Obrázek viz návod k fóru zde:
viewtopic.php?p=205735#p205735
Combofix ještě jednou, ale v nouzovém režimu. Skript se neprovedl.
Prosím o kontrolu logu Vyřešeno
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.

Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Prosím o kontrolu logu
Screenshot posílám.
Combofix v nouzovém režimu spustit nešlo. Počítač se vypínal. Když jsem dala nouzový režim, tak se načetl, po spuštění
Combofixu zahlásilo, že si mám vypnout antivir a než jsem to stačila vypne se to. Několikrát mě to vyplo. Tak nevím.
Combofix v nouzovém režimu spustit nešlo. Počítač se vypínal. Když jsem dala nouzový režim, tak se načetl, po spuštění
Combofixu zahlásilo, že si mám vypnout antivir a než jsem to stačila vypne se to. Několikrát mě to vyplo. Tak nevím.
- jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Vypněte antivir a firewall + Windows Defender(trvale) předtím, než spustíte ComboFix.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Prosím o kontrolu logu
Vypnula jsem antivir trvale, dala nouzový režim a spustila Combofix.
Pak jsem si uvědomila, že nemám připojený externí disk.
Nechala jsem Combofix dojet. Uložila log. poté jsem připojila ext. disk a zkusila připojit Combofix jako správce.
Spustilo se to a za chvíli se počítač vypnul
.
Posílám tedy první log bez ext. disku.
ComboFix 15-04-09.01 - Markéta 13.04.2015 17:03:30.11.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.2551 [GMT 2:00]
Spuštěný z: c:\users\Markéta\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-13 do 2015-04-13 )))))))))))))))))))))))))))))))
.
.
2015-04-13 15:13 . 2015-04-13 15:13 -------- d-----w- c:\users\Markéta\AppData\Local\temp
2015-04-13 15:13 . 2015-04-13 15:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-13 15:13 . 2015-04-13 15:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-05 07:51 . 2015-04-05 07:05 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-05 07:43 . 2015-04-05 07:43 -------- d-----w- c:\users\MarkÚta
2015-04-05 07:39 . 2015-04-05 07:59 -------- d-----w- C:\zoek
2015-04-04 09:50 . 2015-04-05 08:09 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-04 09:50 . 2015-04-04 12:09 -------- d-----w- c:\programdata\RogueKiller
2015-04-04 08:59 . 2015-04-04 08:59 -------- d-----w- C:\RegBackup
2015-04-03 13:16 . 2015-04-04 09:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-03 13:15 . 2015-04-03 13:15 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-03 13:15 . 2015-03-17 04:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-03 13:15 . 2015-03-17 04:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-03 13:15 . 2015-03-17 04:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-03 12:59 . 2015-04-04 08:51 -------- d-----w- C:\AdwCleaner
2015-04-02 22:20 . 2009-07-21 21:33 490496 ------w- c:\windows\system32\stapi32.dll
2015-03-28 22:52 . 2015-03-23 01:32 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3694F0B-4633-4DB7-8630-D715726D4E2A}\mpengine.dll
2015-03-23 18:41 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2015-03-23 18:41 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-03-23 18:41 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-03-23 18:39 . 2013-06-29 02:07 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-03-23 18:39 . 2013-06-29 02:07 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2015-03-23 18:39 . 2013-06-29 02:07 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2015-03-23 18:39 . 2013-06-29 02:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2015-03-23 18:39 . 2011-05-05 13:54 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2015-03-23 18:39 . 2011-05-05 13:54 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2015-03-23 18:38 . 2013-07-12 09:04 134272 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2015-03-23 18:38 . 2013-07-12 09:04 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2015-03-23 18:36 . 2013-07-03 02:33 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2015-03-23 18:36 . 2013-07-03 02:10 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-28 13:24 . 2012-04-30 12:05 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-28 13:24 . 2011-12-03 22:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 03:23 . 2009-10-01 07:49 246920 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-09-16 2736128]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"popweb"="c:\program files\Max Software\Keylogger\scragent.exe" [2013-10-23 58880]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"WirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"SysTrayApp"=c:\program files\IDT\WDM\sttray.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="f:\program files\Winamp\winampa.exe"
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe"
.
R3 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 13:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-04 12:54 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-28 19:50]
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-28 19:50]
.
2015-02-28 c:\windows\Tasks\HPCeeScheduleForJakub.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout Free Download Managerem - file://f:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://f:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://f:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://f:\program files\Free Download Manager\dlall.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: 4shared.com\www
Trusted Zone: blogspot.com\digifree
Trusted Zone: facebook.com\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
TCP: DhcpNameServer = 192.168.1.254
.
.
------- Asociace souborů -------
.
.txt=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-13 17:13
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2015-04-13 17:15:24
ComboFix-quarantined-files.txt 2015-04-13 15:15
ComboFix2.txt 2015-04-12 19:21
ComboFix3.txt 2015-04-12 16:46
ComboFix4.txt 2015-04-06 08:57
.
Před spuštěním: Volných bajtů: 103 579 770 880
Po spuštění: Volných bajtů: 103 475 212 288
.
- - End Of File - - AC08B4951A6D00C2C034CDA9FF148779
85D751F0E41B8E520AEE8C07A8DA777B
Pak jsem si uvědomila, že nemám připojený externí disk.
Nechala jsem Combofix dojet. Uložila log. poté jsem připojila ext. disk a zkusila připojit Combofix jako správce.
Spustilo se to a za chvíli se počítač vypnul

Posílám tedy první log bez ext. disku.
ComboFix 15-04-09.01 - Markéta 13.04.2015 17:03:30.11.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.2551 [GMT 2:00]
Spuštěný z: c:\users\Markéta\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-13 do 2015-04-13 )))))))))))))))))))))))))))))))
.
.
2015-04-13 15:13 . 2015-04-13 15:13 -------- d-----w- c:\users\Markéta\AppData\Local\temp
2015-04-13 15:13 . 2015-04-13 15:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-13 15:13 . 2015-04-13 15:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-05 07:51 . 2015-04-05 07:05 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-05 07:43 . 2015-04-05 07:43 -------- d-----w- c:\users\MarkÚta
2015-04-05 07:39 . 2015-04-05 07:59 -------- d-----w- C:\zoek
2015-04-04 09:50 . 2015-04-05 08:09 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-04 09:50 . 2015-04-04 12:09 -------- d-----w- c:\programdata\RogueKiller
2015-04-04 08:59 . 2015-04-04 08:59 -------- d-----w- C:\RegBackup
2015-04-03 13:16 . 2015-04-04 09:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-03 13:15 . 2015-04-03 13:15 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-03 13:15 . 2015-03-17 04:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-03 13:15 . 2015-03-17 04:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-03 13:15 . 2015-03-17 04:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-03 12:59 . 2015-04-04 08:51 -------- d-----w- C:\AdwCleaner
2015-04-02 22:20 . 2009-07-21 21:33 490496 ------w- c:\windows\system32\stapi32.dll
2015-03-28 22:52 . 2015-03-23 01:32 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3694F0B-4633-4DB7-8630-D715726D4E2A}\mpengine.dll
2015-03-23 18:41 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2015-03-23 18:41 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-03-23 18:41 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-03-23 18:39 . 2013-06-29 02:07 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-03-23 18:39 . 2013-06-29 02:07 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2015-03-23 18:39 . 2013-06-29 02:07 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2015-03-23 18:39 . 2013-06-29 02:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2015-03-23 18:39 . 2011-05-05 13:54 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2015-03-23 18:39 . 2011-05-05 13:54 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2015-03-23 18:38 . 2013-07-12 09:04 134272 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2015-03-23 18:38 . 2013-07-12 09:04 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2015-03-23 18:36 . 2013-07-03 02:33 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2015-03-23 18:36 . 2013-07-03 02:10 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-28 13:24 . 2012-04-30 12:05 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-28 13:24 . 2011-12-03 22:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 03:23 . 2009-10-01 07:49 246920 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-09-16 2736128]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"popweb"="c:\program files\Max Software\Keylogger\scragent.exe" [2013-10-23 58880]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"WirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"SysTrayApp"=c:\program files\IDT\WDM\sttray.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="f:\program files\Winamp\winampa.exe"
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe"
.
R3 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 13:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-04 12:54 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-28 19:50]
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-28 19:50]
.
2015-02-28 c:\windows\Tasks\HPCeeScheduleForJakub.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout Free Download Managerem - file://f:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://f:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://f:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://f:\program files\Free Download Manager\dlall.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: 4shared.com\www
Trusted Zone: blogspot.com\digifree
Trusted Zone: facebook.com\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
TCP: DhcpNameServer = 192.168.1.254
.
.
------- Asociace souborů -------
.
.txt=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-13 17:13
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2015-04-13 17:15:24
ComboFix-quarantined-files.txt 2015-04-13 15:15
ComboFix2.txt 2015-04-12 19:21
ComboFix3.txt 2015-04-12 16:46
ComboFix4.txt 2015-04-06 08:57
.
Před spuštěním: Volných bajtů: 103 579 770 880
Po spuštění: Volných bajtů: 103 475 212 288
.
- - End Of File - - AC08B4951A6D00C2C034CDA9FF148779
85D751F0E41B8E520AEE8C07A8DA777B
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.

Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Prosím o kontrolu logu
Po skenu se objevil jen 1 log. Extras.Txt se neobjevil, ani jsem ho nenašla.
- - - - - - - - - - -
OTL logfile created on: 14.4.2015 19:53:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markéta\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 53,51% Memory free
6,21 Gb Paging File | 4,80 Gb Available in Paging File | 77,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 235,16 Gb Total Space | 91,57 Gb Free Space | 38,94% Space Free | Partition Type: NTFS
Drive D: | 7,73 Gb Total Space | 1,51 Gb Free Space | 19,50% Space Free | Partition Type: NTFS
Drive F: | 55,20 Gb Total Space | 12,44 Gb Free Space | 22,54% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 51,71 Gb Free Space | 11,10% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK_HP | User Name: Markéta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Markéta\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\WINDOWS\SMINST\BLService.exe ()
PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Max Software\Keylogger\skgsec.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\WINDOWS\System32\APOMngr.DLL ()
MOD - C:\Program Files\WinRAR\rarlng.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\System32\CmdRtr.DLL ()
========== Services (SafeList) ==========
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ScrKlgSvc) -- C:\Program Files\Max Software\Keylogger\skgsvc.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
SRV - (602XML Updater) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (Microsoft Office Groove Audit Service) -- F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (vfsFPService) -- C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe ()
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WinRing0_1_2_0) -- F:\Program Files\BatteryCare\WinRing0.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Markéta\AppData\Local\Temp\catchme.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (MBAMWebAccessControl) -- C:\WINDOWS\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\drivers\sptd.sys ()
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (hpdskflt) -- C:\WINDOWS\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\WINDOWS\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (FTDIBUS) -- C:\WINDOWS\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (Point32) -- C:\WINDOWS\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\System32\FsUsbExDisk.Sys ()
DRV - (epfwwfpr) -- C:\WINDOWS\System32\drivers\epfwwfpr.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\System32\drivers\eamon.sys (ESET)
DRV - (eusk2par) -- C:\WINDOWS\System32\drivers\eusk2par.sys (Aladdin Knowledge Systems Ltd.)
DRV - (skfiltv) -- C:\WINDOWS\System32\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (JMCR) -- C:\WINDOWS\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (vfs101x) -- C:\WINDOWS\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (AVerAF15) -- C:\WINDOWS\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (FTSER2K) -- C:\WINDOWS\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (sscdmdm) -- C:\WINDOWS\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\WINDOWS\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (enecir) -- C:\WINDOWS\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Markéta\Documents\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_cs
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Markéta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.15 08:42:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.03 21:52:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.06.10 14:05:05 | 000,000,000 | ---D | M]
[2012.08.01 01:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\41.0.2272.118\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_1\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2015.04.06 10:53:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [popweb] C:\Program Files\Max Software\Keylogger\scragent.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - F:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://F:\Program Files\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://F:\Program Files\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://F:\Program Files\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://F:\Program Files\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 4shared.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: blogspot.com ([digifree] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{222D00BC-B3CA-4D71-A5E9-5E58213C6CC2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Markéta\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Markéta\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2015.04.14 19:51:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Markéta\Desktop\OTL.exe
[2015.04.14 19:49:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2015.04.13 17:15:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.04.13 17:15:26 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Local\temp
[2015.04.12 18:52:43 | 005,200,384 | ---- | C] (AVAST Software) -- C:\Users\Markéta\Desktop\aswmbr.exe
[2015.04.06 10:33:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2015.04.06 10:33:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.04.05 10:20:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Markéta\Desktop\HijackThis.exe
[2015.04.05 09:39:47 | 000,000,000 | ---D | C] -- C:\zoek
[2015.04.05 09:05:01 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2015.04.04 11:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015.04.04 10:59:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015.04.04 10:57:25 | 002,690,981 | ---- | C] (Thisisu) -- C:\Users\Markéta\Desktop\JRT.exe
[2015.04.03 15:16:07 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.04.03 15:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015.04.03 15:15:44 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.04.03 15:15:44 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015.04.03 15:15:44 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015.04.03 15:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015.04.03 15:14:03 | 021,540,440 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Markéta\Desktop\mbam-setup-2.1.4.1018.exe
[2015.04.03 14:59:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.04.03 14:47:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2015.04.03 00:20:19 | 000,490,496 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2015.04.02 20:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2015.03.28 23:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2015.03.28 21:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015.03.24 19:38:57 | 000,000,000 | -H-D | C] -- C:\Users\Markéta\Documents\isurklg
[2015.03.23 20:41:52 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2015.03.23 20:41:52 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2015.03.23 20:41:52 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2015.03.23 20:39:46 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2015.03.23 20:39:46 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2015.03.23 20:36:09 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
========== Files - Modified Within 30 Days ==========
[2015.04.14 19:53:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.04.14 19:51:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markéta\Desktop\OTL.exe
[2015.04.14 19:49:00 | 000,646,114 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015.04.14 19:49:00 | 000,635,284 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.04.14 19:49:00 | 000,142,318 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015.04.14 19:49:00 | 000,119,850 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.04.14 19:46:26 | 000,270,465 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2015.04.14 19:46:26 | 000,270,465 | ---- | M] () -- C:\ProgramData\nvModes.001
[2015.04.14 19:45:54 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.04.14 19:41:23 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015.04.14 19:41:23 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.04.14 19:41:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.04.14 19:40:09 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys
[2015.04.12 21:40:46 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2015.04.12 18:53:55 | 000,000,512 | ---- | M] () -- C:\Users\Markéta\Desktop\MBR.dat
[2015.04.12 18:52:45 | 005,200,384 | ---- | M] (AVAST Software) -- C:\Users\Markéta\Desktop\aswmbr.exe
[2015.04.12 18:51:33 | 000,137,737 | ---- | M] () -- C:\Users\Markéta\Desktop\screenshot.jpg
[2015.04.08 21:12:27 | 000,121,856 | ---- | M] () -- C:\Users\Markéta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015.04.07 19:02:21 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015.04.06 10:53:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.04.05 10:20:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Markéta\Desktop\HijackThis.exe
[2015.04.05 10:09:08 | 000,035,064 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2015.04.05 09:59:16 | 000,003,976 | RHS- | M] () -- C:\Users\Markéta\ntuser.pol
[2015.04.05 09:05:00 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2015.04.05 09:02:18 | 001,305,600 | ---- | M] () -- C:\Users\Markéta\Desktop\zoek.exe
[2015.04.04 21:07:40 | 001,198,901 | ---- | M] () -- C:\Users\Markéta\.recently-used.xbel
[2015.04.04 15:08:26 | 000,189,952 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka6.jpg
[2015.04.04 15:08:21 | 000,139,965 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka5.jpg
[2015.04.04 15:08:15 | 000,164,461 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka4.jpg
[2015.04.04 15:08:09 | 000,160,409 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka3.jpg
[2015.04.04 15:08:03 | 000,260,999 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka2.jpg
[2015.04.04 15:07:59 | 000,144,496 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka1.jpg
[2015.04.04 14:55:15 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.04.04 11:48:02 | 016,748,632 | ---- | M] () -- C:\Users\Markéta\Desktop\RogueKiller.exe
[2015.04.04 11:09:38 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.04.04 10:59:53 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-NOTEBOOK_HP-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
[2015.04.04 10:57:40 | 002,690,981 | ---- | M] (Thisisu) -- C:\Users\Markéta\Desktop\JRT.exe
[2015.04.03 15:15:48 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.03 15:14:33 | 021,540,440 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Markéta\Desktop\mbam-setup-2.1.4.1018.exe
[2015.04.03 14:58:15 | 002,208,768 | ---- | M] () -- C:\Users\Markéta\Desktop\adwcleaner_4.200.exe
[2015.03.17 06:15:32 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015.03.17 06:15:26 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.03.17 06:15:22 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2015.04.13 17:22:09 | 3218,296,832 | -HS- | C] () -- C:\hiberfil.sys
[2015.04.12 18:53:55 | 000,000,512 | ---- | C] () -- C:\Users\Markéta\Desktop\MBR.dat
[2015.04.12 18:50:46 | 000,137,737 | ---- | C] () -- C:\Users\Markéta\Desktop\screenshot.jpg
[2015.04.07 19:02:21 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015.04.07 19:02:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2015.04.05 09:51:09 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2015.04.05 09:02:16 | 001,305,600 | ---- | C] () -- C:\Users\Markéta\Desktop\zoek.exe
[2015.04.04 21:07:40 | 001,198,901 | ---- | C] () -- C:\Users\Markéta\.recently-used.xbel
[2015.04.04 15:08:25 | 000,189,952 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka6.jpg
[2015.04.04 15:08:20 | 000,139,965 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka5.jpg
[2015.04.04 15:08:14 | 000,164,461 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka4.jpg
[2015.04.04 15:08:08 | 000,160,409 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka3.jpg
[2015.04.04 15:08:03 | 000,260,999 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka2.jpg
[2015.04.04 15:07:57 | 000,144,496 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka1.jpg
[2015.04.04 11:50:10 | 000,035,064 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2015.04.04 11:47:37 | 016,748,632 | ---- | C] () -- C:\Users\Markéta\Desktop\RogueKiller.exe
[2015.04.04 10:59:53 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-NOTEBOOK_HP-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
[2015.04.03 15:15:48 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.03 14:58:15 | 002,208,768 | ---- | C] () -- C:\Users\Markéta\Desktop\adwcleaner_4.200.exe
[2015.03.28 21:53:24 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.03.28 21:50:58 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.03.28 21:50:56 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.09.03 20:24:40 | 000,000,001 | ---- | C] () -- C:\Windows\System32\tst.bin
[2014.03.05 20:59:28 | 000,000,132 | ---- | C] () -- C:\Users\Markéta\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012.03.21 20:52:40 | 000,001,356 | ---- | C] () -- C:\Users\Markéta\AppData\Local\d3d9caps.dat
[2012.03.05 18:03:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.02.19 21:28:37 | 000,000,471 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012.02.09 16:23:24 | 000,024,064 | ---- | C] () -- C:\Users\Markéta\AppData\Roaming\UserTile.png
[2012.01.27 09:03:43 | 000,270,465 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.01.27 02:29:20 | 000,270,465 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.02 20:08:20 | 000,121,856 | ---- | C] () -- C:\Users\Markéta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.02 19:54:47 | 000,003,976 | RHS- | C] () -- C:\Users\Markéta\ntuser.pol
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2015.03.06 16:58:51 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\.minecraft
[2012.04.05 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\AppClient
[2014.08.12 21:10:29 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Audacity
[2012.04.19 21:43:28 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\BatteryBar
[2010.03.07 17:24:37 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\BatteryCare
[2012.12.21 08:30:03 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\ConMet
[2009.09.02 19:42:42 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\DigitalPersona
[2014.07.03 17:54:57 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\FileAdvisor
[2010.09.27 01:12:16 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Free Download Manager
[2015.04.04 21:07:40 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\gtk-2.0
[2015.02.28 13:36:20 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\java
[2012.10.12 02:58:32 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Orbit
[2011.03.02 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\RVM
[2011.01.21 17:07:19 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Samsung
[2014.04.15 19:28:18 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\TeamViewer
[2010.08.13 21:24:22 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\TuneUp Software
[2013.07.09 19:43:29 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Unity
[2012.04.22 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Youtube to MP3 Converter
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Markéta\Documents\P1000630.avi:TOC.WMV
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:8927A071
< End of report >
- - - - - - - - - - -
OTL logfile created on: 14.4.2015 19:53:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markéta\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 53,51% Memory free
6,21 Gb Paging File | 4,80 Gb Available in Paging File | 77,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 235,16 Gb Total Space | 91,57 Gb Free Space | 38,94% Space Free | Partition Type: NTFS
Drive D: | 7,73 Gb Total Space | 1,51 Gb Free Space | 19,50% Space Free | Partition Type: NTFS
Drive F: | 55,20 Gb Total Space | 12,44 Gb Free Space | 22,54% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 51,71 Gb Free Space | 11,10% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK_HP | User Name: Markéta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Markéta\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\WINDOWS\SMINST\BLService.exe ()
PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Max Software\Keylogger\skgsec.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\WINDOWS\System32\APOMngr.DLL ()
MOD - C:\Program Files\WinRAR\rarlng.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\System32\CmdRtr.DLL ()
========== Services (SafeList) ==========
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ScrKlgSvc) -- C:\Program Files\Max Software\Keylogger\skgsvc.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
SRV - (602XML Updater) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (Microsoft Office Groove Audit Service) -- F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (vfsFPService) -- C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe ()
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WinRing0_1_2_0) -- F:\Program Files\BatteryCare\WinRing0.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Markéta\AppData\Local\Temp\catchme.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (MBAMWebAccessControl) -- C:\WINDOWS\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\drivers\sptd.sys ()
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (hpdskflt) -- C:\WINDOWS\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\WINDOWS\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (FTDIBUS) -- C:\WINDOWS\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (Point32) -- C:\WINDOWS\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\System32\FsUsbExDisk.Sys ()
DRV - (epfwwfpr) -- C:\WINDOWS\System32\drivers\epfwwfpr.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\System32\drivers\eamon.sys (ESET)
DRV - (eusk2par) -- C:\WINDOWS\System32\drivers\eusk2par.sys (Aladdin Knowledge Systems Ltd.)
DRV - (skfiltv) -- C:\WINDOWS\System32\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (JMCR) -- C:\WINDOWS\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (vfs101x) -- C:\WINDOWS\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (AVerAF15) -- C:\WINDOWS\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (FTSER2K) -- C:\WINDOWS\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (sscdmdm) -- C:\WINDOWS\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\WINDOWS\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (enecir) -- C:\WINDOWS\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Markéta\Documents\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_cs
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Markéta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.15 08:42:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.03 21:52:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.06.10 14:05:05 | 000,000,000 | ---D | M]
[2012.08.01 01:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\41.0.2272.118\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_1\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2015.04.06 10:53:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [popweb] C:\Program Files\Max Software\Keylogger\scragent.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - F:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://F:\Program Files\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://F:\Program Files\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://F:\Program Files\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://F:\Program Files\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 4shared.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: blogspot.com ([digifree] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{222D00BC-B3CA-4D71-A5E9-5E58213C6CC2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Markéta\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Markéta\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2015.04.14 19:51:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Markéta\Desktop\OTL.exe
[2015.04.14 19:49:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2015.04.13 17:15:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.04.13 17:15:26 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Local\temp
[2015.04.12 18:52:43 | 005,200,384 | ---- | C] (AVAST Software) -- C:\Users\Markéta\Desktop\aswmbr.exe
[2015.04.06 10:33:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2015.04.06 10:33:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.04.05 10:20:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Markéta\Desktop\HijackThis.exe
[2015.04.05 09:39:47 | 000,000,000 | ---D | C] -- C:\zoek
[2015.04.05 09:05:01 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2015.04.04 11:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015.04.04 10:59:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015.04.04 10:57:25 | 002,690,981 | ---- | C] (Thisisu) -- C:\Users\Markéta\Desktop\JRT.exe
[2015.04.03 15:16:07 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.04.03 15:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015.04.03 15:15:44 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.04.03 15:15:44 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015.04.03 15:15:44 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015.04.03 15:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015.04.03 15:14:03 | 021,540,440 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Markéta\Desktop\mbam-setup-2.1.4.1018.exe
[2015.04.03 14:59:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.04.03 14:47:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2015.04.03 00:20:19 | 000,490,496 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2015.04.02 20:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2015.03.28 23:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2015.03.28 21:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015.03.24 19:38:57 | 000,000,000 | -H-D | C] -- C:\Users\Markéta\Documents\isurklg
[2015.03.23 20:41:52 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2015.03.23 20:41:52 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2015.03.23 20:41:52 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2015.03.23 20:39:46 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2015.03.23 20:39:46 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2015.03.23 20:36:09 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
========== Files - Modified Within 30 Days ==========
[2015.04.14 19:53:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.04.14 19:51:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markéta\Desktop\OTL.exe
[2015.04.14 19:49:00 | 000,646,114 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015.04.14 19:49:00 | 000,635,284 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.04.14 19:49:00 | 000,142,318 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015.04.14 19:49:00 | 000,119,850 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.04.14 19:46:26 | 000,270,465 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2015.04.14 19:46:26 | 000,270,465 | ---- | M] () -- C:\ProgramData\nvModes.001
[2015.04.14 19:45:54 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.04.14 19:41:23 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015.04.14 19:41:23 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.04.14 19:41:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.04.14 19:40:09 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys
[2015.04.12 21:40:46 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2015.04.12 18:53:55 | 000,000,512 | ---- | M] () -- C:\Users\Markéta\Desktop\MBR.dat
[2015.04.12 18:52:45 | 005,200,384 | ---- | M] (AVAST Software) -- C:\Users\Markéta\Desktop\aswmbr.exe
[2015.04.12 18:51:33 | 000,137,737 | ---- | M] () -- C:\Users\Markéta\Desktop\screenshot.jpg
[2015.04.08 21:12:27 | 000,121,856 | ---- | M] () -- C:\Users\Markéta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015.04.07 19:02:21 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015.04.06 10:53:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.04.05 10:20:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Markéta\Desktop\HijackThis.exe
[2015.04.05 10:09:08 | 000,035,064 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2015.04.05 09:59:16 | 000,003,976 | RHS- | M] () -- C:\Users\Markéta\ntuser.pol
[2015.04.05 09:05:00 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2015.04.05 09:02:18 | 001,305,600 | ---- | M] () -- C:\Users\Markéta\Desktop\zoek.exe
[2015.04.04 21:07:40 | 001,198,901 | ---- | M] () -- C:\Users\Markéta\.recently-used.xbel
[2015.04.04 15:08:26 | 000,189,952 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka6.jpg
[2015.04.04 15:08:21 | 000,139,965 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka5.jpg
[2015.04.04 15:08:15 | 000,164,461 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka4.jpg
[2015.04.04 15:08:09 | 000,160,409 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka3.jpg
[2015.04.04 15:08:03 | 000,260,999 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka2.jpg
[2015.04.04 15:07:59 | 000,144,496 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka1.jpg
[2015.04.04 14:55:15 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.04.04 11:48:02 | 016,748,632 | ---- | M] () -- C:\Users\Markéta\Desktop\RogueKiller.exe
[2015.04.04 11:09:38 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.04.04 10:59:53 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-NOTEBOOK_HP-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
[2015.04.04 10:57:40 | 002,690,981 | ---- | M] (Thisisu) -- C:\Users\Markéta\Desktop\JRT.exe
[2015.04.03 15:15:48 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.03 15:14:33 | 021,540,440 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Markéta\Desktop\mbam-setup-2.1.4.1018.exe
[2015.04.03 14:58:15 | 002,208,768 | ---- | M] () -- C:\Users\Markéta\Desktop\adwcleaner_4.200.exe
[2015.03.17 06:15:32 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015.03.17 06:15:26 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.03.17 06:15:22 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2015.04.13 17:22:09 | 3218,296,832 | -HS- | C] () -- C:\hiberfil.sys
[2015.04.12 18:53:55 | 000,000,512 | ---- | C] () -- C:\Users\Markéta\Desktop\MBR.dat
[2015.04.12 18:50:46 | 000,137,737 | ---- | C] () -- C:\Users\Markéta\Desktop\screenshot.jpg
[2015.04.07 19:02:21 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015.04.07 19:02:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2015.04.05 09:51:09 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2015.04.05 09:02:16 | 001,305,600 | ---- | C] () -- C:\Users\Markéta\Desktop\zoek.exe
[2015.04.04 21:07:40 | 001,198,901 | ---- | C] () -- C:\Users\Markéta\.recently-used.xbel
[2015.04.04 15:08:25 | 000,189,952 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka6.jpg
[2015.04.04 15:08:20 | 000,139,965 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka5.jpg
[2015.04.04 15:08:14 | 000,164,461 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka4.jpg
[2015.04.04 15:08:08 | 000,160,409 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka3.jpg
[2015.04.04 15:08:03 | 000,260,999 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka2.jpg
[2015.04.04 15:07:57 | 000,144,496 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka1.jpg
[2015.04.04 11:50:10 | 000,035,064 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2015.04.04 11:47:37 | 016,748,632 | ---- | C] () -- C:\Users\Markéta\Desktop\RogueKiller.exe
[2015.04.04 10:59:53 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-NOTEBOOK_HP-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
[2015.04.03 15:15:48 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.03 14:58:15 | 002,208,768 | ---- | C] () -- C:\Users\Markéta\Desktop\adwcleaner_4.200.exe
[2015.03.28 21:53:24 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.03.28 21:50:58 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.03.28 21:50:56 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.09.03 20:24:40 | 000,000,001 | ---- | C] () -- C:\Windows\System32\tst.bin
[2014.03.05 20:59:28 | 000,000,132 | ---- | C] () -- C:\Users\Markéta\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012.03.21 20:52:40 | 000,001,356 | ---- | C] () -- C:\Users\Markéta\AppData\Local\d3d9caps.dat
[2012.03.05 18:03:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.02.19 21:28:37 | 000,000,471 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012.02.09 16:23:24 | 000,024,064 | ---- | C] () -- C:\Users\Markéta\AppData\Roaming\UserTile.png
[2012.01.27 09:03:43 | 000,270,465 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.01.27 02:29:20 | 000,270,465 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.02 20:08:20 | 000,121,856 | ---- | C] () -- C:\Users\Markéta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.02 19:54:47 | 000,003,976 | RHS- | C] () -- C:\Users\Markéta\ntuser.pol
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2015.03.06 16:58:51 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\.minecraft
[2012.04.05 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\AppClient
[2014.08.12 21:10:29 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Audacity
[2012.04.19 21:43:28 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\BatteryBar
[2010.03.07 17:24:37 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\BatteryCare
[2012.12.21 08:30:03 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\ConMet
[2009.09.02 19:42:42 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\DigitalPersona
[2014.07.03 17:54:57 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\FileAdvisor
[2010.09.27 01:12:16 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Free Download Manager
[2015.04.04 21:07:40 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\gtk-2.0
[2015.02.28 13:36:20 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\java
[2012.10.12 02:58:32 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Orbit
[2011.03.02 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\RVM
[2011.01.21 17:07:19 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Samsung
[2014.04.15 19:28:18 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\TeamViewer
[2010.08.13 21:24:22 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\TuneUp Software
[2013.07.09 19:43:29 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Unity
[2012.04.22 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Youtube to MP3 Converter
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Markéta\Documents\P1000630.avi:TOC.WMV
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:8927A071
< End of report >
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Málo místa na jednom z disků:
Drive H: | 465,76 Gb Total Space | 51,71 Gb Free Space | 11,10% Space Free | Partition Type: NTFS
Prosím udělat aspoň 15%, poté proveď OTL znovu, ale v nouzovém režimu.
http://windows.microsoft.com/cs-cz/wind ... =windows-7
Drive H: | 465,76 Gb Total Space | 51,71 Gb Free Space | 11,10% Space Free | Partition Type: NTFS
Prosím udělat aspoň 15%, poté proveď OTL znovu, ale v nouzovém režimu.
http://windows.microsoft.com/cs-cz/wind ... =windows-7
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.

Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Prosím o kontrolu logu
Dnes ráno jsem zapla notebook, začala konfigurace aktualizací, pak hlásil, že aktualizace neproběhly správně a vrací nastavení do původního bodu. pracoval, pracoval, kolečko se točilo, uběhla hodina a musela jsem do práce, tak jsem ho nechala a šla.
Externí disk jsem dnes nechala v práci, to je ten, na kterém mám uvolnit místo. Takže se omlouvám, pokračovat na tom budu až zítra.
Pěkný den, M.
Externí disk jsem dnes nechala v práci, to je ten, na kterém mám uvolnit místo. Takže se omlouvám, pokračovat na tom budu až zítra.
Pěkný den, M.
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Pokud je externí, tak ho nech být. Netušil jsem to.
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.

Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Prosím o kontrolu logu
Mám tedy provést OTL znovu, v nouzovém režimu?
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Abo
+
Stáhni si Memtest:
Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
+
Stáhni si Memtest:
Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
OTL vyhodil jen 1 log, viz. níže. Memtest jsem nechala běžet skoro 3 hodiny - O errors.
Defragmentaci jsme dělali před 4-5 lety a dopadlo to tak, že jsme přišli o všechny data
.
Nejvíce nás mrzelo, že jsme přišli o všechny fotky za 2,5 roku. Takže se defragmentace bojím .
OTL logfile created on: 18.4.2015 21:49:11 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markéta\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 83,90% Memory free
6,19 Gb Paging File | 5,94 Gb Available in Paging File | 95,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 235,16 Gb Total Space | 88,00 Gb Free Space | 37,42% Space Free | Partition Type: NTFS
Drive D: | 7,73 Gb Total Space | 1,51 Gb Free Space | 19,50% Space Free | Partition Type: NTFS
Drive F: | 55,20 Gb Total Space | 14,24 Gb Free Space | 25,80% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 59,52 Gb Free Space | 12,78% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK_HP | User Name: Markéta | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Markéta\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\WinRAR\rarlng.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\System32\OggDS.dll ()
MOD - C:\WINDOWS\System32\VorbisEnc.dll ()
MOD - C:\WINDOWS\System32\vorbis.dll ()
MOD - C:\WINDOWS\System32\ogg.dll ()
========== Services (SafeList) ==========
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LavasoftTcpService) -- C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe (Lavasoft Limited)
SRV - (SearchProtectionService) -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe ()
SRV - (ScrKlgSvc) -- C:\Program Files\Max Software\Keylogger\skgsvc.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
SRV - (602XML Updater) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (Microsoft Office Groove Audit Service) -- F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (vfsFPService) -- C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe ()
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WinRing0_1_2_0) -- F:\Program Files\BatteryCare\WinRing0.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Markéta\AppData\Local\Temp\catchme.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (MBAMWebAccessControl) -- C:\WINDOWS\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (hpdskflt) -- C:\WINDOWS\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\WINDOWS\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (FTDIBUS) -- C:\WINDOWS\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (Point32) -- C:\WINDOWS\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\System32\FsUsbExDisk.Sys ()
DRV - (epfwwfpr) -- C:\WINDOWS\System32\drivers\epfwwfpr.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\System32\drivers\eamon.sys (ESET)
DRV - (eusk2par) -- C:\WINDOWS\System32\drivers\eusk2par.sys (Aladdin Knowledge Systems Ltd.)
DRV - (skfiltv) -- C:\WINDOWS\System32\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (JMCR) -- C:\WINDOWS\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (vfs101x) -- C:\WINDOWS\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (AVerAF15) -- C:\WINDOWS\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (FTSER2K) -- C:\WINDOWS\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (sscdmdm) -- C:\WINDOWS\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\WINDOWS\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (enecir) -- C:\WINDOWS\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Markéta\Documents\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=vmn&type=vmn_ ... 0418__yaie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {C0C3A6C6-03BC-4195-8FCB-AEA091301353}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_cs
IE - HKCU\..\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}: "URL" = https://search.yahoo.com/search?fr=vmn& ... 8__yaie&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Markéta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.15 08:42:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.03 21:52:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.06.10 14:05:05 | 000,000,000 | ---D | M]
[2015.04.18 17:32:12 | 000,002,692 | ---- | M] () -- \searchplugins\yahoo.xml
[2012.08.01 01:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_1\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2015.04.06 10:53:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [popweb] C:\Program Files\Max Software\Keylogger\scragent.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (Lavasoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - F:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://F:\Program Files\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://F:\Program Files\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://F:\Program Files\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://F:\Program Files\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\LavasoftTcpService.dll (Lavasoft Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\LavasoftTcpService.dll (Lavasoft Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\LavasoftTcpService.dll (Lavasoft Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\LavasoftTcpService.dll (Lavasoft Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\LavasoftTcpService.dll (Lavasoft Limited)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 4shared.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: blogspot.com ([digifree] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{222D00BC-B3CA-4D71-A5E9-5E58213C6CC2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Markéta\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Markéta\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2015.04.18 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\Markéta\Documents\Corel User Files
[2015.04.18 18:39:15 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Roaming\Corel
[2015.04.18 18:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
[2015.04.18 18:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2015.04.18 18:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2015.04.18 17:32:12 | 000,000,000 | ---D | C] -- C:\searchplugins
[2015.04.18 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Local\Lavasoft
[2015.04.18 17:31:33 | 000,326,288 | ---- | C] (Lavasoft Limited) -- C:\Windows\System32\LavasoftTcpService.dll
[2015.04.18 17:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2015.04.18 17:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2015.04.18 17:29:13 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Roaming\Lavasoft
[2015.04.18 17:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2015.04.18 17:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2015.04.18 17:28:59 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Roaming\OpenCandy
[2015.04.18 17:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2015.04.18 14:36:13 | 003,015,448 | ---- | C] (Crystal Dew World ) -- C:\Users\Markéta\Desktop\CrystalDiskInfo6_3_1-en.exe
[2015.04.17 20:24:12 | 000,000,000 | ---D | C] -- C:\Users\Markéta\Desktop\W. MATUŠKA
[2015.04.16 06:51:46 | 000,490,496 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2015.04.14 21:54:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015.04.14 19:51:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Markéta\Desktop\OTL.exe
[2015.04.14 19:49:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2015.04.13 17:15:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.04.13 17:15:26 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Local\temp
[2015.04.12 18:52:43 | 005,200,384 | ---- | C] (AVAST Software) -- C:\Users\Markéta\Desktop\aswmbr.exe
[2015.04.06 10:33:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2015.04.06 10:33:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.04.05 10:20:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Markéta\Desktop\HijackThis.exe
[2015.04.05 09:39:47 | 000,000,000 | ---D | C] -- C:\zoek
[2015.04.05 09:05:01 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2015.04.04 11:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015.04.04 10:59:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015.04.04 10:57:25 | 002,690,981 | ---- | C] (Thisisu) -- C:\Users\Markéta\Desktop\JRT.exe
[2015.04.03 15:16:07 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.04.03 15:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015.04.03 15:15:44 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.04.03 15:15:44 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015.04.03 15:15:44 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015.04.03 15:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015.04.03 15:14:03 | 021,540,440 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Markéta\Desktop\mbam-setup-2.1.4.1018.exe
[2015.04.03 14:59:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.04.03 14:47:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2015.04.02 20:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2015.03.28 23:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2015.03.28 21:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015.03.24 19:38:57 | 000,000,000 | -H-D | C] -- C:\Users\Markéta\Documents\isurklg
========== Files - Modified Within 30 Days ==========
[2015.04.18 21:48:33 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2015.04.18 21:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.04.18 21:47:41 | 000,411,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015.04.18 21:46:13 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015.04.18 21:46:12 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.04.18 21:42:56 | 001,205,180 | ---- | M] () -- C:\Users\Markéta\.recently-used.xbel
[2015.04.18 20:53:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.04.18 20:01:02 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.04.18 18:40:16 | 000,122,368 | ---- | M] () -- C:\Users\Markéta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015.04.18 18:01:45 | 000,646,114 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015.04.18 18:01:45 | 000,635,284 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.04.18 18:01:45 | 000,142,318 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015.04.18 18:01:45 | 000,119,850 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.04.18 17:54:26 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.04.18 17:54:15 | 000,270,465 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2015.04.18 17:54:15 | 000,270,465 | ---- | M] () -- C:\ProgramData\nvModes.001
[2015.04.18 17:32:17 | 000,000,278 | ---- | M] () -- C:\prefs.js
[2015.04.18 17:29:02 | 000,001,725 | ---- | M] () -- C:\Users\Markéta\Desktop\CrystalDiskInfo.lnk
[2015.04.18 14:36:24 | 003,015,448 | ---- | M] (Crystal Dew World ) -- C:\Users\Markéta\Desktop\CrystalDiskInfo6_3_1-en.exe
[2015.04.18 14:34:20 | 000,015,201 | ---- | M] () -- C:\Users\Markéta\Desktop\MemTest.zip
[2015.04.18 14:20:15 | 000,289,329 | ---- | M] () -- C:\Users\Markéta\Desktop\ISO1_DVD.nri
[2015.04.14 19:51:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markéta\Desktop\OTL.exe
[2015.04.12 18:53:55 | 000,000,512 | ---- | M] () -- C:\Users\Markéta\Desktop\MBR.dat
[2015.04.12 18:52:45 | 005,200,384 | ---- | M] (AVAST Software) -- C:\Users\Markéta\Desktop\aswmbr.exe
[2015.04.12 18:51:33 | 000,137,737 | ---- | M] () -- C:\Users\Markéta\Desktop\screenshot.jpg
[2015.04.07 19:02:21 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015.04.06 10:53:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.04.05 10:20:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Markéta\Desktop\HijackThis.exe
[2015.04.05 10:09:08 | 000,035,064 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2015.04.05 09:59:16 | 000,003,976 | RHS- | M] () -- C:\Users\Markéta\ntuser.pol
[2015.04.05 09:05:00 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2015.04.05 09:02:18 | 001,305,600 | ---- | M] () -- C:\Users\Markéta\Desktop\zoek.exe
[2015.04.04 15:08:26 | 000,189,952 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka6.jpg
[2015.04.04 15:08:21 | 000,139,965 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka5.jpg
[2015.04.04 15:08:15 | 000,164,461 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka4.jpg
[2015.04.04 15:08:09 | 000,160,409 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka3.jpg
[2015.04.04 15:08:03 | 000,260,999 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka2.jpg
[2015.04.04 15:07:59 | 000,144,496 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka1.jpg
[2015.04.04 11:48:02 | 016,748,632 | ---- | M] () -- C:\Users\Markéta\Desktop\RogueKiller.exe
[2015.04.04 11:09:38 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.04.04 10:59:53 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-NOTEBOOK_HP-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
[2015.04.04 10:57:40 | 002,690,981 | ---- | M] (Thisisu) -- C:\Users\Markéta\Desktop\JRT.exe
[2015.04.03 15:15:48 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.03 15:14:33 | 021,540,440 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Markéta\Desktop\mbam-setup-2.1.4.1018.exe
[2015.04.03 14:58:15 | 002,208,768 | ---- | M] () -- C:\Users\Markéta\Desktop\adwcleaner_4.200.exe
========== Files Created - No Company Name ==========
[2015.04.18 21:42:56 | 001,205,180 | ---- | C] () -- C:\Users\Markéta\.recently-used.xbel
[2015.04.18 17:32:12 | 000,000,278 | ---- | C] () -- C:\prefs.js
[2015.04.18 17:29:02 | 000,001,725 | ---- | C] () -- C:\Users\Markéta\Desktop\CrystalDiskInfo.lnk
[2015.04.18 14:37:24 | 000,028,672 | ---- | C] () -- C:\Users\Markéta\Desktop\memtest.exe
[2015.04.18 14:34:18 | 000,015,201 | ---- | C] () -- C:\Users\Markéta\Desktop\MemTest.zip
[2015.04.18 14:20:14 | 000,289,329 | ---- | C] () -- C:\Users\Markéta\Desktop\ISO1_DVD.nri
[2015.04.12 18:53:55 | 000,000,512 | ---- | C] () -- C:\Users\Markéta\Desktop\MBR.dat
[2015.04.12 18:50:46 | 000,137,737 | ---- | C] () -- C:\Users\Markéta\Desktop\screenshot.jpg
[2015.04.07 19:02:21 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015.04.07 19:02:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2015.04.05 09:51:09 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2015.04.05 09:02:16 | 001,305,600 | ---- | C] () -- C:\Users\Markéta\Desktop\zoek.exe
[2015.04.04 15:08:25 | 000,189,952 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka6.jpg
[2015.04.04 15:08:20 | 000,139,965 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka5.jpg
[2015.04.04 15:08:14 | 000,164,461 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka4.jpg
[2015.04.04 15:08:08 | 000,160,409 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka3.jpg
[2015.04.04 15:08:03 | 000,260,999 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka2.jpg
[2015.04.04 15:07:57 | 000,144,496 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka1.jpg
[2015.04.04 11:50:10 | 000,035,064 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2015.04.04 11:47:37 | 016,748,632 | ---- | C] () -- C:\Users\Markéta\Desktop\RogueKiller.exe
[2015.04.04 10:59:53 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-NOTEBOOK_HP-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
[2015.04.03 15:15:48 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.03 14:58:15 | 002,208,768 | ---- | C] () -- C:\Users\Markéta\Desktop\adwcleaner_4.200.exe
[2015.03.28 21:53:24 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.03.28 21:50:58 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.03.28 21:50:56 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.09.03 20:24:40 | 000,000,001 | ---- | C] () -- C:\Windows\System32\tst.bin
[2014.03.05 20:59:28 | 000,000,132 | ---- | C] () -- C:\Users\Markéta\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012.03.21 20:52:40 | 000,001,356 | ---- | C] () -- C:\Users\Markéta\AppData\Local\d3d9caps.dat
[2012.03.05 18:03:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.02.19 21:28:37 | 000,000,471 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012.02.09 16:23:24 | 000,024,064 | ---- | C] () -- C:\Users\Markéta\AppData\Roaming\UserTile.png
[2012.01.27 09:03:43 | 000,270,465 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.01.27 02:29:20 | 000,270,465 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.02 20:08:20 | 000,122,368 | ---- | C] () -- C:\Users\Markéta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.02 19:54:47 | 000,003,976 | RHS- | C] () -- C:\Users\Markéta\ntuser.pol
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2015.03.06 16:58:51 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\.minecraft
[2012.04.05 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\AppClient
[2014.08.12 21:10:29 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Audacity
[2012.04.19 21:43:28 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\BatteryBar
[2010.03.07 17:24:37 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\BatteryCare
[2012.12.21 08:30:03 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\ConMet
[2009.09.02 19:42:42 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\DigitalPersona
[2014.07.03 17:54:57 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\FileAdvisor
[2010.09.27 01:12:16 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Free Download Manager
[2015.04.18 21:42:56 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\gtk-2.0
[2015.02.28 13:36:20 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\java
[2015.04.18 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\OpenCandy
[2012.10.12 02:58:32 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Orbit
[2011.03.02 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\RVM
[2011.01.21 17:07:19 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Samsung
[2014.04.15 19:28:18 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\TeamViewer
[2010.08.13 21:24:22 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\TuneUp Software
[2013.07.09 19:43:29 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Unity
[2012.04.22 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Youtube to MP3 Converter
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Markéta\Documents\P1000630.avi:TOC.WMV
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:8927A071
< End of report >
Defragmentaci jsme dělali před 4-5 lety a dopadlo to tak, že jsme přišli o všechny data

Nejvíce nás mrzelo, že jsme přišli o všechny fotky za 2,5 roku. Takže se defragmentace bojím .
OTL logfile created on: 18.4.2015 21:49:11 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markéta\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 83,90% Memory free
6,19 Gb Paging File | 5,94 Gb Available in Paging File | 95,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 235,16 Gb Total Space | 88,00 Gb Free Space | 37,42% Space Free | Partition Type: NTFS
Drive D: | 7,73 Gb Total Space | 1,51 Gb Free Space | 19,50% Space Free | Partition Type: NTFS
Drive F: | 55,20 Gb Total Space | 14,24 Gb Free Space | 25,80% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 59,52 Gb Free Space | 12,78% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK_HP | User Name: Markéta | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Markéta\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\WinRAR\rarlng.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\System32\OggDS.dll ()
MOD - C:\WINDOWS\System32\VorbisEnc.dll ()
MOD - C:\WINDOWS\System32\vorbis.dll ()
MOD - C:\WINDOWS\System32\ogg.dll ()
========== Services (SafeList) ==========
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LavasoftTcpService) -- C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe (Lavasoft Limited)
SRV - (SearchProtectionService) -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe ()
SRV - (ScrKlgSvc) -- C:\Program Files\Max Software\Keylogger\skgsvc.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
SRV - (602XML Updater) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (Microsoft Office Groove Audit Service) -- F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (vfsFPService) -- C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe ()
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WinRing0_1_2_0) -- F:\Program Files\BatteryCare\WinRing0.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Markéta\AppData\Local\Temp\catchme.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (MBAMWebAccessControl) -- C:\WINDOWS\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (hpdskflt) -- C:\WINDOWS\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\WINDOWS\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (FTDIBUS) -- C:\WINDOWS\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (Point32) -- C:\WINDOWS\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\System32\FsUsbExDisk.Sys ()
DRV - (epfwwfpr) -- C:\WINDOWS\System32\drivers\epfwwfpr.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\System32\drivers\eamon.sys (ESET)
DRV - (eusk2par) -- C:\WINDOWS\System32\drivers\eusk2par.sys (Aladdin Knowledge Systems Ltd.)
DRV - (skfiltv) -- C:\WINDOWS\System32\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (JMCR) -- C:\WINDOWS\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (vfs101x) -- C:\WINDOWS\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (AVerAF15) -- C:\WINDOWS\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (FTSER2K) -- C:\WINDOWS\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (sscdmdm) -- C:\WINDOWS\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\WINDOWS\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (enecir) -- C:\WINDOWS\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Markéta\Documents\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=vmn&type=vmn_ ... 0418__yaie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {C0C3A6C6-03BC-4195-8FCB-AEA091301353}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_cs
IE - HKCU\..\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}: "URL" = https://search.yahoo.com/search?fr=vmn& ... 8__yaie&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Markéta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.15 08:42:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.03 21:52:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.06.10 14:05:05 | 000,000,000 | ---D | M]
[2015.04.18 17:32:12 | 000,002,692 | ---- | M] () -- \searchplugins\yahoo.xml
[2012.08.01 01:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_1\
CHR - Extension: No name found = C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2015.04.06 10:53:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [popweb] C:\Program Files\Max Software\Keylogger\scragent.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (Lavasoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - F:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://F:\Program Files\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://F:\Program Files\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://F:\Program Files\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://F:\Program Files\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\LavasoftTcpService.dll (Lavasoft Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\LavasoftTcpService.dll (Lavasoft Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\LavasoftTcpService.dll (Lavasoft Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\LavasoftTcpService.dll (Lavasoft Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\LavasoftTcpService.dll (Lavasoft Limited)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 4shared.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: blogspot.com ([digifree] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{222D00BC-B3CA-4D71-A5E9-5E58213C6CC2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Markéta\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Markéta\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2015.04.18 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\Markéta\Documents\Corel User Files
[2015.04.18 18:39:15 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Roaming\Corel
[2015.04.18 18:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
[2015.04.18 18:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2015.04.18 18:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2015.04.18 17:32:12 | 000,000,000 | ---D | C] -- C:\searchplugins
[2015.04.18 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Local\Lavasoft
[2015.04.18 17:31:33 | 000,326,288 | ---- | C] (Lavasoft Limited) -- C:\Windows\System32\LavasoftTcpService.dll
[2015.04.18 17:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2015.04.18 17:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2015.04.18 17:29:13 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Roaming\Lavasoft
[2015.04.18 17:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2015.04.18 17:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2015.04.18 17:28:59 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Roaming\OpenCandy
[2015.04.18 17:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2015.04.18 14:36:13 | 003,015,448 | ---- | C] (Crystal Dew World ) -- C:\Users\Markéta\Desktop\CrystalDiskInfo6_3_1-en.exe
[2015.04.17 20:24:12 | 000,000,000 | ---D | C] -- C:\Users\Markéta\Desktop\W. MATUŠKA
[2015.04.16 06:51:46 | 000,490,496 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2015.04.14 21:54:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015.04.14 19:51:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Markéta\Desktop\OTL.exe
[2015.04.14 19:49:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2015.04.13 17:15:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.04.13 17:15:26 | 000,000,000 | ---D | C] -- C:\Users\Markéta\AppData\Local\temp
[2015.04.12 18:52:43 | 005,200,384 | ---- | C] (AVAST Software) -- C:\Users\Markéta\Desktop\aswmbr.exe
[2015.04.06 10:33:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2015.04.06 10:33:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.04.05 10:20:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Markéta\Desktop\HijackThis.exe
[2015.04.05 09:39:47 | 000,000,000 | ---D | C] -- C:\zoek
[2015.04.05 09:05:01 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2015.04.04 11:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015.04.04 10:59:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015.04.04 10:57:25 | 002,690,981 | ---- | C] (Thisisu) -- C:\Users\Markéta\Desktop\JRT.exe
[2015.04.03 15:16:07 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.04.03 15:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015.04.03 15:15:44 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.04.03 15:15:44 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015.04.03 15:15:44 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015.04.03 15:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015.04.03 15:14:03 | 021,540,440 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Markéta\Desktop\mbam-setup-2.1.4.1018.exe
[2015.04.03 14:59:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.04.03 14:47:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2015.04.02 20:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2015.03.28 23:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2015.03.28 21:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015.03.24 19:38:57 | 000,000,000 | -H-D | C] -- C:\Users\Markéta\Documents\isurklg
========== Files - Modified Within 30 Days ==========
[2015.04.18 21:48:33 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2015.04.18 21:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.04.18 21:47:41 | 000,411,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015.04.18 21:46:13 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015.04.18 21:46:12 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.04.18 21:42:56 | 001,205,180 | ---- | M] () -- C:\Users\Markéta\.recently-used.xbel
[2015.04.18 20:53:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.04.18 20:01:02 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.04.18 18:40:16 | 000,122,368 | ---- | M] () -- C:\Users\Markéta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015.04.18 18:01:45 | 000,646,114 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015.04.18 18:01:45 | 000,635,284 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.04.18 18:01:45 | 000,142,318 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015.04.18 18:01:45 | 000,119,850 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.04.18 17:54:26 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.04.18 17:54:15 | 000,270,465 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2015.04.18 17:54:15 | 000,270,465 | ---- | M] () -- C:\ProgramData\nvModes.001
[2015.04.18 17:32:17 | 000,000,278 | ---- | M] () -- C:\prefs.js
[2015.04.18 17:29:02 | 000,001,725 | ---- | M] () -- C:\Users\Markéta\Desktop\CrystalDiskInfo.lnk
[2015.04.18 14:36:24 | 003,015,448 | ---- | M] (Crystal Dew World ) -- C:\Users\Markéta\Desktop\CrystalDiskInfo6_3_1-en.exe
[2015.04.18 14:34:20 | 000,015,201 | ---- | M] () -- C:\Users\Markéta\Desktop\MemTest.zip
[2015.04.18 14:20:15 | 000,289,329 | ---- | M] () -- C:\Users\Markéta\Desktop\ISO1_DVD.nri
[2015.04.14 19:51:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markéta\Desktop\OTL.exe
[2015.04.12 18:53:55 | 000,000,512 | ---- | M] () -- C:\Users\Markéta\Desktop\MBR.dat
[2015.04.12 18:52:45 | 005,200,384 | ---- | M] (AVAST Software) -- C:\Users\Markéta\Desktop\aswmbr.exe
[2015.04.12 18:51:33 | 000,137,737 | ---- | M] () -- C:\Users\Markéta\Desktop\screenshot.jpg
[2015.04.07 19:02:21 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015.04.06 10:53:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.04.05 10:20:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Markéta\Desktop\HijackThis.exe
[2015.04.05 10:09:08 | 000,035,064 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2015.04.05 09:59:16 | 000,003,976 | RHS- | M] () -- C:\Users\Markéta\ntuser.pol
[2015.04.05 09:05:00 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2015.04.05 09:02:18 | 001,305,600 | ---- | M] () -- C:\Users\Markéta\Desktop\zoek.exe
[2015.04.04 15:08:26 | 000,189,952 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka6.jpg
[2015.04.04 15:08:21 | 000,139,965 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka5.jpg
[2015.04.04 15:08:15 | 000,164,461 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka4.jpg
[2015.04.04 15:08:09 | 000,160,409 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka3.jpg
[2015.04.04 15:08:03 | 000,260,999 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka2.jpg
[2015.04.04 15:07:59 | 000,144,496 | ---- | M] () -- C:\Users\Markéta\Documents\Karolnka1.jpg
[2015.04.04 11:48:02 | 016,748,632 | ---- | M] () -- C:\Users\Markéta\Desktop\RogueKiller.exe
[2015.04.04 11:09:38 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.04.04 10:59:53 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-NOTEBOOK_HP-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
[2015.04.04 10:57:40 | 002,690,981 | ---- | M] (Thisisu) -- C:\Users\Markéta\Desktop\JRT.exe
[2015.04.03 15:15:48 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.03 15:14:33 | 021,540,440 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Markéta\Desktop\mbam-setup-2.1.4.1018.exe
[2015.04.03 14:58:15 | 002,208,768 | ---- | M] () -- C:\Users\Markéta\Desktop\adwcleaner_4.200.exe
========== Files Created - No Company Name ==========
[2015.04.18 21:42:56 | 001,205,180 | ---- | C] () -- C:\Users\Markéta\.recently-used.xbel
[2015.04.18 17:32:12 | 000,000,278 | ---- | C] () -- C:\prefs.js
[2015.04.18 17:29:02 | 000,001,725 | ---- | C] () -- C:\Users\Markéta\Desktop\CrystalDiskInfo.lnk
[2015.04.18 14:37:24 | 000,028,672 | ---- | C] () -- C:\Users\Markéta\Desktop\memtest.exe
[2015.04.18 14:34:18 | 000,015,201 | ---- | C] () -- C:\Users\Markéta\Desktop\MemTest.zip
[2015.04.18 14:20:14 | 000,289,329 | ---- | C] () -- C:\Users\Markéta\Desktop\ISO1_DVD.nri
[2015.04.12 18:53:55 | 000,000,512 | ---- | C] () -- C:\Users\Markéta\Desktop\MBR.dat
[2015.04.12 18:50:46 | 000,137,737 | ---- | C] () -- C:\Users\Markéta\Desktop\screenshot.jpg
[2015.04.07 19:02:21 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015.04.07 19:02:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2015.04.05 09:51:09 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2015.04.05 09:02:16 | 001,305,600 | ---- | C] () -- C:\Users\Markéta\Desktop\zoek.exe
[2015.04.04 15:08:25 | 000,189,952 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka6.jpg
[2015.04.04 15:08:20 | 000,139,965 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka5.jpg
[2015.04.04 15:08:14 | 000,164,461 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka4.jpg
[2015.04.04 15:08:08 | 000,160,409 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka3.jpg
[2015.04.04 15:08:03 | 000,260,999 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka2.jpg
[2015.04.04 15:07:57 | 000,144,496 | ---- | C] () -- C:\Users\Markéta\Documents\Karolnka1.jpg
[2015.04.04 11:50:10 | 000,035,064 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2015.04.04 11:47:37 | 016,748,632 | ---- | C] () -- C:\Users\Markéta\Desktop\RogueKiller.exe
[2015.04.04 10:59:53 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-NOTEBOOK_HP-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
[2015.04.03 15:15:48 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.03 14:58:15 | 002,208,768 | ---- | C] () -- C:\Users\Markéta\Desktop\adwcleaner_4.200.exe
[2015.03.28 21:53:24 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.03.28 21:50:58 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.03.28 21:50:56 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.09.03 20:24:40 | 000,000,001 | ---- | C] () -- C:\Windows\System32\tst.bin
[2014.03.05 20:59:28 | 000,000,132 | ---- | C] () -- C:\Users\Markéta\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012.03.21 20:52:40 | 000,001,356 | ---- | C] () -- C:\Users\Markéta\AppData\Local\d3d9caps.dat
[2012.03.05 18:03:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.02.19 21:28:37 | 000,000,471 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012.02.09 16:23:24 | 000,024,064 | ---- | C] () -- C:\Users\Markéta\AppData\Roaming\UserTile.png
[2012.01.27 09:03:43 | 000,270,465 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.01.27 02:29:20 | 000,270,465 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.02 20:08:20 | 000,122,368 | ---- | C] () -- C:\Users\Markéta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.02 19:54:47 | 000,003,976 | RHS- | C] () -- C:\Users\Markéta\ntuser.pol
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2015.03.06 16:58:51 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\.minecraft
[2012.04.05 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\AppClient
[2014.08.12 21:10:29 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Audacity
[2012.04.19 21:43:28 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\BatteryBar
[2010.03.07 17:24:37 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\BatteryCare
[2012.12.21 08:30:03 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\ConMet
[2009.09.02 19:42:42 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\DigitalPersona
[2014.07.03 17:54:57 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\FileAdvisor
[2010.09.27 01:12:16 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Free Download Manager
[2015.04.18 21:42:56 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\gtk-2.0
[2015.02.28 13:36:20 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\java
[2015.04.18 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\OpenCandy
[2012.10.12 02:58:32 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Orbit
[2011.03.02 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\RVM
[2011.01.21 17:07:19 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Samsung
[2014.04.15 19:28:18 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\TeamViewer
[2010.08.13 21:24:22 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\TuneUp Software
[2013.07.09 19:43:29 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Unity
[2012.04.22 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\Markéta\AppData\Roaming\Youtube to MP3 Converter
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Markéta\Documents\P1000630.avi:TOC.WMV
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:8927A071
< End of report >
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 92 hostů