems
[2014.02.10 12:37:58 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Sublime Text 2
[2010.12.31 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\SWI-Prolog
[2011.09.20 17:37:23 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Thunderbird
[2008.12.23 17:59:57 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\TuneUp Software
[2008.11.17 17:08:39 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\vlc
[2012.10.12 16:09:51 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Vso
[2010.12.31 21:33:28 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\xpce
[2010.06.22 20:35:33 | 000,000,000 | ---D | M] -- C:\Users\svetla\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2010.04.09 13:49:44 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\svetla\AppData\Roaming\Real\Update\setup3.11\setup.exe
[2010.12.08 21:40:25 | 000,506,024 | ---- | M] (RealNetworks, Inc.) -- C:\Users\svetla\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2012.10.01 10:11:28 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\svetla\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
[2012.12.15 20:11:54 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\svetla\AppData\Roaming\Real\Update\temp\~Upg1\rnupgagent.exe
[2012.12.27 20:11:58 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\svetla\AppData\Roaming\Real\Update\temp\~Upg2\rnupgagent.exe
[2013.03.26 08:22:58 | 000,448,592 | ---- | M] (RealNetworks, Inc.) -- C:\Users\svetla\AppData\Roaming\Real\Update\temp\~Upg3\rnupgagent.exe
[2013.06.19 14:30:01 | 000,468,560 | ---- | M] (RealNetworks, Inc.) -- C:\Users\svetla\AppData\Roaming\Real\Update\temp\~Upg5\rnupgagent.exe
[2013.08.31 14:48:48 | 000,469,072 | ---- | M] (RealNetworks, Inc.) -- C:\Users\svetla\AppData\Roaming\Real\Update\temp\~Upg6\rnupgagent.exe
[2013.08.31 14:48:48 | 000,469,072 | ---- | M] (RealNetworks, Inc.) -- C:\Users\svetla\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2014.05.18 11:21:23 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamchameleon.sys
[2014.05.18 11:22:31 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\MBAMSwissArmy.sys

< %systemroot%\system32\*.* /3 >
[2014.05.19 18:51:53 | 000,003,744 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.19 18:51:53 | 000,003,744 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.19 17:45:05 | 000,000,128 | ---- | M] () -- C:\Windows\system32\TPAPSLOG.LOG
[2014.05.19 19:52:03 | 000,000,512 | ---- | M] () -- C:\Windows\system32\TPHDLOG0.LOG

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014.05.09 22:38:19 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=0DA891CB0703D912CEAFA072F54D002B -- C:\Program Files\Mozilla Firefox\firefox.exe
[109 C:\Program Files\Mozilla Firefox\*.tmp files -> C:\Program Files\Mozilla Firefox\*.tmp -> ]

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.04.11 00:27:46 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.05.19 19:59:30 | 000,000,512 | ---- | M] () MD5=0302F34A143724759819766A9E7B6B3C -- C:\PhysicalMBR.bin

< End of report >

Re: Prosím o kontrolu logu po odvirování

Napsal: 19 kvě 2014 19:25
od pepis09
---------------------------------EXTRAS-------------------------------------------------


OTL Extras logfile created on: 19.5.2014 19:57:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\svetla\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,98 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,35% Memory free
4,19 Gb Paging File | 2,77 Gb Available in Paging File | 65,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,82 Gb Total Space | 29,14 Gb Free Space | 21,15% Space Free | Partition Type: NTFS
Drive D: | 3,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 9,77 Gb Total Space | 3,22 Gb Free Space | 33,01% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,16% Space Free | Partition Type: NTFS

Computer Name: SVETLA-PC | User Name: svetla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1404084969-4032197657-1012067246-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE prezentace fotografií] -- "C:\Program Files\Teta\Fotosvet TETA 3\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotosvet TETA 3] -- "C:\Program Files\Teta\Fotosvet TETA 3\Fotosvet TETA 3.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0264E181-D3B5-4CE8-B5FC-6732D380C404}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{03BB571B-6C10-44BC-A323-EFD19F219784}" = lport=445 | protocol=6 | dir=in | app=system |
"{0B2F6236-012D-455B-A090-6B7E1E77E0A5}" = rport=138 | protocol=17 | dir=out | app=system |
"{0D0B1BB7-9864-4034-BE63-532C729F26DF}" = rport=5357 | protocol=6 | dir=out | app=system |
"{0F3CBAD7-9456-423B-9420-BBCB312AB0BE}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{148B2AF2-AD6B-4375-912A-233D79D1CFD9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{22CB2E34-BB34-48C4-8902-788280A4E6E5}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{2B993B87-4A8E-4E3B-B22E-58F8BAA5127E}" = lport=5357 | protocol=6 | dir=in | app=system |
"{2D71B4AB-5126-4F8F-9AB4-B07A9A4B7F82}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F207C39-9FB9-4C4F-897D-7FA2B25DCD33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4B48EA90-1115-4151-8C85-D66C64322065}" = lport=138 | protocol=17 | dir=in | app=system |
"{4BEA7D46-86D1-428B-8FD3-745A30AE472E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CBE5B32-79D0-4950-A083-D167FCFDE003}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{504F0386-44C3-42A9-A988-5C764CDF28F4}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{522B91D5-C36C-4194-8DB2-3606B497AAB8}" = lport=500 | protocol=17 | dir=in | name=ipsec |
"{5830BD0C-BF0E-445F-93CA-16186EDCD7DD}" = lport=135 | protocol=6 | dir=in | name=dcom |
"{6CFAD9FA-18E8-41EC-A2F7-4D7D49B42439}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{73472542-B843-4705-9A7A-A8B00061F6B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B730224-369D-4CC5-B96E-26F3D0B5207A}" = rport=139 | protocol=6 | dir=out | app=system |
"{7E6C6587-8B92-4589-9F5F-D55EEE389752}" = rport=5358 | protocol=6 | dir=out | app=system |
"{7F8CA566-65EF-4BAE-A617-497D97B7A65A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{80CD9F8E-CD35-49D7-A9AA-223CBFBD4455}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8936AB2E-0DE5-453E-B288-95B612F073D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=sdílení souborů a tiskáren (služba zařazování tisku – rpc-epmap) |
"{8F125284-834E-4382-A2E1-7216E77BA6B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{99ECF15C-5E9B-4DC2-B5F7-9BFF8358FA3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{ACCF35A4-048E-4178-A90F-53CD9EF8B269}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{B21BA96E-EFA4-4AF5-A01B-F1FA5FDB50A9}" = rport=445 | protocol=6 | dir=out | app=system |
"{B8FBC973-8E2B-45A3-B697-CF8B8E40CB8A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C16602CF-043E-4C69-80F1-29659A20526B}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{C3C7BBD3-7994-4227-B301-A17B0DF285C8}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{C52E92CF-2A82-4327-8CB2-A25B4586832F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{C62E848D-407E-4ECA-9DAF-46F36E1CC164}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7397A1F-5729-4520-BB03-2EC3BF00798B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAB028B3-19AD-462C-B987-2EE2CBCB2267}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB1B55EA-2B9A-4E70-A210-FD5332F8EE21}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CC0250D3-E794-4C80-AEE9-89AC6BB9D9F7}" = rport=137 | protocol=17 | dir=out | app=system |
"{CD557833-5719-4B17-98CB-D5C2B047867B}" = lport=139 | protocol=6 | dir=in | app=system |
"{D229F144-C0C0-464B-A549-BD703FCF6C6B}" = lport=4500 | protocol=17 | dir=in | name=ipsec |
"{DCB561C3-7DED-482E-A016-FE407B76225C}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7A9316D-08C4-4A27-99F2-01229AC07643}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E9FCFB44-C2E5-431F-A084-A35B997889BB}" = lport=5358 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1162F093-A31C-40B4-88AB-DA41C38EAAE7}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{13D3A857-0FDD-45C2-9457-E3ADBF7F3854}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{1ABE46BB-B31A-4EAC-A234-24511A37AA37}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{1CEC08F9-3857-43B6-BFAA-DF1CD643E8E5}" = protocol=58 | dir=out | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv6-out) |
"{2347D5BA-031B-41C0-97A3-47443A3C6BFA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{33F8C525-7A2A-4EC7-96A4-CAC388CA20B5}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{4966FEF6-6636-43FB-A270-805E98348E13}" = protocol=58 | dir=in | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv6-in) |
"{4EA5EC1A-EB68-48F7-BF87-0F561D88B3C8}" = protocol=1 | dir=in | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv4-in) |
"{687183A9-ABD9-41D1-8A03-F896FD147F5B}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{7C0DC2D9-F518-4B04-A078-6A3247759A21}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{8B21D88A-0353-4977-8BCB-6A93100BDBC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8DDF5507-DD39-41DB-AB0F-9660D8137845}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{C3E27C51-1B8D-4CB0-80C8-BB22B68E2DCD}" = protocol=1 | dir=out | name=sdílení souborů a tiskáren (požadavek na odezvu - icmpv4-out) |
"{C4E8BC8B-8C54-4672-A9C2-A331876C872A}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{D7CC5767-A087-41B4-B44C-DF2492797D2B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{DDB2142B-6970-4B62-BFB6-DBBED2E70A98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA5C2A6F-7F05-47F8-A5DB-2D7F6866B959}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{0F44256A-A542-40F1-938E-6C6F253AFC6B}C:\program files\winscp\winscp.exe" = protocol=6 | dir=in | app=c:\program files\winscp\winscp.exe |
"TCP Query User{275EC033-0250-4D7E-91C0-E841772F39C2}E:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampplite\apache\bin\httpd.exe |
"TCP Query User{828DF06E-365B-48CF-8D5A-8F32D07DC14B}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
"TCP Query User{9862194B-0C34-4A06-ABE4-7D15A4734D17}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{AC52E0EE-4AC8-4355-939E-AEB207A072A4}C:\program files\java\jdk1.6.0_21\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_21\bin\java.exe |
"TCP Query User{E227B7D8-C223-48DE-98DE-869AA1F96C7B}C:\program files\java\jdk1.6.0_21\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_21\bin\javaw.exe |
"TCP Query User{ECCEB487-FBE9-4A16-838F-E15137AC4EE0}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{F0B17DCB-4950-43B8-80CE-6B06B0AA51C8}E:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{FB55209D-14CC-47E1-BA7A-F2A06519C557}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{17F4D706-8372-49B0-AA72-6A2A9FED1183}C:\program files\java\jdk1.6.0_21\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_21\bin\java.exe |
"UDP Query User{18970AD4-7335-40FA-B9BA-509163099F11}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{3779FD1F-D228-4053-8B1E-11BAC383D685}E:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{4E6A59E0-5DEF-4C9C-AE2C-BCDB96C0F40A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{644B7361-EA00-4B04-BC8F-32F40A043C71}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
"UDP Query User{C7B6A151-47D4-4990-9811-63A979ECCF47}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C8B236BD-A302-4EB5-A23B-AB647D230069}C:\program files\java\jdk1.6.0_21\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_21\bin\javaw.exe |
"UDP Query User{D188A0B9-1F7A-47BA-AC24-0C995EAF8767}E:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampplite\apache\bin\httpd.exe |
"UDP Query User{E34A1FDE-5ECD-4828-B02F-68CBC46BCB52}C:\program files\winscp\winscp.exe" = protocol=17 | dir=in | app=c:\program files\winscp\winscp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{02DE33D2-BB21-78A6-8527-E871CC245EDD}" = Skins
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.1.0.4500
"{046755CA-F677-4B7F-AF9A-6AB295A02A30}" = Microsoft SQL Server 2008 R2 Native Client
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B79729E-9A1A-1B20-FF64-A37148A1429D}" = CCC Help Chinese Traditional
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DECB02D-DB1B-6F3A-9E94-97373A5D2C70}" = Catalyst Control Center Graphics Light
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{14BF164E-80A4-422E-BE43-39FB759666C2}_is1" = Avi to Mpeg 2.1
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{198AB422-32C1-9572-D9E2-AF9D0133D5F0}" = Catalyst Control Center Localization Italian
"{236BB7C4-4419-42FD-0405-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A566F96-B053-E018-0636-8D1048572134}" = CCC Help German
"{2EED664F-7E79-8002-81FD-469EAAEFB3F3}" = Catalyst Control Center Localization Dutch
"{2FAAD1C5-2D9D-4EDB-BCD1-FF6573986439}" = Mobile Broadband Connect
"{314C19E0-7FA5-11D5-A6B4-0050BA724CB6}" = Vstascan
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{33304A07-C014-B7FB-CFB9-1C2F35C4B22B}" = Catalyst Control Center Graphics Full Existing
"{35F748E8-D74B-B8E6-BE8B-39E7F48899AB}" = CCC Help Dutch
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{47736650-D4CA-DCDE-EBD6-067443968D90}" = CCC Help Japanese
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4CB31496-CD96-AF4D-7AEA-86386A36E52E}" = Catalyst Control Center Graphics Full New
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{523BC285-EAE3-E13D-FBC2-32C51B74F4A4}" = CCC Help Portuguese
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services
"{59F69519-ACA9-FACD-FC55-3E35AD500213}" = Catalyst Control Center Localization Korean
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BB3EC5-41F2-C8DB-6E60-E29421A51434}" = CCC Help Korean
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6751F3D6-FCC5-BF6F-A36A-3394C3A5FAA7}" = Catalyst Control Center Localization French
"{6A19F8CD-7D2D-B207-1AE1-2CAD95B8D997}" = Catalyst Control Center Localization Spanish
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AE80B91-BBBC-DB03-D51B-566214E00716}" = CCC Help Spanish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B92EFDD-5D1C-9F33-DAE2-4012640EA725}" = Catalyst Control Center Localization German
"{6EED864B-DFC3-8709-F96D-CF63005D2653}" = CCC Help Italian
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7158467A-AB67-08C0-75D2-6B1E553A1061}" = Catalyst Control Center Localization Swedish
"{76866BE3-B2C7-40BB-B267-927792AED0C3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.2.100
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80795861-7320-23F7-744F-FD5793C1E71E}" = Catalyst Control Center Localization Chinese Traditional
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.8.0
"{852AFD2D-07CC-46FD-A159-671102782771}" = Intel(R) PROSet/Wireless WiFi Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89749C77-FA36-7BE9-548F-1648E0995D15}" = Catalyst Control Center Graphics Previews Vista
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8EF140A7-B1D6-464E-82B4-C8925202FE54}" = Lenovo Fingerprint Software
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90510405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{93D14867-7ECB-DD6A-50DF-8242562FD4ED}" = Catalyst Control Center Localization Portuguese
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B696AC8-6DDF-63DA-7BE3-7599F51EBF5F}" = CCC Help Swedish
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CECB23C-F4BC-4FDA-A306-E544A216176A}" = ThinkVantage Status Gadget
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{9fc9803a-3582-4352-bc6d-6dd27fb95832}" = Microsoft Office Language Pack 2007 – Čeština (pro Office Outlook 2007 s aplikací Business Contact Manager SP1)
"{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A8E3BCE0-79BE-D08A-4F32-961405C9DD99}" = CCC Help Chinese Standard
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI - Czech
"{AD3B72BB-3089-EE53-0464-D59099D8054B}" = Catalyst Control Center InstallProxy
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B474775F-B687-E15C-9108-2B1352DF33B2}" = Catalyst Control Center Localization Japanese
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5545292-01B8-AEC5-905C-7749C4C06E1F}" = Catalyst Control Center Localization Chinese Standard
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2750F48-9A7D-ED2F-F485-7D7C9305FCAB}" = Catalyst Control Center Core Implementation
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DF342C79-A8BD-04F5-4E64-C38AFB24819B}" = ccc-utility
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (FLUKE)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7378FE2-5A35-E456-408C-76A87D790437}" = ccc-core-static
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8A0BF9F-3524-1EAF-C7A7-2B3348127A75}" = ATI Catalyst Install Manager
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EC440028-4F57-6BBF-DE7F-2FF61FD03DE4}" = CCC Help English
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F78E9E87-23BC-5791-D556-CB89F0BCABD0}" = CCC Help French
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"386CAF2F8306A2DD7EBAEAA5A86D98BE177DC951" = Windows Driver Package - Lenovo 1.45 (02/18/2008 1.45)
"3A4BCF4FDC99FD1314C1765462A054093CDEF58B" = Windows Driver Package - Intel (iaStor) hdc (07/22/2008 8.2.4.1005)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"4U AVI MPEG Converter_is1" = 4U AVI MPEG Converter (version 6.0.2)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0405-1E257A25E34D}" = Adobe Photoshop CS2
"Adsen FavIcon_is1" = Adsen FavIcon
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"Cisco Networking Academy curriculum_is1" = Cisco Networking Academy curriculum 4.0.0.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"DebugBar" = DebugBar v7.3.2 for Internet Explorer (remove only)
"Defraggler" = Defraggler
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"E4ACAC6700911AAA3BC0CD6C581A68BFC6AB001E" = Windows Driver Package - Broadcom (b57nd60x) Net (11/29/2007 10.62.1.2)
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"Fotosvet TETA 3" = Fotosvet TETA 3
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"IETester" = IETester v0.5.2 (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.8.0 (Full)
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome v1.0.24.3
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 29.0.1 (x86 cs)" = Mozilla Firefox 29.0.1 (x86 cs)
"Mozilla Thunderbird 17.0.2 (x86 cs)" = Mozilla Thunderbird 17.0.2 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3 Knife_is1" = Mp3 Knife 3.2
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PSPad editor_is1" = PSPad editor
"rajče.net_is1" = rajče verze 56 sestavení 154
"Registr ovcí_is1" = Registr ovcí
"Startup Delayer" = Startup Delayer v3.0 (build 326)
"Sublime Text 2_is1" = Sublime Text 2.0.2
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"WampServer 2_is1" = WampServer 2.2
"Windows Live Toolbar" = Windows Live Toolbar
"winscp3_is1" = WinSCP 4.1.8
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1404084969-4032197657-1012067246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Verdict Free" = Slovník Verdict Free

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19.5.2014 8:08:44 | Computer Name = svetla-PC | Source = WinMgmt | ID = 10
Description =

Error - 19.5.2014 8:08:45 | Computer Name = svetla-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace TrustedInstaller.exe, verze 6.0.6002.18005, časové
razítko 0x49e01af1, chybující modul kernel32.dll, verze 6.0.6002.18449, časové
razítko 0x4da47967, kód výjimky 0xc0000005, posun chyby 0x00049668, ID procesu 0x588,
čas spuštění aplikace 0x01cf735b13f58025.

Error - 19.5.2014 8:11:22 | Computer Name = svetla-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error - 19.5.2014 8:52:13 | Computer Name = svetla-PC | Source = WinMgmt | ID = 10
Description =

Error - 19.5.2014 8:52:17 | Computer Name = svetla-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace TrustedInstaller.exe, verze 6.0.6002.18005, časové
razítko 0x49e01af1, chybující modul kernel32.dll, verze 6.0.6002.18449, časové
razítko 0x4da47967, kód výjimky 0xc0000005, posun chyby 0x00049668, ID procesu 0x570,
čas spuštění aplikace 0x01cf73611be124bf.

Error - 19.5.2014 8:54:22 | Computer Name = svetla-PC | Source = WinMgmt | ID = 10
Description =

Error - 19.5.2014 8:54:23 | Computer Name = svetla-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace TrustedInstaller.exe, verze 6.0.6002.18005, časové
razítko 0x49e01af1, chybující modul kernel32.dll, verze 6.0.6002.18449, časové
razítko 0x4da47967, kód výjimky 0xc0000005, posun chyby 0x00049668, ID procesu 0xe7c,
čas spuštění aplikace 0x01cf736173b0aa8f.

Error - 19.5.2014 8:59:27 | Computer Name = svetla-PC | Source = WinMgmt | ID = 10
Description =

Error - 19.5.2014 8:59:28 | Computer Name = svetla-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace TrustedInstaller.exe, verze 6.0.6002.18005, časové
razítko 0x49e01af1, chybující modul kernel32.dll, verze 6.0.6002.18449, časové
razítko 0x4da47967, kód výjimky 0xc0000005, posun chyby 0x00049668, ID procesu 0x990,
čas spuštění aplikace 0x01cf736229aae8af.

Error - 19.5.2014 11:42:14 | Computer Name = svetla-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

[ System Events ]
Error - 19.5.2014 8:42:41 | Computer Name = svetla-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 19.5.2014 8:47:48 | Computer Name = svetla-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 19.5.2014 8:52:01 | Computer Name = svetla-PC | Source = APPHOSTSVC | ID = 9010
Description =

Error - 19.5.2014 8:52:13 | Computer Name = svetla-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19.5.2014 8:52:13 | Computer Name = svetla-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 19.5.2014 8:52:13 | Computer Name = svetla-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 19.5.2014 8:52:14 | Computer Name = svetla-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 19.5.2014 8:52:20 | Computer Name = svetla-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 19.5.2014 8:54:26 | Computer Name = svetla-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 19.5.2014 8:59:31 | Computer Name = svetla-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

Re: Prosím o kontrolu logu po odvirování

Napsal: 20 kvě 2014 15:46
od vyosek
:arrow: Spustte znovu OTL
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    :otl
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\svetla\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\appliand.sys -- (appliandMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adusbser.sys -- (adusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adusbnet.sys -- (adusbnet)
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&AF=108298&babsrc=SP_ss&mntrId=28bce4120000000000000016eac51966
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (DebugBar (Toolbar)) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1404084969-4032197657-1012067246-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Inspect Element with DebugBar - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
[2014.05.18 14:40:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.05.18 14:40:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.05.18 14:40:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.05.18 11:22:31 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.05.18 11:21:23 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.05.18 11:21:21 | 000,000,000 | ---D | C] -- C:\Users\svetla\Desktop\mbar
[2014.05.17 23:29:50 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.05.17 23:29:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.05.17 22:22:31 | 000,000,000 | ---D | C] -- C:\FRST
[2014.05.17 16:15:45 | 000,000,000 | ---D | C] -- C:\rsit

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
  • Nasledne kliknete na Opravit
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Prosím o kontrolu logu po odvirování

Napsal: 20 kvě 2014 16:18
od pepis09
Dobrý den,
ok, už jdu na to.
Sem si říkal, jestli jste na mě nezanevřel, když se mnou je tolik práce.
Moc děkuju za ochotu.

Pepa

Re: Prosím o kontrolu logu po odvirování

Napsal: 20 kvě 2014 16:34
od vyosek
Zdravim,

nezanevrel, ale jaksi jsem mel dulezite studijni povinnosti :oops:

Re: Prosím o kontrolu logu po odvirování

Napsal: 20 kvě 2014 16:46
od pepis09
Tak to jo, hlavně ať Vám to dobře dopadne a moc Vás netrápí.

tady je ten log

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named mbr was found to stop!
Service\Driver key mbr not found.
File C:\Users\svetla\AppData\Local\Temp\mbr.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Service appliandMP stopped successfully!
Service appliandMP deleted successfully!
File system32\DRIVERS\appliand.sys not found.
Service adusbser stopped successfully!
Service adusbser deleted successfully!
File system32\DRIVERS\adusbser.sys not found.
Service adusbnet stopped successfully!
Service adusbnet deleted successfully!
File system32\DRIVERS\adusbnet.sys not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69FC0024-10EB-480A-BBF2-3BF4E78E17B1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC0024-10EB-480A-BBF2-3BF4E78E17B1}\ deleted successfully.
C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3E1201F4-1707-409F-BB45-A5F192381DA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E1201F4-1707-409F-BB45-A5F192381DA0}\ deleted successfully.
C:\Program Files\Core Services\DebugBar\DebugToolBar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1404084969-4032197657-1012067246-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1404084969-4032197657-1012067246-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
C:\Program Files\Windows Live Toolbar\msntb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Inspect Element with DebugBar\ deleted successfully.
File C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ deleted successfully.
C:\Windows\SWREG.exe moved successfully.
C:\Windows\SWSC.exe moved successfully.
C:\Windows\NIRCMD.exe moved successfully.
C:\Windows\System32\drivers\MBAMSwissArmy.sys moved successfully.
C:\Windows\System32\drivers\mbamchameleon.sys moved successfully.
C:\Users\svetla\Desktop\mbar\Plugins folder moved successfully.
C:\Users\svetla\Desktop\mbar\Languages folder moved successfully.
C:\Users\svetla\Desktop\mbar\imageformats folder moved successfully.
C:\Users\svetla\Desktop\mbar\Data\Configuration folder moved successfully.
C:\Users\svetla\Desktop\mbar\Data folder moved successfully.
C:\Users\svetla\Desktop\mbar folder moved successfully.
C:\Windows\System32\sqlite3.dll moved successfully.
C:\AdwCleaner\Quarantine\C\Windows\system32 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Windows folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\searchplugins folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Plugins folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\modules folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\META-INF folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\lib folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\defaults\preferences folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\defaults folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\ctypes folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\components\mam folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\components folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\test\toolbar\lib folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\test\toolbar\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\test\toolbar folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\test folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\sl folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\lib\jquery.jscrollpane folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\lib\jquery.alerts folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\lib folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\core folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\WEATHER folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\TWITTER folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\SEARCH folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\Optimizer folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\wa folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\menu\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\menu\img folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\menu\css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\menu folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\gf\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\gf\img folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\gf\css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\gf folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\dlg\restart\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\dlg\restart folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui\dlg folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ui folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\sp\spsd\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\sp\spsd folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\sp\spbd\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\sp\spbd folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\sp\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\sp folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\options\js\resources folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\options\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\options\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\options\css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\options folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\msd folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\api folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ac\res folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ac\img folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ac\css folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\ac folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\aboutBox\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\aboutBox\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al\aboutBox folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb\al folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\tb folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\logic\uninstall\dialog\js folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\logic\uninstall\dialog\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\logic\uninstall\dialog\css folder moved successfully.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\logic\uninstall\dialog scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\logic\uninstall scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\logic scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415 scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf} scheduled to be moved on reboot.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\ffxtlbr@babylon.com folder moved successfully.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions scheduled to be moved on reboot.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\weather folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\radio folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\feed folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\emailnotifier folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\SearchProtectorDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\DetectedAppDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\DefualtImages folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs\AddedAppDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\Dialogs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415\apps folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\CT1269415 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon\modules\3.9.0.3 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon\modules\3.8.1.0 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon\modules\3.8.0.8 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon\modules\3.7.0.6 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon\modules\3.6.0.10 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon\modules\3.5.0.12 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon\modules folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon\alert\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon\alert\Dialogs\AppNotificationDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon\alert\Dialogs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon\alert folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\ConduitCommon folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Conduit\alert\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Conduit\alert\Dialogs\AppNotificationDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Conduit\alert\Dialogs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Conduit\alert folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Conduit folder moved successfully.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla scheduled to be moved on reboot.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Microsoft folder moved successfully.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming scheduled to be moved on reboot.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\PriceGong\Data folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\PriceGong folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\SearchInNewTab folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Rss folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Repository\conduit_CT1269415_en-us\ToolbarTranslation folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Repository\conduit_CT1269415_en-us folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Repository\conduit_CT1269415_CT1269415\ToolbarSettings folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Repository\conduit_CT1269415_CT1269415\ToolbarLogin folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Repository\conduit_CT1269415_CT1269415\DynamicDialogs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Repository\conduit_CT1269415_CT1269415\AppsMetaData folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Repository\conduit_CT1269415_CT1269415 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Repository folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\RadioPlayer folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B} folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\plugins folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\ExternalComponent folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\EmailNotifier folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\SearchProtectorRetakeoverDialog\Images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\SearchProtectorRetakeoverDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\SearchProtectorDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\DetectedAppDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\DefualtImages folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs\AddedAppDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\Dialogs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy\CacheIcons folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Download_Energy folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Repository\conduit_ConduitEngine\dynamicDialogs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Repository\conduit_ConduitEngine folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Repository folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\ExternalComponent folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorRetakeoverDialog\Images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorRetakeoverDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\DetectedAppDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\DefualtImages folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs\AddedAppDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\Dialogs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine\CacheIcons folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\ConduitEngine folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Conduit\Community Alerts\Feeds folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Conduit\Community Alerts\CacheIcons folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow\Conduit folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\LocalLow folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Local\Ilivid Player folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Local\cool_mirage\FTDownloader.exe_Url_53xixdcpvgygtyi5p1m3thfzejaycxtv\1.1.4.0 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Local\cool_mirage\FTDownloader.exe_Url_53xixdcpvgygtyi5p1m3thfzejaycxtv folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Local\cool_mirage folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Local\Babylon\Setup folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Local\Babylon folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Local folder moved successfully.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla\AppData scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users\svetla scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine\C\Users scheduled to be moved on reboot.
C:\AdwCleaner\Quarantine\C\Program Files\FTDownloader.com folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Download_Energy folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\AskTBar\bar\Settings folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\AskTBar\bar\History folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\AskTBar\bar\Cache folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\AskTBar\bar folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\AskTBar folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files folder moved successfully.
Folder move failed. C:\AdwCleaner\Quarantine\C scheduled to be moved on reboot.
Folder move failed. C:\AdwCleaner\Quarantine scheduled to be moved on reboot.
C:\AdwCleaner\Backup\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default folder moved successfully.
C:\AdwCleaner\Backup\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles folder moved successfully.
C:\AdwCleaner\Backup\C\Users\svetla\AppData\Roaming\Mozilla\Firefox folder moved successfully.
C:\AdwCleaner\Backup\C\Users\svetla\AppData\Roaming\Mozilla folder moved successfully.
C:\AdwCleaner\Backup\C\Users\svetla\AppData\Roaming folder moved successfully.
C:\AdwCleaner\Backup\C\Users\svetla\AppData folder moved successfully.
C:\AdwCleaner\Backup\C\Users\svetla folder moved successfully.
C:\AdwCleaner\Backup\C\Users folder moved successfully.
C:\AdwCleaner\Backup\C folder moved successfully.
C:\AdwCleaner\Backup folder moved successfully.
C:\AdwCleaner folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\rsit folder moved successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: svetla
->Temp folder emptied: 7576032 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16156253 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1264 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: svetla
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: svetla
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05202014_172135

Files\Folders moved on Reboot...
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\logic\uninstall\dialog not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\logic\uninstall not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content\logic not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415\content not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome\CT1269415 not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\Chrome not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf} not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default\Extensions not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles\8jqoawke.default not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox\Profiles not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla\Firefox not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming\Mozilla not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData\Roaming not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla\AppData not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users\svetla not found!
File\Folder C:\AdwCleaner\Quarantine\C\Users not found!
File\Folder C:\AdwCleaner\Quarantine\C not found!
File\Folder C:\AdwCleaner\Quarantine not found!
File\Folder C:\Users\svetla\AppData\Local\Temp\~DF348B.tmp not found!
File\Folder C:\Users\svetla\AppData\Local\Temp\~DF7937.tmp not found!
C:\Users\svetla\AppData\Local\Temp\~WRF0000.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: Prosím o kontrolu logu po odvirování

Napsal: 25 kvě 2014 08:10
od vyosek
Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz