VIRY.CZ

Dobrý den
Dostal se mi do ruky notebook s tímhle výtvorem uvnitř. Naštěstí v nouzovém režimu se mi podařilo dostat log.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Megíska at 2013-04-22 15:55:16
WIN_VISTA Service Pack 2
System drive C: has 3 GB (4%) free of 71 GB
Total RAM: 3000 MB (84% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, smarterwiki@wikiatic.com:4.1.8, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97, ffxtlbr@Facemoods.com:1.2.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.9&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
fcmdSrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll [2010-10-26 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-02 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-24 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-02 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll [2010-10-26 217088]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-24 192144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino]
C:\Windows\Domino.exe [2006-06-27 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap]
C:\Windows\VMSnap23.exe [2006-09-19 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\PROGRA~2\rundll32.exe [2013-04-16 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-08-01 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2011-02-11 171032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2011-02-11 137752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-07-25 875016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
C:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 947152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2011-02-11 172568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-05-21 6144000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2013-01-07 446648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1037608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERHI~1.EXE [2008-06-11 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2008-02-12 723496]

C:\Users\Megíska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
msconfig.lnk - C:\Windows\System32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 228864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-04-22 15:54:40 ----A---- C:\Windows\system32\drivers\qiafiyke.sys
2013-04-22 15:52:28 ----A---- C:\Windows\ntbtlog.txt
2013-04-22 15:48:03 ----D---- C:\Windows\pss
2013-04-22 15:45:38 ----D---- C:\Program Files\trend micro
2013-04-22 15:45:37 ----D---- C:\rsit
2013-04-18 10:24:44 ----A---- C:\ProgramData\vq2mj.js
2013-04-18 10:24:43 ----A---- C:\ProgramData\jm2qv.dat
2013-04-16 14:35:18 ----A---- C:\ProgramData\inmjdz2.js
2013-04-16 14:35:18 ----A---- C:\ProgramData\as98213.txt
2013-04-16 13:33:00 ----A---- C:\ProgramData\rundll32.exe
2013-04-16 13:33:00 ----A---- C:\ProgramData\2zdjmni.dat
2013-04-11 20:07:20 ----A---- C:\Windows\system32\mshtmled.dll
2013-04-11 20:07:19 ----A---- C:\Windows\system32\vbscript.dll
2013-04-11 20:07:13 ----A---- C:\Windows\system32\jsproxy.dll
2013-04-11 20:07:13 ----A---- C:\Windows\system32\ieui.dll
2013-04-11 20:07:11 ----A---- C:\Windows\system32\msfeeds.dll
2013-04-11 20:07:11 ----A---- C:\Windows\system32\ieUnatt.exe
2013-04-11 20:07:09 ----A---- C:\Windows\system32\wininet.dll
2013-04-11 20:07:09 ----A---- C:\Windows\system32\jscript.dll
2013-04-11 20:07:06 ----A---- C:\Windows\system32\url.dll
2013-04-11 20:07:06 ----A---- C:\Windows\system32\jscript9.dll
2013-04-11 20:07:05 ----A---- C:\Windows\system32\iertutil.dll
2013-04-11 20:07:04 ----A---- C:\Windows\system32\urlmon.dll
2013-04-11 20:06:59 ----A---- C:\Windows\system32\mshtml.dll
2013-04-11 20:06:59 ----A---- C:\Windows\system32\ieframe.dll
2013-04-11 10:37:44 ----A---- C:\Windows\system32\win32k.sys
2013-04-11 10:37:40 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-04-11 10:37:39 ----A---- C:\Windows\system32\smss.exe
2013-04-11 10:37:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-04-11 10:37:39 ----A---- C:\Windows\system32\csrsrv.dll
2013-04-11 10:37:37 ----A---- C:\Windows\system32\mstscax.dll
2013-04-11 10:37:35 ----A---- C:\Windows\system32\winsrv.dll
2013-03-23 16:43:44 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2013-04-22 15:55:13 ----D---- C:\Windows\Temp
2013-04-22 15:54:40 ----D---- C:\Windows\system32\drivers
2013-04-22 15:52:28 ----D---- C:\Windows
2013-04-22 15:46:59 ----D---- C:\Windows\Prefetch
2013-04-22 15:45:38 ----RD---- C:\Program Files
2013-04-22 15:43:51 ----D---- C:\Windows\System32
2013-04-22 15:43:51 ----D---- C:\Windows\inf
2013-04-22 15:43:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-22 15:37:19 ----HD---- C:\ProgramData
2013-04-22 15:33:21 ----SHD---- C:\Windows\Installer
2013-04-22 15:33:20 ----D---- C:\ProgramData\Microsoft Help
2013-04-22 15:32:50 ----A---- C:\Windows\win.ini
2013-04-22 15:31:25 ----SHD---- C:\System Volume Information
2013-04-13 19:22:52 ----D---- C:\Windows\system32\migration
2013-04-13 19:22:51 ----D---- C:\Program Files\Internet Explorer
2013-04-11 20:10:06 ----D---- C:\Windows\winsxs
2013-04-11 20:08:28 ----D---- C:\Windows\system32\catroot2
2013-04-11 20:08:28 ----D---- C:\Windows\system32\catroot
2013-04-11 20:02:54 ----A---- C:\Windows\system32\mrt.exe
2013-04-02 12:33:22 ----N---- C:\Windows\system32\MpSigStub.exe
2013-03-27 20:20:52 ----D---- C:\Program Files\Google
2013-03-24 20:56:49 ----SD---- C:\Users\Megíska\AppData\Roaming\Microsoft
2013-03-24 20:41:35 ----D---- C:\Users\Megíska\AppData\Roaming\ICQ
2013-03-24 20:27:45 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-02-22 198064]
S0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 195296]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-15 691696]
S1 eumkzswr;eumkzswr; \??\C:\Windows\system32\drivers\eumkzswr.sys []
S1 qiafiyke;qiafiyke; \??\C:\Windows\system32\drivers\qiafiyke.sys [2013-04-22 43600]
S1 rcgtuysf;rcgtuysf; \??\C:\Windows\system32\drivers\rcgtuysf.sys []
S2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
S2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
S2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
S2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-30 1184768]
S3 AVerAF15;AVerMedia A815; C:\Windows\System32\Drivers\AVerAF15.sys [2008-10-24 280576]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-21 2143136]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 MHIKEY10;MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [2010-12-02 52096]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\Windows\system32\DRIVERS\splitcam.sys [2009-08-18 13824]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 vmfilter323;323 filter service, Normal; C:\Windows\system32\drivers\vmfilter323.sys [2006-08-08 476672]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323); C:\Windows\System32\Drivers\usbvm323.sys [2006-12-28 260096]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 20456]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S4 AfaService;Afa Card Reader Service; C:\Windows\system32\afasrv32.exe [2011-07-18 65536]
S4 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
S4 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S4 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S4 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 gupdate1c9d27e1cbdd930;Služba Google Update (gupdate1c9d27e1cbdd930); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-12 194032]
S4 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S4 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S4 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-23 115608]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S4 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
S4 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-05-14 360192]
S4 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-05-14 603904]
S4 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S4 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Pořád jsem v nouzovém režimu v normálním ta havěť blokuje všechno. Nevadí že jsem RKill spustil v nouzovém režimu?
Mohu jít na Combofix?

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/22/2013 04:18:50 PM in x86 mode.
Windows Version: Windows Vista (TM) Home Basic Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Služba BFE (BFE) is not Running.
Startup Type set to: Disabled

* Klient DHCP (Dhcp) is not Running.
Startup Type set to: Disabled

* Klient DNS (Dnscache) is not Running.
Startup Type set to: Disabled

* Systém událostí COM+ (EventSystem) is not Running.
Startup Type set to: Disabled

* Brána firewall systému Windows (MpsSvc) is not Running.
Startup Type set to: Disabled

* Síťová připojení (Netman) is not Running.
Startup Type set to: Disabled

* Služba rozhraní síťového úložiště (nsi) is not Running.
Startup Type set to: Disabled

* Služba WMI (Winmgmt) is not Running.
Startup Type set to: Disabled

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Disabled

* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled

* Ancilliary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Ovladač ověření brány firewall systému Windows (mpsdrv) is not Running.
Startup Type set to: Manual

* NETBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service (nsiproxy) is not Running.
Startup Type set to: System

* Ovladač pro podporu zastaralého rozhraní TDI NetIO (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 04/22/2013 04:19:07 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)

Ano, CF i RKill je mozne aplikovat v nouzaku, takze tam pustte nyni CF

Tak hotovo.
Notebook je stále v nouzovém režimu, můžu zkusit normální režim?

ComboFix 13-04-22.01 - Megíska 22.04.2013 16:51:16.1.1 - x86 MINIMAL
Spuštěný z: c:\users\MegÝska\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\uninstall.exe
c:\programdata\2zdjmni.dat
c:\programdata\6390641.pad
c:\programdata\inmjdz2.pad
c:\programdata\jm2qv.dat
c:\programdata\rundll32.exe
c:\programdata\vq2mj.pad
c:\users\Megíska\8833501.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\scvideo.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-22 do 2013-04-22 )))))))))))))))))))))))))))))))
.
.
2013-04-22 14:57 . 2013-04-22 14:58 -------- d-----w- c:\users\Megíska\AppData\Local\temp
2013-04-22 14:57 . 2013-04-22 14:57 -------- d-----w- c:\users\Thooms\AppData\Local\temp
2013-04-22 14:57 . 2013-04-22 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-22 13:54 . 2013-04-22 13:54 43600 ----a-w- c:\windows\system32\drivers\qiafiyke.sys
2013-04-22 13:53 . 2013-04-22 13:53 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEBCE377-A539-4A64-9B04-25E45C5226CE}\offreg.dll
2013-04-22 13:45 . 2013-04-22 13:45 -------- d-----w- c:\program files\trend micro
2013-04-22 13:45 . 2013-04-22 13:55 -------- d-----w- C:\rsit
2013-04-18 08:24 . 2013-04-18 08:24 2609 ----a-w- c:\programdata\vq2mj.js
2013-04-18 08:24 . 2013-04-18 08:24 99328 ----a-w- c:\users\Megíska\1077424.dll
2013-04-16 12:53 . 2013-03-15 07:21 7108640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEBCE377-A539-4A64-9B04-25E45C5226CE}\mpengine.dll
2013-04-16 12:35 . 2013-04-16 12:35 2659 ----a-w- c:\programdata\inmjdz2.js
2013-04-15 08:51 . 2013-03-15 07:21 7108640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-11 08:37 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 08:37 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-11 08:37 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 08:37 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 08:37 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-11 08:37 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-11 08:37 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-18 08:24 . 2013-04-18 08:24 99328 ----a-w- c:\users\Megíska\1077424.dll
2013-04-18 08:24 . 2013-04-18 08:24 99328 ----a-w- c:\users\Megíska\1077424.dll
2013-04-02 10:33 . 2009-10-03 11:00 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 16:31 . 2012-06-14 09:19 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:31 . 2011-07-17 15:08 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 01:57 . 2013-03-22 12:18 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-23 14:44 . 2013-03-23 14:43 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
c:\users\Megíska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
msconfig.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino]
2006-06-27 18:54 49152 ----a-w- c:\windows\Domino.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap]
2006-09-19 06:26 212992 ----a-w- c:\windows\VMSnap23.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-08-01 07:51 405504 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 18:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 18:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-25 03:48 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-01-27 10:11 947152 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 18:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-21 02:06 6144000 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-01-07 11:03 446648 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-23 10:30 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 19:50 1037608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4155293530-578101556-416198297-1003]
"EnableNotificationsRef"=dword:00000001
.
R4 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 08:04 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 16:31]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 21:18]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-03 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-ctfmon - c:\progra~2\rundll32.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.4\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-22 16:58
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1732)
c:\windows\system32\btncopy.dll
.
Celkový čas: 2013-04-22 17:01:00
ComboFix-quarantined-files.txt 2013-04-22 15:00
.
Před spuštěním: 3 544 621 056
Po spuštění: 4 291 125 248
.
- - End Of File - - F15E67012C04176E7C530130E9F6CFD4

Zatim stale pracujte v nouzovem rezimu

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Bohužel nelze spustit. Asi mi nic jiného nezbude než restartovat.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Tak jsem v normálním režimu. Scan AdwCleanerem proběhl bez problémů a zatím nic od "Policie" nevyskočilo.
Jak ale vidím ty logy ten notebook je řádně zasviněný.

# AdwCleaner v2.201 - Log vytvooen 22/04/2013 v 18:03:41
# Aktualizováno 21/04/2013 Xplode
# Operaení systém : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Uživatel : Megíska - MEGÍSKA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Megíska\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

Nalezeno : ICQ Service

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files\Ask.com
Složka Nalezeno : C:\Program Files\BS_Player
Složka Nalezeno : C:\Program Files\Conduit
Složka Nalezeno : C:\Program Files\DAEMON Tools Toolbar
Složka Nalezeno : C:\Program Files\ICQ6Toolbar
Složka Nalezeno : C:\Program Files\SweetIM
Složka Nalezeno : C:\ProgramData\ICQ\ICQToolbar
Složka Nalezeno : C:\ProgramData\SweetIM
Složka Nalezeno : C:\Users\Megíska\AppData\Local\AskToolbar
Složka Nalezeno : C:\Users\Megíska\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Složka Nalezeno : C:\Users\Megíska\AppData\LocalLow\AskToolbar
Složka Nalezeno : C:\Users\Megíska\AppData\LocalLow\BS_Player
Složka Nalezeno : C:\Users\Megíska\AppData\LocalLow\Conduit
Složka Nalezeno : C:\Users\Megíska\AppData\LocalLow\facemoods.com
Složka Nalezeno : C:\Users\Megíska\AppData\LocalLow\SweetIM
Složka Nalezeno : C:\Users\Thooms\AppData\Local\AskToolbar
Složka Nalezeno : C:\Users\Thooms\AppData\LocalLow\AskToolbar
Složka Nalezeno : C:\Users\Thooms\AppData\LocalLow\BS_Player
Složka Nalezeno : C:\Users\Thooms\AppData\LocalLow\Conduit
Složka Nalezeno : C:\Users\Thooms\AppData\LocalLow\facemoods.com
Složka Nalezeno : C:\Users\Thooms\AppData\LocalLow\SweetIM
Složka Nalezeno : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Soubor Nalezeno : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Klíe Nalezeno : HKCU\Software\AppDataLow\AskToolbarInfo
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\AskToolbar
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\BS_Player
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Nalezeno : HKCU\Software\AppDataLow\Toolbar
Klíe Nalezeno : HKCU\Software\AskToolbar
Klíe Nalezeno : HKCU\Software\AVG Security Toolbar
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\facemoods.com
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Nalezeno : HKLM\Software\BS_Player
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{372AAA3D-40B3-4BA2-9BEE-680E59E9524E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\escort.escortIEPane
Klíe Nalezeno : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Klíe Nalezeno : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Klíe Nalezeno : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Klíe Nalezeno : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Klíe Nalezeno : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Klíe Nalezeno : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\Software\facemoods.com
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{372AAA3D-40B3-4BA2-9BEE-680E59E9524E}
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Klíe Nalezeno : HKU\S-1-5-21-4155293530-578101556-416198297-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Klíe Nalezeno : HKU\S-1-5-21-4155293530-578101556-416198297-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Klíe Nalezeno : HKU\S-1-5-21-4155293530-578101556-416198297-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com

-\\ Mozilla Firefox v19.0.2 (cs)

Soubor : C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\prefs.js

Nalezeno : user_pref("extensions.facemoods.aflt", "_#wbst");
Nalezeno : user_pref("extensions.facemoods.firstRun", false);
Nalezeno : user_pref("extensions.facemoods.lastActv", "22");
Nalezeno : user_pref("icqtoolbar.allowSendURL", false);
Nalezeno : user_pref("icqtoolbar.engineVerified", false);
Nalezeno : user_pref("icqtoolbar.geolastmodified", 1311086852);
Nalezeno : user_pref("icqtoolbar.hiddenElements", "itb_options");
Nalezeno : user_pref("icqtoolbar.icqgeo", 4201);
Nalezeno : user_pref("icqtoolbar.installTime", "1302720562");
Nalezeno : user_pref("icqtoolbar.installsource", "1");
Nalezeno : user_pref("icqtoolbar.newtab_state", "1");
Nalezeno : user_pref("icqtoolbar.numberOfSearches", 0);
Nalezeno : user_pref("icqtoolbar.previousFFVersion", "3.6.18");
Nalezeno : user_pref("icqtoolbar.skip_default_search", "no");
Nalezeno : user_pref("icqtoolbar.suggestions", false);
Nalezeno : user_pref("icqtoolbar.uniqueID", "130055880113005590901302720562953");
Nalezeno : user_pref("icqtoolbar.usageStatstTimestamp", 1311086854);
Nalezeno : user_pref("icqtoolbar.version", "1.1.9");
Nalezeno : user_pref("icqtoolbar.voucherHideClicks", 0);
Nalezeno : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Nalezeno : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Nalezeno : user_pref("icqtoolbar.voucherWasShown", 0);
Nalezeno : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Nalezeno : user_pref("icqtoolbar.xmlLanguage", "cs");
Nalezeno : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");

Soubor : C:\Users\Thooms\AppData\Roaming\Mozilla\Firefox\Profiles\n37luzs3.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v26.0.1410.64

Soubor : C:\Users\Megíska\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.1851] : homepage = "hxxp://start.facemoods.com/?a=wbst",
Nalezeno [l.2057] : urls_to_restore_on_startup = [ "hxxp://start.facemoods.com/?a=wbst" ]

Soubor : C:\Users\Thooms\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [21878 octets] - [22/04/2013 18:03:42]

########## EOF - C:\AdwCleaner[R1].txt - [21939 octets] ##########

Aaaano, je tam toho jeste spousty na cisteni

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Tak tady to je.

# AdwCleaner v2.201 - Log vytvooen 22/04/2013 v 18:18:22
# Aktualizováno 21/04/2013 Xplode
# Operaení systém : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Uživatel : Megíska - MEGÍSKA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Megíska\Desktop\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

Zastaveno & vymazáno : ICQ Service

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files\Ask.com
Složka Vymazáno : C:\Program Files\BS_Player
Složka Vymazáno : C:\Program Files\Conduit
Složka Vymazáno : C:\Program Files\DAEMON Tools Toolbar
Složka Vymazáno : C:\Program Files\ICQ6Toolbar
Složka Vymazáno : C:\Program Files\SweetIM
Složka Vymazáno : C:\ProgramData\ICQ\ICQToolbar
Složka Vymazáno : C:\ProgramData\SweetIM
Složka Vymazáno : C:\Users\Megíska\AppData\Local\AskToolbar
Složka Vymazáno : C:\Users\Megíska\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Složka Vymazáno : C:\Users\Megíska\AppData\LocalLow\AskToolbar
Složka Vymazáno : C:\Users\Megíska\AppData\LocalLow\BS_Player
Složka Vymazáno : C:\Users\Megíska\AppData\LocalLow\Conduit
Složka Vymazáno : C:\Users\Megíska\AppData\LocalLow\facemoods.com
Složka Vymazáno : C:\Users\Megíska\AppData\LocalLow\SweetIM
Složka Vymazáno : C:\Users\Thooms\AppData\Local\AskToolbar
Složka Vymazáno : C:\Users\Thooms\AppData\LocalLow\AskToolbar
Složka Vymazáno : C:\Users\Thooms\AppData\LocalLow\BS_Player
Složka Vymazáno : C:\Users\Thooms\AppData\LocalLow\Conduit
Složka Vymazáno : C:\Users\Thooms\AppData\LocalLow\facemoods.com
Složka Vymazáno : C:\Users\Thooms\AppData\LocalLow\SweetIM
Složka Vymazáno : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Soubor Vymazáno : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Klíe Vymazáno : HKCU\Software\AppDataLow\AskToolbarInfo
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\AskToolbar
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\BS_Player
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Vymazáno : HKCU\Software\AppDataLow\Toolbar
Klíe Vymazáno : HKCU\Software\AskToolbar
Klíe Vymazáno : HKCU\Software\AVG Security Toolbar
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\facemoods.com
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Vymazáno : HKLM\Software\BS_Player
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{372AAA3D-40B3-4BA2-9BEE-680E59E9524E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\escort.escortIEPane
Klíe Vymazáno : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Klíe Vymazáno : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Klíe Vymazáno : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Klíe Vymazáno : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Klíe Vymazáno : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Klíe Vymazáno : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Klíe Vymazáno : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Klíe Vymazáno : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\Software\facemoods.com
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{372AAA3D-40B3-4BA2-9BEE-680E59E9524E}
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Zaminino : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (cs)

Soubor : C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\prefs.js

Vymazáno : user_pref("extensions.facemoods.aflt", "_#wbst");
Vymazáno : user_pref("extensions.facemoods.firstRun", false);
Vymazáno : user_pref("extensions.facemoods.lastActv", "22");
Vymazáno : user_pref("icqtoolbar.allowSendURL", false);
Vymazáno : user_pref("icqtoolbar.engineVerified", false);
Vymazáno : user_pref("icqtoolbar.geolastmodified", 1311086852);
Vymazáno : user_pref("icqtoolbar.hiddenElements", "itb_options");
Vymazáno : user_pref("icqtoolbar.icqgeo", 4201);
Vymazáno : user_pref("icqtoolbar.installTime", "1302720562");
Vymazáno : user_pref("icqtoolbar.installsource", "1");
Vymazáno : user_pref("icqtoolbar.newtab_state", "1");
Vymazáno : user_pref("icqtoolbar.numberOfSearches", 0);
Vymazáno : user_pref("icqtoolbar.previousFFVersion", "3.6.18");
Vymazáno : user_pref("icqtoolbar.skip_default_search", "no");
Vymazáno : user_pref("icqtoolbar.suggestions", false);
Vymazáno : user_pref("icqtoolbar.uniqueID", "130055880113005590901302720562953");
Vymazáno : user_pref("icqtoolbar.usageStatstTimestamp", 1311086854);
Vymazáno : user_pref("icqtoolbar.version", "1.1.9");
Vymazáno : user_pref("icqtoolbar.voucherHideClicks", 0);
Vymazáno : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Vymazáno : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Vymazáno : user_pref("icqtoolbar.voucherWasShown", 0);
Vymazáno : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Vymazáno : user_pref("icqtoolbar.xmlLanguage", "cs");
Vymazáno : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");

Soubor : C:\Users\Thooms\AppData\Roaming\Mozilla\Firefox\Profiles\n37luzs3.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v26.0.1410.64

Soubor : C:\Users\Megíska\AppData\Local\Google\Chrome\User Data\Default\Preferences

Vymazáno [l.1851] : homepage = "hxxp://start.facemoods.com/?a=wbst",
Vymazáno [l.2057] : urls_to_restore_on_startup = [ "hxxp://start.facemoods.com/?a=wbst" ]

Soubor : C:\Users\Thooms\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [22009 octets] - [22/04/2013 18:03:42]
AdwCleaner[R2].txt - [22070 octets] - [22/04/2013 18:13:34]
AdwCleaner[S1].txt - [21495 octets] - [22/04/2013 18:18:22]

########## EOF - C:\AdwCleaner[S1].txt - [21556 octets] ##########

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Hotovo

OTL logfile created on: 22.4.2013 18:57:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Megíska\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,93 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 43,28% Memory free
6,10 Gb Paging File | 4,37 Gb Available in Paging File | 71,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 0,61 Gb Free Space | 0,88% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 9,82 Gb Free Space | 14,11% Space Free | Partition Type: NTFS
Drive G: | 3,59 Gb Total Space | 3,12 Gb Free Space | 86,85% Space Free | Partition Type: FAT32

Computer Name: MEGÍSKA-PC | User Name: Megíska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.04.22 18:52:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Megíska\Desktop\OTL.exe
PRC - [2013.04.22 18:37:45 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Megíska\AppData\Local\temp\RtkBtMnt.exe
PRC - [2013.03.23 16:44:28 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.03.18 17:47:58 | 000,448,736 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013.03.13 18:31:14 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe
PRC - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.07.18 18:20:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\afasrv32.exe
PRC - [2009.05.14 19:37:27 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008.12.09 20:01:50 | 000,405,504 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.07.25 05:48:10 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.06.11 12:34:02 | 000,159,744 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2008.05.21 04:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.02.12 13:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.09.19 08:26:10 | 000,212,992 | ---- | M] () -- C:\Windows\VMSnap23.exe
PRC - [2006.06.27 20:54:00 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\Domino.exe

========== Modules (No Company Name) ==========

MOD - [2013.03.23 16:44:01 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.02.22 09:24:00 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll
MOD - [2013.02.20 21:34:47 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013.01.24 21:34:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013.01.24 21:33:49 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.24 21:32:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.24 21:32:35 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.11.07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.04.30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2009.02.11 20:34:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2009.02.11 20:34:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009.02.11 20:34:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.09.03 16:28:24 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2008.06.11 12:34:02 | 000,159,744 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
MOD - [2008.02.12 13:12:50 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006.09.19 08:26:10 | 000,212,992 | ---- | M] () -- C:\Windows\VMSnap23.exe
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Services (SafeList) ==========

SRV - [2013.03.23 16:44:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.13 18:31:35 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Running] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.18 18:20:21 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Windows\System32\afasrv32.exe -- (AfaService)
SRV - [2009.05.14 19:37:27 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.05.14 19:37:18 | 000,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.12.11 13:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.12.09 20:01:50 | 000,405,504 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\rcgtuysf.sys -- (rcgtuysf)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\eumkzswr.sys -- (eumkzswr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MEGSKA~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (awp9r3m7)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.12.02 05:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010.05.15 09:15:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.09.30 07:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.08.18 21:54:11 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2008.10.24 04:23:58 | 000,280,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15)
DRV - [2008.06.30 15:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.03.21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.12.26 08:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.12.28 07:44:40 | 000,260,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2006.08.08 05:25:40 | 000,476,672 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2005.02.11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=i ... lz=1I7ACAW

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\URLSearchHook: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{2F219E4B-B275-474A-BC30-A7E44AFDF668}: "URL" = http://www.google.com/search?q={searchT ... AW_csCZ327
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{438533F0-727E-4081-B900-DB869597EACC}: "URL" = http://www.webhledani.cz/results.aspx?i ... earchTerms}
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{60FBABBC-DC99-4A38-ADEB-465E65F3B51B}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... earchTerms}
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=i ... AW_csCZ327
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4155293530-578101556-416198297-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.23 16:44:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.23 16:43:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.23 16:44:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.23 16:43:45 | 000,000,000 | ---D | M]

[2010.12.25 14:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megíska\AppData\Roaming\Mozilla\Extensions
[2013.03.29 00:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\extensions
[2011.03.16 19:11:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.03.29 00:02:13 | 000,361,682 | ---- | M] () (No name found) -- C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\extensions\smarterwiki@wikiatic.com.xpi
[2013.03.05 10:48:06 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Megíska\AppData\Roaming\Mozilla\Firefox\Profiles\goty2d22.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.23 16:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\MEGĂSKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GOTY2D22.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2013.03.23 16:44:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.23 16:43:55 | 000,002,421 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2013.03.23 16:43:55 | 000,000,851 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2013.03.23 16:43:55 | 000,001,580 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2013.03.23 16:43:55 | 000,000,867 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2013.03.23 16:43:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2013.04.22 16:58:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BigDogPath323Domino] C:\Windows\Domino.exe (Vimicro)
O4 - HKLM..\Run: [BigDogPath323VMSnap] C:\Windows\VMSnap23.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4155293530-578101556-416198297-1003..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4155293530-578101556-416198297-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4155293530-578101556-416198297-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12CB3AC6-764C-4853-8772-F2783712E70B}: DhcpNameServer = 195.113.44.11 195.113.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{154AC19B-9FF5-487C-BE42-6F5A209D2C55}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Megíska\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Megíska\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.04.22 18:54:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Megíska\Desktop\OTL.exe
[2013.04.22 18:52:52 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013.04.22 17:01:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.22 17:01:02 | 000,000,000 | ---D | C] -- C:\Users\Megíska\AppData\Local\temp
[2013.04.22 17:00:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.22 16:47:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.22 16:47:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.22 16:47:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.22 16:47:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.22 16:47:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.22 16:21:21 | 005,058,971 | R--- | C] (Swearware) -- C:\Users\Megíska\Desktop\ComboFix.exe
[2013.04.22 16:18:33 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Megíska\Desktop\rkill.exe
[2013.04.22 15:48:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.04.22 15:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.04.22 15:45:37 | 000,000,000 | ---D | C] -- C:\rsit
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.04.22 19:00:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.04.22 19:00:05 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2013.04.22 18:56:01 | 000,610,968 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.04.22 18:56:01 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.22 18:56:01 | 000,119,536 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.04.22 18:56:01 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.22 18:52:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Megíska\Desktop\OTL.exe
[2013.04.22 18:43:52 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.04.22 18:37:14 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.22 18:34:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 18:34:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 18:34:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.04.22 18:34:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.22 18:34:02 | 3146,735,616 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.22 18:30:16 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.22 18:10:11 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.22 17:57:46 | 000,001,356 | ---- | M] () -- C:\Users\Megíska\AppData\Local\d3d9caps.dat
[2013.04.22 17:25:08 | 000,615,935 | ---- | M] () -- C:\Users\Megíska\Desktop\adwcleaner.exe
[2013.04.22 16:58:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.22 16:16:52 | 005,058,971 | R--- | M] (Swearware) -- C:\Users\Megíska\Desktop\ComboFix.exe
[2013.04.22 16:16:22 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Megíska\Desktop\rkill.exe
[2013.04.22 15:48:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.22 15:35:34 | 000,781,383 | ---- | M] () -- C:\Users\Megíska\Desktop\RSIT.exe
[2013.04.18 10:24:44 | 000,002,609 | ---- | M] () -- C:\ProgramData\vq2mj.js
[2013.04.18 10:24:43 | 000,099,328 | ---- | M] () -- C:\Users\Megíska\1077424.dll
[2013.04.16 14:35:18 | 000,002,659 | ---- | M] () -- C:\ProgramData\inmjdz2.js
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.04.22 19:00:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.04.22 18:32:49 | 000,002,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
[2013.04.22 18:32:49 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2013.04.22 18:01:40 | 3146,735,616 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.22 17:27:05 | 000,615,935 | ---- | C] () -- C:\Users\Megíska\Desktop\adwcleaner.exe
[2013.04.22 16:47:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.22 16:47:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.22 16:47:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.22 16:47:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.22 16:47:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.22 15:45:20 | 000,781,383 | ---- | C] () -- C:\Users\Megíska\Desktop\RSIT.exe
[2013.04.18 10:24:44 | 000,002,609 | ---- | C] () -- C:\ProgramData\vq2mj.js
[2013.04.18 10:24:42 | 000,099,328 | ---- | C] () -- C:\Users\Megíska\1077424.dll
[2013.04.16 14:35:18 | 000,002,659 | ---- | C] () -- C:\ProgramData\inmjdz2.js
[2011.07.18 18:20:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\afasrv32.exe
[2009.08.18 22:04:42 | 000,002,395 | ---- | C] () -- C:\Users\Megíska\Skype.lnk
[2009.07.16 02:00:19 | 000,001,356 | ---- | C] () -- C:\Users\Megíska\AppData\Local\d3d9caps.dat
[2009.05.29 00:35:46 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.05.14 20:40:13 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.05.13 01:54:03 | 000,015,872 | ---- | C] () -- C:\Users\Megíska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.08.18 21:59:28 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Braid
[2012.06.13 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\BSplayer
[2011.03.16 19:46:45 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\DAEMON Tools Lite
[2013.03.24 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\ICQ
[2009.05.29 00:35:53 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\InterVideo
[2009.05.14 19:37:14 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\TuneUp Software
[2012.04.12 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Ulozto File Manager
[2009.08.18 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\URSoft
[2010.03.25 22:49:29 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\Broad Intelligence
[2010.09.04 08:39:15 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\BSplayer
[2010.09.04 08:32:11 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\BSplayer Pro
[2010.05.15 09:21:57 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\DAEMON Tools Lite
[2010.08.27 12:11:29 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\HighAndes
[2010.07.07 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\ICQ
[2010.05.06 16:06:01 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\InterVideo
[2010.08.25 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\Nordic Games
[2010.08.27 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\Simple Star
[2010.07.06 09:06:44 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\SoftGate
[2010.07.16 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\TuneUp Software
[2010.05.06 11:44:01 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\uTorrent
[2010.03.24 19:38:12 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\VitySoft
[2010.07.18 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\Thooms\AppData\Roaming\Zak&Jack

========== Purity Check ==========

========== Custom Scans ==========

< >
[2006.11.02 14:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:58:10 | 000,032,618 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.05.14 19:37:17 | 000,000,490 | ---- | C] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2009.07.01 18:21:53 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.07.01 18:21:54 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 11:19:09 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 00:27:22 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 00:27:22 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.21 04:34:33 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.21 04:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.21 04:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 00:32:48 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: SCECLI.DLL >
[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\erdnt\cache\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SERVICES.EXE >
[2008.01.21 04:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009.04.11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009.04.11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009.04.11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008.01.21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008.01.21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009.04.11 00:33:04 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011.09.20 23:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009.12.08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011.06.17 22:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2012.03.30 14:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2013.01.04 13:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) MD5=3535CD93F944C00F098E73E12EE7FEB6 -- C:\Windows\erdnt\cache\tcpip.sys
[2013.01.04 13:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) MD5=3535CD93F944C00F098E73E12EE7FEB6 -- C:\Windows\System32\drivers\tcpip.sys
[2013.01.04 13:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) MD5=3535CD93F944C00F098E73E12EE7FEB6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23013_none_b5863efb7cafb1c9\tcpip.sys
[2009.12.08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009.12.08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010.06.16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011.06.17 22:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010.06.16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2013.01.04 13:28:18 | 000,905,576 | ---- | M] (Microsoft Corporation) MD5=74E2D020C47BB2B2FCCBA29A518A7EB4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18764_none_b4c7b8d663b986a2\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011.09.20 23:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.12.08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010.04.05 19:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
[2009.12.08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010.04.05 22:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2012.03.30 14:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008.01.21 04:34:55 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[92 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.03.10 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Adobe
[2009.08.18 21:59:28 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Braid
[2012.06.13 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\BSplayer
[2009.05.29 00:35:46 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Corel
[2011.03.16 19:46:45 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\DAEMON Tools Lite
[2012.12.17 21:13:22 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\DivX
[2009.05.13 00:42:23 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Google
[2013.03.24 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\ICQ
[2009.05.11 22:17:03 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Identities
[2009.05.29 00:35:53 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\InterVideo
[2009.05.11 22:34:15 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Macromedia
[2013.03.24 20:56:49 | 000,000,000 | --SD | M] -- C:\Users\Megíska\AppData\Roaming\Microsoft
[2010.12.25 14:18:48 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Mozilla
[2011.12.29 09:59:19 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Nero
[2013.02.10 00:58:39 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Skype
[2012.01.10 21:58:52 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\skypePM
[2009.05.14 19:37:14 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\TuneUp Software
[2012.04.12 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Ulozto File Manager
[2009.08.18 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\URSoft
[2009.05.14 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\Winamp
[2009.05.14 19:35:47 | 000,000,000 | ---D | M] -- C:\Users\Megíska\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013.04.22 19:00:05 | 000,000,490 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2013.04.22 19:30:03 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.04.22 18:37:14 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.04.22 19:11:02 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.15 09:15:38 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.04.22 19:15:41 | 000,003,216 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 19:15:41 | 000,003,216 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 18:34:18 | 000,000,147 | ---- | M] () -- C:\Windows\system32\agent.log
[2013.04.22 18:34:30 | 000,000,000 | ---- | M] () -- C:\Windows\system32\LogConfigTemp.xml
[2013.04.22 18:56:01 | 000,119,536 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2013.04.22 18:56:01 | 000,105,164 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2013.04.22 18:56:01 | 000,610,968 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2013.04.22 18:56:01 | 000,599,150 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2013.04.22 18:56:01 | 001,426,990 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2010.08.23 12:30:32 | 000,039,408 | ---- | M] (Google Inc.)
"Sony PC Companion" = "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background -- [2013.03.18 17:47:58 | 000,448,736 | ---- | M] (Sony)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.03.23 16:44:28 | 000,917,400 | ---- | M] (Mozilla Corporation) MD5=BF2F2717C13A4BD4FD73F2788534E86B -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013.02.22 06:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) MD5=4E9592BB2C100E571F82640E59E9ECD5 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.04.22 19:00:54 | 000,000,512 | ---- | M] () MD5=633AB7D5B67AE6D1457F42614C3F36DE -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2007.03.08 15:36:14 | 000,014,807 | ---- | M] () -- \Program Files\Codemasters\Hospital Tycoon\GameData\Sounds\CRACKER.ogg

< *keygen* /s >

< *loader* /s >
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2011.03.30 17:52:32 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.4\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011.03.30 17:52:34 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.4\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011.03.30 17:52:32 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.4\imApp\theme\MUICoreLib\xtraLoader.swf
[2011.04.13 19:02:59 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.4\Xtraz\icq\content\icq_profile\preloader.html
[2011.03.30 17:53:43 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.4\Xtraz\icq\content\profile_forms\preloader.html
[2011.03.30 17:53:38 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.4\Xtraz\icq\content\profile_lightboxs\preloader.html
[2013.04.08 13:57:46 | 000,001,702 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\licenses\loaderbinarylegal.txt
[2008.06.20 19:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2012.06.18 12:39:40 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.06.18 12:39:40 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.06.18 12:39:40 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.06.18 12:39:40 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013.03.19 02:09:12 | 000,000,583 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\801ICL5M\preloader_section[1].js
[2013.03.19 13:24:17 | 000,000,723 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\801ICL5M\tp_widget_loader[1].gif
[2013.03.19 02:05:43 | 000,002,451 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LCNOPK75\lazyloader[1].js
[2013.03.19 02:05:43 | 000,000,691 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LCNOPK75\lazyloader[2].js
[2013.03.19 02:05:43 | 000,000,505 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UHIBKSRE\lazyloader[1].js
[2013.03.19 02:05:43 | 000,000,265 | ---- | M] () -- \Users\Megíska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UHIBKSRE\lazyloader[2].js
[2012.04.12 20:56:00 | 001,198,211 | ---- | M] () -- \Users\Megíska\Desktop\Uloz.to_Uploader-setup.exe
[2010.05.15 09:16:13 | 000,057,728 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2010.05.15 09:16:16 | 000,057,728 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2010.05.15 09:16:17 | 000,057,728 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2012.02.27 21:11:12 | 000,003,657 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3T0QU6OJ\loader[1].js
[2012.02.27 20:58:13 | 000,016,516 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3T0QU6OJ\preloader[1].gif
[2012.02.27 21:01:17 | 000,014,590 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3T0QU6OJ\preloader[2].gif
[2011.07.05 06:02:50 | 000,002,805 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\48REQALV\mtloader_1.1.0[1].js
[2011.07.20 12:13:37 | 000,002,608 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\52EEDSBJ\loader[1].gif
[2011.07.19 20:58:41 | 000,001,423 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5YHUO7FD\loader[1].gif
[2011.07.19 09:05:16 | 000,001,406 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BJZSBJJR\BrightcoveBootloader[1].swf
[2011.07.19 07:56:19 | 000,002,883 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BJZSBJJR\QuickLoader[1].js
[2012.02.27 21:02:57 | 000,097,310 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DQNC0D18\cssloader-b2950bdbea7a[1].css
[2012.02.27 21:02:57 | 000,071,629 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DQNC0D18\jsloader-668e82772094[1].js
[2011.07.22 20:20:20 | 000,001,849 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IOD130QH\ajax-loader[1].gif
[2011.07.19 21:02:38 | 000,006,820 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IOD130QH\loader66[1].gif
[2011.07.22 20:19:04 | 000,005,967 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IQMB8NQK\ajax-loader[1].gif
[2011.07.05 06:02:54 | 000,003,881 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IQMB8NQK\facemoodsLoader[1].js
[2012.02.27 20:58:07 | 000,004,215 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KPZUOV1N\mtloader[2].js
[2011.07.19 20:58:41 | 000,002,545 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SKFT5G0T\ajax-loader3[1].gif
[2011.11.17 22:28:27 | 000,004,217 | ---- | M] () -- \Users\Thooms\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YS5VNIXE\mtloader[1].js
[2012.07.16 11:47:28 | 000,000,980 | ---- | M] () -- \Users\Thooms\AppData\Local\VirtualStore\Program Files\ABC\Codename Outbreak - Venom\LoadErr.log
[2010.08.25 12:35:52 | 000,000,498 | ---- | M] () -- \Users\Thooms\AppData\Roaming\Microsoft\Windows\Recent\Kart_Racer-ENG-Pahyl.of.sMs.Uploaders.part1.lnk
[2009.11.04 14:57:55 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2008.01.21 04:33:05 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.02.12 05:11:21 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2009.02.12 05:11:21 | 000,027,648 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winload.exe.mui_3bc5b827
[2009.02.12 05:11:21 | 000,019,968 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winresume.exe.mui_ff8b5358
[2009.11.01 20:39:53 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2009.11.01 20:39:53 | 000,986,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winload.exe_75835076
[2009.11.01 20:39:53 | 000,926,184 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winresume.exe_85cd1215
[2008.01.21 04:36:35 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 04:36:35 | 000,021,048 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2_spldr.sys_98bd87a0
[2008.02.29 09:26:23 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_de-de_cb9c6772f81a418b.manifest
[2008.02.29 09:19:08 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_en-us_748d3d6be6f84d50.manifest
[2008.02.29 12:05:29 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_es-es_74589a4fe71f3ef5.manifest
[2008.02.29 12:07:01 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_fr-fr_1710104ed9f15557.manifest
[2008.02.29 12:05:17 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_it-it_01380695b1233ad5.manifest
[2008.02.29 10:14:00 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_ja-jp_a35d85a2a43e4cb0.manifest
[2008.02.29 12:02:51 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_nl-nl_2d992eca70004957.manifest
[2008.02.29 09:19:24 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_de-de_cbf6c366115bebbd.manifest
[2008.02.29 09:21:05 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_en-us_74e7995f0039f782.manifest
[2008.02.29 11:56:53 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_es-es_74b2f6430060e927.manifest
[2008.02.29 12:12:24 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_fr-fr_176a6c41f332ff89.manifest
[2008.02.29 12:01:15 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_it-it_01926288ca64e507.manifest
[2008.02.29 09:46:06 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_ja-jp_a3b7e195bd7ff6e2.manifest
[2008.02.29 11:17:45 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_nl-nl_2df38abd8941f389.manifest
[2009.02.12 05:09:52 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2008.02.29 09:17:27 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725.manifest
[2008.02.29 09:13:09 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157.manifest
[2008.01.21 04:29:34 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048.manifest
[2008.02.29 10:08:07 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b.manifest
[2008.02.29 09:37:27 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7.manifest
[2009.04.11 00:12:44 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2006.11.02 12:13:06 | 000,003,970 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6000.16386_none_68fc663d5430d3de.manifest
[2008.01.21 04:27:10 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 04:33:05 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmloader.dll
[2008.01.21 04:33:05 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6002.18005_none_47df94fd8cc49aa6\dmloader.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:B3D74A13

< End of report >

OTL Extras logfile created on: 22.4.2013 18:57:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Megíska\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,93 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 43,28% Memory free
6,10 Gb Paging File | 4,37 Gb Available in Paging File | 71,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 0,61 Gb Free Space | 0,88% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 9,82 Gb Free Space | 14,11% Space Free | Partition Type: NTFS
Drive G: | 3,59 Gb Total Space | 3,12 Gb Free Space | 86,85% Space Free | Partition Type: FAT32

Computer Name: MEGÍSKA-PC | User Name: Megíska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4155293530-578101556-416198297-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4155293530-578101556-416198297-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09BA012B-E732-499B-86AD-225A8B7FD5F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{128DA47D-92F2-4412-BEF8-7500EBF22E2F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{36110C64-2DF4-4717-AAA7-A9D9D7269914}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{59819004-5AC8-47AE-A832-F94DF78A0AF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59BC8A52-DDF8-4C12-B015-1A53AB50C92B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7B661C30-18C8-42E2-A556-4BA1336FDB07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BF3EE9E-F2FE-4730-B6E2-43115A2A6A3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E9FC6FA-DB0F-4533-A66B-1CE8A323B896}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA799755-DAF0-474B-A610-01EC1E3D1932}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4BB8D33-C885-4B6F-9CDD-75902F7776C2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F4B72B4E-DE12-4950-A63A-980CF421DDD7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2026135D-687C-4C10-9F8B-8A5F9FD7ED78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2197BF66-8C3F-440A-BEE8-D2219AFE440A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2534B7E0-1FD6-4166-9765-3253AF40FC6E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{26756994-5679-45B8-B094-84ADD02AF37F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26BEF198-175C-41A7-8B81-247E4AC4E72B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FFC1840-A0A4-4065-8A30-CE8DE83431B8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{37733245-0672-4DE8-9F82-E8E85D1AA746}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38FFE51C-6734-41A5-83F6-F840A867599A}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{3B9A9C37-8CDB-4959-8C1C-9EB16631A86B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{400B194D-966A-4A6C-B193-FBD5CF59BE7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BB69B7D-918C-44B5-A12B-169F68D6B853}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{4BFED752-B973-440F-A446-899641488199}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{52756E0D-E863-4972-8194-57785E7870BC}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{55566CBD-76FA-4FE8-B1F7-F60638AC7D4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56605322-A3F9-4390-B9E3-7F440C1B1099}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57A02ED5-5AEE-414B-B36D-74BD43727C5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59E1303A-F29A-46D7-AAAA-170E31DB5CC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C0C000A-CCA6-4D8F-B8DD-2B357338F394}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5C62B5D3-CB67-4E6E-9930-DAB55B6E1BEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65E7CBFE-F659-4CCD-90CD-D54D0AE10F18}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6FCE31A5-FD88-4734-9F27-54BAD7B67C22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7ECBA167-95EA-4B75-A1A5-68CF1FF5D49E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83E43D75-6E5C-4BBE-BE01-17B5C2159CD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87D7A78A-5503-416A-B8E8-C05F2564C668}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B01101C-B4B3-4D4E-8E79-EC932B389C83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B7DB8B7-9088-4E67-98D6-ADDBFE000E0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95B6D275-B69E-4B29-BCAB-34DAE77E55D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1A39F66-BC79-448D-A2FA-4FD9D672F408}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{A53AF495-21DC-40B1-AB6B-DEA995A643E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA867773-7DB1-403B-8873-C34CD0B4D60A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE6F3C1A-DABB-4E33-B306-73BE6F64C94F}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{B2731CF8-42F6-4D8F-BA08-B02391D4DCF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B522D4B6-E469-4B55-A844-115B346CB0A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B802C99E-0D0F-4D6B-96BA-62AAA3162D31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD347A5B-88C2-4FB0-9724-E9145B55F1AC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BF196BCE-A955-4E6F-837E-3C53EA7675A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6F88734-E954-4093-9041-8DBD09D4293E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7B8CBCD-DD57-4080-9714-F3C6429A85B8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D039DC66-FCEC-4B73-AEF4-F30AF2DC9FD1}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{DFA03024-6F74-4B64-8493-929355ED71E1}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{E0F6CD40-DD08-43D4-B413-444D669BEE1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB1136DA-5A6E-42C5-9E9E-D0BF6DA26F5D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EBA57677-ADE0-4894-B096-9946AECE906C}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{FAA0A2BA-CBCA-467F-9E83-9672F8A7CB0E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{FC1E3953-AC98-4E16-9C68-AE0D418DE068}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDF4E0FC-730F-4027-B3E2-C29764FC9565}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{359CC312-76B4-4B73-A54F-2F3DE6DA6C67}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{52638EDC-68A9-4677-9178-7D9C26EE5F5F}C:\program files\ea games\need for speed underground 2\speed2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed underground 2\speed2.exe |
"TCP Query User{58A4A9FC-2AFC-473B-848E-D213CD8FA7FF}C:\program files\abc\codename outbreak - venom\outbreak.exe" = protocol=6 | dir=in | app=c:\program files\abc\codename outbreak - venom\outbreak.exe |
"TCP Query User{6718C671-B6F2-4A8C-8840-6F72C4F94511}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6E857DC1-4784-4A80-83BC-81D63E09DA10}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{951DF07F-434A-45A2-A8CD-040E8B5F6B01}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{B3482A96-9500-401E-9047-5E0AAC189182}G:\call of duty\codmp.exe" = protocol=6 | dir=in | app=g:\call of duty\codmp.exe |
"TCP Query User{E36257EB-32D5-4FAF-9C9E-339A9CC6B31A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5229FE13-A027-46D9-ABC0-C475787C9EB8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{80FEBA67-E354-49FA-991F-EBE7064EA020}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{958D605A-82ED-4D97-8411-CAA0D64834F7}C:\program files\ea games\need for speed underground 2\speed2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed underground 2\speed2.exe |
"UDP Query User{AD84CCB5-B7FD-4446-9D6D-1A493D349909}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B7DEF2DF-6E99-4612-8678-17E773F5D456}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{B808E3F9-8007-412C-A37C-D200620B0046}C:\program files\abc\codename outbreak - venom\outbreak.exe" = protocol=17 | dir=in | app=c:\program files\abc\codename outbreak - venom\outbreak.exe |
"UDP Query User{C2CFAC29-E886-4429-A636-A8A73FE991BE}G:\call of duty\codmp.exe" = protocol=17 | dir=in | app=g:\call of duty\codmp.exe |
"UDP Query User{D59CAE96-A5EF-4FA5-8381-41099A7B8B43}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00449164-f8e7-4ba8-848e-69c293563e0a}" = Nero 9 Lite
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Pomocník pro přihlášení ke službě Windows Live ID
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{20D0CDB1-5F03-4A5D-86EB-7C218053B157}" = Windows Live Messenger
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B4451CE-D1E6-4BDE-B4B2-59F03BB83B7C}" = Windows Live Sync
"{4EA44BA4-A708-4223-BC1A-22B6DA9E7D1C}" = Windows Live Essentials
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54FEAF1A-8F2A-44C1-95CA-5C1C21F4F934}" = Windows Live Mail
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6889EE56-1816-4E89-94DF-9F56E7804039}_is1" = Counter-Strike 1.6 Non-Steam patch v36
"{6E5EEE1B-3907-44C3-83BA-AD4B8CE40F76}" = Windows Live Writer
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8190420D-F4BA-4744-8940-A466F81AF89C}_is1" = Ulož.to File Manager verze 1.4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A13DE9CB-8C84-4889-B114-C5A9661F844E}" = Windows Live Fotogalerie
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA0799-F982-414C-9A8B-17EB03D39677}" = trakAxPC
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADEBB98C-DCD0-4369-BC4A-71B342CF55B2}" = HT Fireman CD/DVD Burner
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7B80B42-D6DA-4132-ABDD-C5E10823B921}_is1" = ABC Edice PC her - Codename: Outbreak - Venom
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D16ECDF4-DA6F-418F-947A-C1652B5CFD96}" = SweetIM for Messenger 2.7
"{D6615307-A73A-49C5-B90F-D97E027F034A}" = Nova Stahovák
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FDE773CD-9201-4655-87F3-4E051860D47D}" = Ralink Wireless LAN Installation Program for VISTA v2.0.8.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Apollo DVD Copy_is1" = Apollo DVD Copy 4.6.13
"AVerMedia A815 USB DVB-T" = AVerMedia A815 USB DVB-T 1.0.0.49
"Bejeweled Twist 1.0.3.7482" = Bejeweled Twist 1.0.3.7482
"BSPlayer1" = BSPlayer
"BSPlayerf" = BS.Player FREE
"Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.25.0
"CDex" = CDex - Open Source Digital Audio CD Extractor
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Chrome" = Google Chrome
"Grand Theft Auto" = Grand Theft Auto
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HospitalTycoon" = Hospital Tycoon
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"KartRacer_is1" = Kart Racer
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full)
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 19.0.2 (x86 cs)" = Mozilla Firefox 19.0.2 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Plants vs. Zombies 1.0.0.1051" = Plants vs. Zombies 1.0.0.1051
"Polární dobrodružství 2" = Polární dobrodružství 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28.3.2011 23:25:30 | Computer Name = Megíska-PC | Source = WinMgmt | ID = 10
Description =

Error - 29.3.2011 14:00:54 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 30.3.2011 11:34:39 | Computer Name = Megíska-PC | Source = WinMgmt | ID = 10
Description =

Error - 30.3.2011 14:01:01 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 31.3.2011 12:12:54 | Computer Name = Megíska-PC | Source = WinMgmt | ID = 10
Description =

Error - 31.3.2011 14:00:59 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 31.3.2011 17:03:49 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 3.4.2011 10:29:49 | Computer Name = Megíska-PC | Source = WinMgmt | ID = 10
Description =

Error - 3.4.2011 14:00:55 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 4.4.2011 14:00:56 | Computer Name = Megíska-PC | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 22.4.2013 12:35:15 | Computer Name = Megíska-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22.4.2013 12:35:15 | Computer Name = Megíska-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 22.4.2013 12:38:38 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.147.1929.0 Zdroj aktualizace: %%859 Fáze aktualizace:
%%852 Zdrojová cesta: http://www.microsoft.com Typ podpisu: %%800 Typ aktualizace:
%%803 Uživatel: NT AUTHORITY\SYSTEM Aktuální verze modulu: Předchozí verze modulu:
1.1.9302.0 Kód chyby: 0x8024402c Popis chyby: Při zjišťování aktualizací došlo k
neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete
v nápovědě a podpoře.

Error - 22.4.2013 12:38:38 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.147.1929.0 Zdroj aktualizace: %%851 Fáze aktualizace:
%%852 Zdrojová cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ
podpisu: %%800 Typ aktualizace: %%803 Uživatel: Megíska-PC\Megíska Aktuální verze
modulu: Předchozí verze modulu: 1.1.9302.0 Kód chyby: 0x80072ee7 Popis chyby: Nelze
rozpoznat název nebo adresu serveru.

Error - 22.4.2013 12:38:38 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.147.1929.0 Zdroj aktualizace: %%851 Fáze aktualizace:
%%852 Zdrojová cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ
podpisu: %%801 Typ aktualizace: %%803 Uživatel: Megíska-PC\Megíska Aktuální verze
modulu: Předchozí verze modulu: 1.1.9302.0 Kód chyby: 0x80072ee7 Popis chyby: Nelze
rozpoznat název nebo adresu serveru.

Error - 22.4.2013 12:38:39 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 18.160.0.0 Zdroj aktualizace: %%851 Fáze aktualizace: %%852

Zdrojová
cesta: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Typ
podpisu: %%886 Typ aktualizace: %%803 Uživatel: Megíska-PC\Megíska Aktuální verze
modulu: Předchozí verze modulu: 2.1.8904.0 Kód chyby: 0x80072ee7 Popis chyby: Nelze
rozpoznat název nebo adresu serveru.

Error - 22.4.2013 13:04:30 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 zjistil kritickou chybu při provádění akce u malwaru nebo jiného
potenciálně nežádoucího softwaru. Další informace získáte v následujícím seznamu:
http://go.microsoft.com/fwlink/?linkid= ... 2147678622

Název:
Trojan:JS/Reveton.A ID: 2147678622 Závažnost: Vážné Kategorie: Trojský kůň Cesta: file:_C:\ProgramData\inmjdz2.js;file:_C:\ProgramData\vq2mj.js

Původ
zjištění: %%845 Typ zjištění: %%822 Zdroj zjištění: %%818 Uživatel: NT AUTHORITY\SYSTEM

Název
procesu: C:\Users\Megíska\Desktop\OTL.exe Akce: %%809 Stav akce: No additional actions
required Kód chyby: 0x80070070 Popis chyby: Na disku není dost místa. Verze podpisu:
AV: 1.149.328.0, AS: 1.149.328.0, NIS: 18.160.0.0 Verze modulu: AM: 1.1.9402.0,
NIS: 2.1.8904.0

Error - 22.4.2013 13:18:25 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 zjistil kritickou chybu při provádění akce u malwaru nebo jiného
potenciálně nežádoucího softwaru. Další informace získáte v následujícím seznamu:
http://go.microsoft.com/fwlink/?linkid= ... 2147673909

Název:
VirTool:Win32/Obfuscator.ADH ID: 2147673909 Závažnost: Vážné Kategorie: Nástroj Cesta:
containerfile:_C:\Users\Megíska\1077424.dll;file:_C:\Users\Megíska\1077424.dll;file:_C:\Users\Megíska\1077424.dll->(VFS:bj8j.dat#1)

Původ
zjištění: %%845 Typ zjištění: %%821 Zdroj zjištění: %%818 Uživatel: NT AUTHORITY\SYSTEM

Název
procesu: C:\Users\Megíska\Desktop\OTL.exe Akce: %%809 Stav akce: No additional actions
required Kód chyby: 0x80070070 Popis chyby: Na disku není dost místa. Verze podpisu:
AV: 1.149.328.0, AS: 1.149.328.0, NIS: 18.160.0.0 Verze modulu: AM: 1.1.9402.0,
NIS: 2.1.8904.0

Error - 22.4.2013 13:29:44 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 zjistil kritickou chybu při provádění akce u malwaru nebo jiného
potenciálně nežádoucího softwaru. Další informace získáte v následujícím seznamu:
http://go.microsoft.com/fwlink/?linkid= ... 2147678622

Název:
Trojan:JS/Reveton.A ID: 2147678622 Závažnost: Vážné Kategorie: Trojský kůň Cesta: file:_C:\ProgramData\inmjdz2.js;file:_C:\ProgramData\vq2mj.js

Původ
zjištění: %%845 Typ zjištění: %%822 Zdroj zjištění: %%818 Uživatel: NT AUTHORITY\SYSTEM

Název
procesu: C:\Users\Megíska\Desktop\OTL.exe Akce: %%809 Stav akce: No additional actions
required Kód chyby: 0x80070070 Popis chyby: Na disku není dost místa. Verze podpisu:
AV: 1.149.328.0, AS: 1.149.328.0, NIS: 18.160.0.0 Verze modulu: AM: 1.1.9402.0,
NIS: 2.1.8904.0

Error - 22.4.2013 13:29:44 | Computer Name = Megíska-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 zjistil kritickou chybu při provádění akce u malwaru nebo jiného
potenciálně nežádoucího softwaru. Další informace získáte v následujícím seznamu:
http://go.microsoft.com/fwlink/?linkid= ... 2147673909

Název:
VirTool:Win32/Obfuscator.ADH ID: 2147673909 Závažnost: Vážné Kategorie: Nástroj Cesta:
containerfile:_C:\Users\Megíska\1077424.dll;file:_C:\Users\Megíska\1077424.dll;file:_C:\Users\Megíska\1077424.dll->(VFS:bj8j.dat#1)

Původ
zjištění: %%845 Typ zjištění: %%821 Zdroj zjištění: %%818 Uživatel: NT AUTHORITY\SYSTEM

Název
procesu: C:\Users\Megíska\Desktop\OTL.exe Akce: %%809 Stav akce: No additional actions
required Kód chyby: 0x80070070 Popis chyby: Na disku není dost místa. Verze podpisu:
AV: 1.149.328.0, AS: 1.149.328.0, NIS: 18.160.0.0 Verze modulu: AM: 1.1.9402.0,
NIS: 2.1.8904.0

[ TuneUp Events ]
Error - 17.4.2013 6:29:57 | Computer Name = Megíska-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database or disk is full; when executing SQL: UPDATE StartMenuEntries
SET Outdated='1'

Error - 17.4.2013 6:29:57 | Computer Name = Megíska-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database or disk is full; when executing SQL: UPDATE SecurityProducts
SET Outdated='1'

< End of report >

VIRY.CZ

Policie ČR - váš počítač je zablokován

Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován

Re: Policie ČR - váš počítač je zablokován