Extras
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F4A8604-78CA-49AC-8647-0621CB770FD3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{0FB27E5B-4C4C-46DA-B481-33FC107A4415}" = rport=137 | protocol=17 | dir=out | app=system |
"{1BBB02EC-C555-49FA-B9EF-DD0D940EEBDA}" = lport=138 | protocol=17 | dir=in | app=system |
"{2F1850FC-1A33-438C-895E-DC5D1DB1E813}" = rport=139 | protocol=6 | dir=out | app=system |
"{3056FA85-D4A0-451F-A536-F3D2F188AB48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C0B1105-94EF-43C1-BB7F-6E9B1E51D420}" = lport=139 | protocol=6 | dir=in | app=system |
"{60ABF4E7-987D-4ADD-B587-F59F072A237D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63822CCA-330B-4E62-8B25-FE5DB289BA54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{64FE22C4-EED0-4796-B936-D2B577ED52A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6ADFCCA0-C88A-426E-B47E-BDAD21FA110A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E44EAB6-7205-40B4-9857-17C6C1B38687}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{799837E3-A05D-40B0-88CE-6F2CF1351571}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FF703F1-030F-4249-B222-F1E6B4DACF72}" = lport=445 | protocol=6 | dir=in | app=system |
"{9B1F58B9-E5E6-4BB7-9DC9-7296EAF5FCCC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A636A5FB-D3A8-4138-9FD5-CF7C46F5CC54}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B83A0331-AF9B-4F89-89C9-342C7CDC2EC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C079B810-0DDF-46AC-8EF1-E89324002602}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C96E53D3-59DB-4DE6-B111-EA532C23C667}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFBACA7E-6BBC-4165-8750-20ACED38579D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D2967DD1-0C69-4E2F-85DE-6C3268DC391E}" = rport=138 | protocol=17 | dir=out | app=system |
"{DE3F15A6-A35F-4A8B-9055-778C5C9FA2B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1684DFC-403F-487B-8FE5-F76FD3C0F3C2}" = rport=445 | protocol=6 | dir=out | app=system |
"{E8177C53-2DF4-4A23-9DF4-10D0234A2FB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3F7914C-1479-41BA-AAEA-FCC14AB5562F}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026565B5-52AD-49A3-868F-61E4A92450CC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0AF5B533-8D82-48F0-8A17-073E6188C830}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{0D5D18E7-C89F-4CAE-9C62-2D7D057144A2}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{0D6DBBF4-9155-42C7-8B15-629E2086BCA5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0DA7A2C4-C1BF-429A-9D65-68BD6454EB43}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1007A22E-3974-4BA7-A550-B456A80E2350}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{11C2E33E-D9B4-4285-AD53-A2F5F6C9FEDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{12D60778-D0A8-46F4-8DD2-C2AE58D64C3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14AABA96-7A8B-4062-9D36-217D8DC9E7F4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1F04643C-834D-483E-9D91-BBBE79355433}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{22DBFC72-08DB-41FB-B3BA-86633F4F4FD2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{2E5C3DA7-EAC8-4C02-A0AA-156E3B9D3C96}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2F31E1B9-BAFC-4BFC-93A4-1951A9FA169D}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{2FC97876-E874-4505-B6E0-C3B6C452FBC5}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{34C1A5AF-B8FE-4D18-9950-CB3579D79814}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{350B21FB-AC8B-46B3-AE1B-7DD6366E9EC9}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{3982A2BA-0C85-4626-B653-F155384FA825}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{3E1E7658-09DE-4064-9E1D-2D0B6291D92E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{48C8C3E3-AB4D-4F5C-AB33-2CC82014C200}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C1BBD36-1A95-4398-A5A7-DDC88596B41F}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\panprocess.exe |
"{554C8B86-A0F0-464D-9F8F-00D30BEECF86}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5C8DC849-D4E1-4D6B-94FB-22EC9D9E5940}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5D0B7867-E371-4C97-A141-E3265AE578AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6352B154-C6F7-4C4A-938A-756BA0B623C3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{68765BA6-E3C5-4073-A859-BE5E93673FD4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6A585481-5E46-4197-895B-8226453CFD00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E9BE3EF-8F7B-4A0B-8AF3-2ABCD940F921}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70564D09-4990-483C-9A41-027B23864289}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{711B6A51-885B-4D06-9F51-1AF1612BC6AF}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\panprocess.exe |
"{787C5724-153E-4F44-99F6-5D3540CFFDE1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8BF12952-26DE-46E3-8AB0-C6A9DF5EEC63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{8F117DA1-EEBB-4255-B604-0DE34990C006}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\panprocess.exe |
"{91B7ABA0-AD18-4568-AB3A-8104DEE0F115}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{992753A1-A8A8-43FB-80D1-89A20F31EA6E}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\panprocess.exe |
"{9EBE3AF3-F70B-4D31-9992-6113BCF96B53}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9F00A77D-A264-4707-B709-2C965A87D06C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0347E96-1D4C-4FA6-ACA2-D153DEF1303D}" = dir=in | app=c:\program files\htc sync manager\htcsyncmanager.exe |
"{A36AE1C4-E44F-4CD4-AA52-D70A88CE0110}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A37A8B5C-6549-4C49-B4C1-C60C2383B69C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B4B71D7E-52EC-4723-876B-3D25EA45BFB2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{B7A50D94-6FC9-4C5B-B383-DD52EF4CE023}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BAAA846E-B259-4709-A0EF-F56E412CEFA4}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{BF62A4F6-E1E1-489E-9F9B-7916F5C30D4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA463978-BC30-4E26-BBCC-3D960D971C2F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{CE9FA99A-4EF4-4A4D-8AB3-6CF961B790B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0851FAC-767F-4672-931F-B4363B91C4D3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{D0C26F70-540E-4E1E-AE41-B7D24E9B393E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D0C86A57-1643-4DE2-9379-A203BF8917ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1C84499-D31F-4FF7-9ACF-04BC3BA43C3E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{D42A21CB-1330-437F-980B-29A604688776}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D49B1054-FBBC-4562-BAF2-8108DFEE7CB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DE5F405C-BAE7-4681-BA5E-30356CBA7390}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E644299F-3458-42D3-8EC3-69DD4F48D360}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{EB582E15-EC72-47FF-9563-F77731E4D3B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{EC12C3FF-56C1-4527-8FF4-EE9C959D3016}" = protocol=6 | dir=out | app=system |
"{F1558740-A0FF-4E2B-AC2E-91D296D2A3E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{F180625C-6C5C-48B8-8B65-AB42D5F84542}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{F65A199A-54AF-4C89-8D85-059EBABA1CF9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{FB54E609-BC05-41E0-98F2-F95459B9C6FE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{FBE6E3BA-5491-43A1-929A-96638907E945}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{FC662A1A-5CC8-43B4-8646-0FE4451F9F78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{355735F1-10CC-4DF4-9563-8C4CE3A04FA4}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe |
"TCP Query User{45809B49-F4E3-404F-AE04-9B5E67698286}C:\games\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\games\counter-strike 1.6\hl.exe |
"TCP Query User{62AACE14-4686-4961-8671-C640C0C52691}C:\games\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\games\condition zero\czero.exe |
"TCP Query User{80409998-DC4C-48F6-907E-21054B7F326B}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"UDP Query User{3A3990F2-92C1-4208-88C4-5647967B81D1}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe |
"UDP Query User{6DC98D28-A8E4-4C23-A4C8-CB566FC68642}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"UDP Query User{71CBA217-060F-4D01-8FC7-2002AC93AEEF}C:\games\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\games\condition zero\czero.exe |
"UDP Query User{A8B373EA-C4FA-4005-9270-E210B473AA9F}C:\games\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\games\counter-strike 1.6\hl.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05BA6FCD-1701-4AB9-8A1B-59008261695E}" = PS_AIO_06_B109a-m_SW_Min
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{130D3951-8029-4115-A2BE-68F19B63B491}" = HTC Sync Manager
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{47491961-C944-4FD9-A023-33C6E724F108}_is1" = Rapoo 9200 Mouse Driver V1.0
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60101C13-2C13-48FB-855D-33D9F3013133}" = B109a-m
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B531332-0D5D-4B3B-A22C-8330DEA695A7}" = LogMeIn Hamachi
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A253A57F-4319-49B5-B405-64587FFBCFE2}" = HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Czech
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIMP3" = AIMP3
"Alan Wake_is1" = «Alan Wake» 1.05.16.7103
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Counter-Strike 1.6" = Counter-Strike 1.6
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"CS 1.6 cz" = CS 1.6 cz
"DAEMON Tools Lite" = DAEMON Tools Lite
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 3.00
"GIMP-2_is1" = GIMP 2.8.2
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"High Quality Photo Resizer_is1" = High Quality Photo Resizer 5.02
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Mozilla Firefox 18.0.1 (x86 cs)" = Mozilla Firefox 18.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"PC Brother Registry Cleaner Free_is1" = PC Brother Registry Cleaner Free v1.5.1.19
"Shop for HP Supplies" = Shop for HP Supplies
"SP_7699c875" = Search Assistant SimpleSpeedy 1.74
"TeamViewer 8" = TeamViewer 8
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.20 (32-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"QIP Infium" = QIP Infium 3.0.9044
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5.5.2013 4:05:21 | Computer Name = User-laptop | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 0.0.0.0, časové razítko:
0x4e06cfe8 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x00100fdf ID chybujícího procesu: 0x1560 Čas spuštění
chybující aplikace: 0x01ce496747c95e35 Cesta k chybující aplikaci: C:\32788R22FWJFW\License\iexplore.exe
Cesta
k chybujícímu modulu: unknown ID zprávy: 87dfd5da-b55a-11e2-8d22-001eec4b2bcb
Error - 5.5.2013 4:06:06 | Computer Name = User-laptop | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 0.0.0.0, časové razítko:
0x4e06cfe8 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x00200fdf ID chybujícího procesu: 0x160c Čas spuštění
chybující aplikace: 0x01ce49676396ee9d Cesta k chybující aplikaci: C:\32788R22FWJFW\License\iexplore.exe
Cesta
k chybujícímu modulu: unknown ID zprávy: a2b1c483-b55a-11e2-8d22-001eec4b2bcb
Error - 5.5.2013 4:06:06 | Computer Name = User-laptop | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 0.0.0.0, časové razítko:
0x4e06cfe8 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x00100fdf ID chybujícího procesu: 0x1548 Čas spuštění
chybující aplikace: 0x01ce4967638b55b1 Cesta k chybující aplikaci: C:\32788R22FWJFW\License\iexplore.exe
Cesta
k chybujícímu modulu: unknown ID zprávy: a2c091ca-b55a-11e2-8d22-001eec4b2bcb
Error - 5.5.2013 4:06:06 | Computer Name = User-laptop | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 0.0.0.0, časové razítko:
0x4e06cfe8 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x00110fdf ID chybujícího procesu: 0x1680 Čas spuštění
chybující aplikace: 0x01ce49676390acf5 Cesta k chybující aplikaci: C:\32788R22FWJFW\License\iexplore.exe
Cesta
k chybujícímu modulu: unknown ID zprávy: a2cbdc95-b55a-11e2-8d22-001eec4b2bcb
Error - 5.5.2013 4:06:06 | Computer Name = User-laptop | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 0.0.0.0, časové razítko:
0x4e06cfe8 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x00100fdf ID chybujícího procesu: 0x12ac Čas spuštění
chybující aplikace: 0x01ce496763940862 Cesta k chybující aplikaci: C:\32788R22FWJFW\License\iexplore.exe
Cesta
k chybujícímu modulu: unknown ID zprávy: a2cb8e74-b55a-11e2-8d22-001eec4b2bcb
Error - 5.5.2013 4:06:06 | Computer Name = User-laptop | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 0.0.0.0, časové razítko:
0x4e06cfe8 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x00090fdf ID chybujícího procesu: 0x72c Čas spuštění
chybující aplikace: 0x01ce49676387fa45 Cesta k chybující aplikaci: C:\32788R22FWJFW\License\iexplore.exe
Cesta
k chybujícímu modulu: unknown ID zprávy: a2d3cbf2-b55a-11e2-8d22-001eec4b2bcb
Error - 5.5.2013 4:06:06 | Computer Name = User-laptop | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 0.0.0.0, časové razítko:
0x4e06cfe8 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x00100fdf ID chybujícího procesu: 0x10b4 Čas spuštění
chybující aplikace: 0x01ce49676395b618 Cesta k chybující aplikaci: C:\32788R22FWJFW\License\iexplore.exe
Cesta
k chybujícímu modulu: unknown ID zprávy: a2e669d8-b55a-11e2-8d22-001eec4b2bcb
Error - 5.5.2013 6:33:30 | Computer Name = User-laptop | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\HTC Sync Manager\HTC
Sync\FDAgentForOutlook64.exe se nezdařilo. Závislé sestavení Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 5.5.2013 7:19:48 | Computer Name = User-laptop | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\HTC Sync Manager\HTC
Sync\FDAgentForOutlook64.exe se nezdařilo. Závislé sestavení Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 5.5.2013 7:29:46 | Computer Name = User-laptop | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\totalcmd\TCUNIN64.EXE
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
[ OSession Events ]
Error - 2.4.2013 13:25:20 | Computer Name = User-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10401
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 4.5.2013 3:36:02 | Computer Name = User-laptop | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: InCDPass InCDRm
Error - 4.5.2013 10:42:46 | Computer Name = User-laptop | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: InCDPass InCDRm
Error - 5.5.2013 3:16:30 | Computer Name = User-laptop | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: InCDPass InCDRm
Error - 5.5.2013 4:00:53 | Computer Name = User-laptop | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: InCDPass InCDRm
Error - 5.5.2013 4:12:27 | Computer Name = User-laptop | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 5.5.2013 4:18:00 | Computer Name = User-laptop | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 5.5.2013 4:24:44 | Computer Name = User-laptop | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 5.5.2013 4:50:26 | Computer Name = User-laptop | Source = DCOM | ID = 10010
Description =
Error - 6.5.2013 0:03:10 | Computer Name = User-laptop | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: InCDPass InCDRm
Error - 6.5.2013 11:37:04 | Computer Name = User-laptop | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: InCDPass InCDRm
< End of report >
Opět problém s reklamními okny. Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Opět problém s reklamními okny.
Skoro u všech logů Ti chybí hlavička...to je záměr???
Dej OTL znovu , nebo oprav alespoň začátek!
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Dej OTL znovu , nebo oprav alespoň začátek!
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Opět problém s reklamními okny.
OK, omlouvám se za neúplné logy. Napravuji a přikládám vše...
Provedl jsem CCleaner jak soubory tak i registry, dále OTL a následně adwCleaner analýzu a pak čištění. Výstupy jsou níže... Jinak mi reklamy stále vyskakují
OTL
OTL logfile created on: 7.5.2013 22:21:33 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Download
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,35% Memory free
5,98 Gb Paging File | 4,85 Gb Available in Paging File | 81,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,04 Gb Total Space | 14,06 Gb Free Space | 35,12% Space Free | Partition Type: NTFS
Drive D: | 182,03 Gb Total Space | 79,06 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Computer Name: USER-LAPTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\Download\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files\HTC Sync Manager\HTC Sync\adb.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\PANDORA.TV\PanService\PanProcess.exe (PandoraTV)
PRC - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
PRC - C:\Program Files\Rapoo\9200\9200_Mouse.exe ()
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll ()
MOD - C:\Program Files\Samsung\Kies\Common\Kies.UI.dll ()
MOD - C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll ()
MOD - C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll ()
MOD - C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll ()
MOD - C:\Program Files\HTC Sync Manager\HTC Sync\adb.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Rapoo\9200\9200_Mouse.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (HTCMonitorService) -- C:\Program Files\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (PanService) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (InCDRm) -- system32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- system32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- system32\drivers\InCDFs.sys File not found
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (ssudserd) -- C:\Windows\System32\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (rp24msdrv) -- C:\Windows\System32\drivers\rp24msdrv.sys ()
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.greatresults.info/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.greatresults.info/?l=1&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.greatresults.info/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.greatresults.info/?l=1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.greatresults.info/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.greatresults.info/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://websearch.greatresults.info/?l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.01.26 13:51:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.25 08:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.26 13:59:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.01.26 13:51:26 | 000,000,000 | ---D | M]
[2013.02.12 19:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2013.05.03 23:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions
[2013.05.03 23:00:04 | 000,000,000 | ---D | M] (contiiNueettosavee) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\ku5wxux@gsscdjlbyae.edu
[2013.05.03 23:00:03 | 000,000,000 | ---D | M] (contiiNueettosavee) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\oepfxkdj@q-bkb.com
[2013.05.03 23:00:03 | 000,000,000 | ---D | M] (contiiNueettosavee) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\tv.fjr0s@uuayxs-ooa.org
[2013.05.03 23:00:16 | 000,007,766 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\searchplugins\WebSearch.xml
[2013.01.26 13:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.01.26 13:59:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.01.16 22:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.17 04:20:48 | 000,002,669 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2013.01.17 04:20:48 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2013.01.17 04:20:48 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2013.01.17 04:20:48 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2013.01.17 04:20:49 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2013.01.17 04:20:49 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://start.icq.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Dokumenty Google = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: contiiNueettosavee = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohdnfbabgjckdgjjlkfeambdomknndi\1\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Springpad Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng\2.5.1109.21_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: contiiNueettosavee = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohkfjmnafonfemihpphoddhbndifnneh\1\
CHR - Extension: Evernote Web Clipper = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.13_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.05.05 10:24:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Rapoo 9200] C:\Program Files\Rapoo\9200\9200_Mouse.exe ()
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39329FDC-BA2A-4243-8F32-8A41CED431BC}: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E09729EC-095D-4FBF-BB62-4BDF45F8CDA9}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.06 17:36:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.05 10:05:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.03 21:53:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TrueCrypt
[2013.05.03 21:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013.05.03 21:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.05.03 21:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2013.05.03 21:34:09 | 000,231,760 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2013.05.03 21:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2013.05.01 12:19:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LogMeIn Hamachi
[2013.05.01 12:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.01 12:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2013.05.01 12:16:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2013.05.01 12:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2013.05.01 10:44:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.05.01 10:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.01 10:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.01 10:43:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.01 10:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.01 10:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013.04.30 11:47:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.04.24 18:28:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Xenocode
[2013.04.24 18:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2013.04.17 21:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.04.17 21:00:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.17 21:00:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.17 21:00:22 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.15 11:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapoo
[2013.04.15 11:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Rapoo
[2013.04.08 23:16:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\HPAppData
========== Files - Modified Within 30 Days ==========
[2013.05.07 22:10:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.07 22:01:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.07 21:40:20 | 000,079,112 | ---- | M] () -- C:\Users\User\Desktop\Nájemní smlouva - Nikola Valachová.pdf
[2013.05.07 19:26:45 | 000,622,660 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.05.07 19:26:45 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.07 19:26:45 | 000,118,810 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.05.07 19:26:45 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.07 17:20:29 | 000,012,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 17:20:29 | 000,012,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 17:16:14 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.07 17:15:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.07 17:14:57 | 2408,042,496 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.05 10:24:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.03 21:34:09 | 000,231,760 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2013.05.01 11:36:54 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.01 11:36:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.01 09:46:57 | 000,000,132 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
[2013.04.28 19:36:53 | 000,000,056 | ---- | M] () -- C:\Windows\System32\everest_cpl.ini
[2013.04.15 11:24:54 | 000,015,504 | ---- | M] () -- C:\Windows\unins000.dat
[2013.04.15 11:24:21 | 001,478,609 | ---- | M] () -- C:\Windows\unins000.exe
[2013.04.11 17:05:38 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ==========
[2013.05.07 21:40:19 | 000,079,112 | ---- | C] () -- C:\Users\User\Desktop\Nájemní smlouva - Nikola Valachová.pdf
[2013.04.15 11:24:33 | 000,023,296 | ---- | C] () -- C:\Windows\System32\drivers\rp24msdrv.sys
[2013.04.15 11:24:32 | 001,478,609 | ---- | C] () -- C:\Windows\unins000.exe
[2013.04.15 11:24:32 | 000,015,504 | ---- | C] () -- C:\Windows\unins000.dat
[2013.04.14 11:29:13 | 000,169,064 | ---- | C] () -- C:\Windows\System32\everest_cpl.cpl
[2013.04.14 11:29:13 | 000,000,056 | ---- | C] () -- C:\Windows\System32\everest_cpl.ini
[2013.04.04 21:36:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2013.04.03 10:00:53 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.25 08:59:50 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.03.25 08:59:49 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.02.15 18:07:06 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.01.26 13:47:11 | 000,180,859 | ---- | C] () -- C:\Windows\hpoins38.dat
[2013.01.26 13:47:11 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat
[2013.01.26 10:04:37 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2013.01.26 09:52:36 | 000,396,597 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.05.01 11:41:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AIMP3
[2013.02.28 13:35:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2013.05.01 11:41:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2013.02.21 11:40:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2013.01.26 09:55:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2013.02.25 15:45:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice
[2013.05.04 09:00:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mp3tag
[2013.01.26 10:11:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\pdfforge
[2013.01.26 14:04:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QIP
[2013.02.28 13:49:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2013.04.04 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2013.05.03 21:56:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TrueCrypt
[2013.05.07 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
========== Purity Check ==========
< End of report >
Provedl jsem CCleaner jak soubory tak i registry, dále OTL a následně adwCleaner analýzu a pak čištění. Výstupy jsou níže... Jinak mi reklamy stále vyskakují
OTL
OTL logfile created on: 7.5.2013 22:21:33 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Download
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,35% Memory free
5,98 Gb Paging File | 4,85 Gb Available in Paging File | 81,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,04 Gb Total Space | 14,06 Gb Free Space | 35,12% Space Free | Partition Type: NTFS
Drive D: | 182,03 Gb Total Space | 79,06 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Computer Name: USER-LAPTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\Download\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files\HTC Sync Manager\HTC Sync\adb.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\PANDORA.TV\PanService\PanProcess.exe (PandoraTV)
PRC - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
PRC - C:\Program Files\Rapoo\9200\9200_Mouse.exe ()
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll ()
MOD - C:\Program Files\Samsung\Kies\Common\Kies.UI.dll ()
MOD - C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll ()
MOD - C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll ()
MOD - C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll ()
MOD - C:\Program Files\HTC Sync Manager\HTC Sync\adb.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Rapoo\9200\9200_Mouse.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (HTCMonitorService) -- C:\Program Files\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (PanService) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (InCDRm) -- system32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- system32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- system32\drivers\InCDFs.sys File not found
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (ssudserd) -- C:\Windows\System32\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (rp24msdrv) -- C:\Windows\System32\drivers\rp24msdrv.sys ()
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.greatresults.info/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.greatresults.info/?l=1&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.greatresults.info/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.greatresults.info/?l=1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.greatresults.info/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.greatresults.info/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://websearch.greatresults.info/?l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.01.26 13:51:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.25 08:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.26 13:59:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.01.26 13:51:26 | 000,000,000 | ---D | M]
[2013.02.12 19:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2013.05.03 23:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions
[2013.05.03 23:00:04 | 000,000,000 | ---D | M] (contiiNueettosavee) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\ku5wxux@gsscdjlbyae.edu
[2013.05.03 23:00:03 | 000,000,000 | ---D | M] (contiiNueettosavee) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\oepfxkdj@q-bkb.com
[2013.05.03 23:00:03 | 000,000,000 | ---D | M] (contiiNueettosavee) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\tv.fjr0s@uuayxs-ooa.org
[2013.05.03 23:00:16 | 000,007,766 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\searchplugins\WebSearch.xml
[2013.01.26 13:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.01.26 13:59:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.01.16 22:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.17 04:20:48 | 000,002,669 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2013.01.17 04:20:48 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2013.01.17 04:20:48 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2013.01.17 04:20:48 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2013.01.17 04:20:49 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2013.01.17 04:20:49 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://start.icq.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Dokumenty Google = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: contiiNueettosavee = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohdnfbabgjckdgjjlkfeambdomknndi\1\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Springpad Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng\2.5.1109.21_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: contiiNueettosavee = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohkfjmnafonfemihpphoddhbndifnneh\1\
CHR - Extension: Evernote Web Clipper = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.13_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.05.05 10:24:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Rapoo 9200] C:\Program Files\Rapoo\9200\9200_Mouse.exe ()
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39329FDC-BA2A-4243-8F32-8A41CED431BC}: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E09729EC-095D-4FBF-BB62-4BDF45F8CDA9}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.06 17:36:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.05 10:05:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.03 21:53:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TrueCrypt
[2013.05.03 21:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013.05.03 21:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.05.03 21:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2013.05.03 21:34:09 | 000,231,760 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2013.05.03 21:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2013.05.01 12:19:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LogMeIn Hamachi
[2013.05.01 12:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.01 12:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2013.05.01 12:16:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2013.05.01 12:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2013.05.01 10:44:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.05.01 10:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.01 10:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.01 10:43:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.01 10:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.01 10:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013.04.30 11:47:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.04.24 18:28:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Xenocode
[2013.04.24 18:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2013.04.17 21:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.04.17 21:00:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.17 21:00:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.17 21:00:22 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.15 11:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapoo
[2013.04.15 11:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Rapoo
[2013.04.08 23:16:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\HPAppData
========== Files - Modified Within 30 Days ==========
[2013.05.07 22:10:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.07 22:01:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.07 21:40:20 | 000,079,112 | ---- | M] () -- C:\Users\User\Desktop\Nájemní smlouva - Nikola Valachová.pdf
[2013.05.07 19:26:45 | 000,622,660 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.05.07 19:26:45 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.07 19:26:45 | 000,118,810 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.05.07 19:26:45 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.07 17:20:29 | 000,012,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 17:20:29 | 000,012,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 17:16:14 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.07 17:15:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.07 17:14:57 | 2408,042,496 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.05 10:24:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.03 21:34:09 | 000,231,760 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2013.05.01 11:36:54 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.01 11:36:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.01 09:46:57 | 000,000,132 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
[2013.04.28 19:36:53 | 000,000,056 | ---- | M] () -- C:\Windows\System32\everest_cpl.ini
[2013.04.15 11:24:54 | 000,015,504 | ---- | M] () -- C:\Windows\unins000.dat
[2013.04.15 11:24:21 | 001,478,609 | ---- | M] () -- C:\Windows\unins000.exe
[2013.04.11 17:05:38 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ==========
[2013.05.07 21:40:19 | 000,079,112 | ---- | C] () -- C:\Users\User\Desktop\Nájemní smlouva - Nikola Valachová.pdf
[2013.04.15 11:24:33 | 000,023,296 | ---- | C] () -- C:\Windows\System32\drivers\rp24msdrv.sys
[2013.04.15 11:24:32 | 001,478,609 | ---- | C] () -- C:\Windows\unins000.exe
[2013.04.15 11:24:32 | 000,015,504 | ---- | C] () -- C:\Windows\unins000.dat
[2013.04.14 11:29:13 | 000,169,064 | ---- | C] () -- C:\Windows\System32\everest_cpl.cpl
[2013.04.14 11:29:13 | 000,000,056 | ---- | C] () -- C:\Windows\System32\everest_cpl.ini
[2013.04.04 21:36:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2013.04.03 10:00:53 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.25 08:59:50 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.03.25 08:59:49 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.02.15 18:07:06 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.01.26 13:47:11 | 000,180,859 | ---- | C] () -- C:\Windows\hpoins38.dat
[2013.01.26 13:47:11 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat
[2013.01.26 10:04:37 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2013.01.26 09:52:36 | 000,396,597 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.05.01 11:41:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AIMP3
[2013.02.28 13:35:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2013.05.01 11:41:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2013.02.21 11:40:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2013.01.26 09:55:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2013.02.25 15:45:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice
[2013.05.04 09:00:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mp3tag
[2013.01.26 10:11:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\pdfforge
[2013.01.26 14:04:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QIP
[2013.02.28 13:49:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2013.04.04 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2013.05.03 21:56:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TrueCrypt
[2013.05.07 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
========== Purity Check ==========
< End of report >
Re: Opět problém s reklamními okny.
AdwCleaner
# AdwCleaner v2.300 - Log vytvooen 07/05/2013 v 22:30:38
# Aktualizováno 28/04/2013 Xplode
# Operaení systém : Windows 7 Ultimate (32 bits)
# Uživatel : User - USER-LAPTOP
# Spuštin systém : Normální
# Spuštino z : C:\SW\Čištění a údržba\AdwCleaner.exe
# Volba [Prohledat]
***** [Služby] *****
***** [Soubory / Složky] *****
Složka Nalezeno : C:\ProgramData\InstallMate
***** [Registry] *****
Klíe Nalezeno : HKCU\Software\AppDataLow\SProtector
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Klíe Nalezeno : HKLM\Software\SP Global
Klíe Nalezeno : HKLM\Software\SProtector
Klíe Nalezeno : HKU\S-1-5-21-1953742184-1516445141-3388255-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
***** [Internetové prohlížeee] *****
-\\ Internet Explorer v8.0.7600.16385
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.greatresults.info/
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.greatresults.info/
-\\ Mozilla Firefox v18.0.1 (cs)
-\\ Google Chrome v26.0.1410.64
*************************
AdwCleaner[R1].txt - [4280 octets] - [01/05/2013 11:02:58]
AdwCleaner[R2].txt - [4340 octets] - [01/05/2013 11:22:38]
AdwCleaner[R3].txt - [1028 octets] - [01/05/2013 11:28:16]
AdwCleaner[R4].txt - [1089 octets] - [03/05/2013 20:33:35]
AdwCleaner[R5].txt - [1778 octets] - [07/05/2013 22:30:38]
AdwCleaner[S1].txt - [4155 octets] - [01/05/2013 11:22:58]
########## EOF - C:\AdwCleaner[R5].txt - [1898 octets] ##########
# AdwCleaner v2.300 - Log vytvooen 07/05/2013 v 22:30:38
# Aktualizováno 28/04/2013 Xplode
# Operaení systém : Windows 7 Ultimate (32 bits)
# Uživatel : User - USER-LAPTOP
# Spuštin systém : Normální
# Spuštino z : C:\SW\Čištění a údržba\AdwCleaner.exe
# Volba [Prohledat]
***** [Služby] *****
***** [Soubory / Složky] *****
Složka Nalezeno : C:\ProgramData\InstallMate
***** [Registry] *****
Klíe Nalezeno : HKCU\Software\AppDataLow\SProtector
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Klíe Nalezeno : HKLM\Software\SP Global
Klíe Nalezeno : HKLM\Software\SProtector
Klíe Nalezeno : HKU\S-1-5-21-1953742184-1516445141-3388255-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
***** [Internetové prohlížeee] *****
-\\ Internet Explorer v8.0.7600.16385
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.greatresults.info/
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.greatresults.info/
-\\ Mozilla Firefox v18.0.1 (cs)
-\\ Google Chrome v26.0.1410.64
*************************
AdwCleaner[R1].txt - [4280 octets] - [01/05/2013 11:02:58]
AdwCleaner[R2].txt - [4340 octets] - [01/05/2013 11:22:38]
AdwCleaner[R3].txt - [1028 octets] - [01/05/2013 11:28:16]
AdwCleaner[R4].txt - [1089 octets] - [03/05/2013 20:33:35]
AdwCleaner[R5].txt - [1778 octets] - [07/05/2013 22:30:38]
AdwCleaner[S1].txt - [4155 octets] - [01/05/2013 11:22:58]
########## EOF - C:\AdwCleaner[R5].txt - [1898 octets] ##########
Re: Opět problém s reklamními okny.
# AdwCleaner v2.300 - Log vytvooen 07/05/2013 v 22:31:00
# Aktualizováno 28/04/2013 Xplode
# Operaení systém : Windows 7 Ultimate (32 bits)
# Uživatel : User - USER-LAPTOP
# Spuštin systém : Normální
# Spuštino z : C:\SW\Čištění a údržba\AdwCleaner.exe
# Volba [Vymazat]
***** [Služby] *****
***** [Soubory / Složky] *****
Složka Vymazáno : C:\ProgramData\InstallMate
***** [Registry] *****
Klíe Vymazáno : HKCU\Software\AppDataLow\SProtector
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Klíe Vymazáno : HKLM\Software\SP Global
Klíe Vymazáno : HKLM\Software\SProtector
***** [Internetové prohlížeee] *****
-\\ Internet Explorer v8.0.7600.16385
Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.greatresults.info/ --> hxxp://www.google.com
Zaminino : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.greatresults.info/ --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.1 (cs)
-\\ Google Chrome v26.0.1410.64
*************************
AdwCleaner[R1].txt - [4280 octets] - [01/05/2013 11:02:58]
AdwCleaner[R2].txt - [4340 octets] - [01/05/2013 11:22:38]
AdwCleaner[R3].txt - [1028 octets] - [01/05/2013 11:28:16]
AdwCleaner[R4].txt - [1089 octets] - [03/05/2013 20:33:35]
AdwCleaner[R5].txt - [1967 octets] - [07/05/2013 22:30:38]
AdwCleaner[S1].txt - [4155 octets] - [01/05/2013 11:22:58]
AdwCleaner[S2].txt - [1816 octets] - [07/05/2013 22:31:00]
########## EOF - C:\AdwCleaner[S2].txt - [1876 octets] ##########
# Aktualizováno 28/04/2013 Xplode
# Operaení systém : Windows 7 Ultimate (32 bits)
# Uživatel : User - USER-LAPTOP
# Spuštin systém : Normální
# Spuštino z : C:\SW\Čištění a údržba\AdwCleaner.exe
# Volba [Vymazat]
***** [Služby] *****
***** [Soubory / Složky] *****
Složka Vymazáno : C:\ProgramData\InstallMate
***** [Registry] *****
Klíe Vymazáno : HKCU\Software\AppDataLow\SProtector
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Klíe Vymazáno : HKLM\Software\SP Global
Klíe Vymazáno : HKLM\Software\SProtector
***** [Internetové prohlížeee] *****
-\\ Internet Explorer v8.0.7600.16385
Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.greatresults.info/ --> hxxp://www.google.com
Zaminino : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.greatresults.info/ --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.1 (cs)
-\\ Google Chrome v26.0.1410.64
*************************
AdwCleaner[R1].txt - [4280 octets] - [01/05/2013 11:02:58]
AdwCleaner[R2].txt - [4340 octets] - [01/05/2013 11:22:38]
AdwCleaner[R3].txt - [1028 octets] - [01/05/2013 11:28:16]
AdwCleaner[R4].txt - [1089 octets] - [03/05/2013 20:33:35]
AdwCleaner[R5].txt - [1967 octets] - [07/05/2013 22:30:38]
AdwCleaner[S1].txt - [4155 octets] - [01/05/2013 11:22:58]
AdwCleaner[S2].txt - [1816 octets] - [07/05/2013 22:31:00]
########## EOF - C:\AdwCleaner[S2].txt - [1876 octets] ##########
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Opět problém s reklamními okny.
Odinstaluj:
contiiNueettosavee
MyFreeCodec
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
contiiNueettosavee
MyFreeCodec
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV - (InCDRm) -- system32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- system32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- system32\drivers\InCDFs.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.greatresults.info/?l=1&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.greatresults.info/?l=1&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.greatresults.info/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.greatresults.info/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://websearch.greatresults.info/?l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
[2013.02.12 19:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2013.05.03 23:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions
[2013.05.03 23:00:04 | 000,000,000 | ---D | M] (contiiNueettosavee) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\ku5wxux@gsscdjlbyae.edu
[2013.05.03 23:00:03 | 000,000,000 | ---D | M] (contiiNueettosavee) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\oepfxkdj@q-bkb.com
[2013.05.03 23:00:03 | 000,000,000 | ---D | M] (contiiNueettosavee) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\tv.fjr0s@uuayxs-ooa.org
[2013.05.03 23:00:16 | 000,007,766 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\searchplugins\WebSearch.xml
[2013.01.26 13:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
CHR - Extension: contiiNueettosavee = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohdnfbabgjckdgjjlkfeambdomknndi\1\
CHR - Extension: contiiNueettosavee = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohkfjmnafonfemihpphoddhbndifnneh\1\
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013.05.07 19:26:45 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.07 19:26:45 | 000,118,810 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.05.07 19:26:45 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\MusiccityDownload.exe
C:\Windows\System32\cis-2.4.dll
C:\Windows\System32\issacapi_bs-2.3.dll
C:\Windows\System32\issacapi_pe-2.3.dll
C:\Windows\System32\issacapi_se-2.3.dll
C:\Users\User\AppData\Roaming\Babylon
:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" =-
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]
[start explorer]
[Reboot]Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Opět problém s reklamními okny.
Zdarec, MyFreeCodec jsem našel ve správci a odinstaloval, ale nemůžu najít nikde contiiNueettosavee. Zkusím ten OTL a uvidíme...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Opět problém s reklamními okny.
Nevadí , ve scriptu je odmazání z prohlížečů.
Pokračuj.
Pokračuj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Opět problém s reklamními okny.
Tak jsem provedl OTL a na závěr jsem to dočistil skrze CCleaner. Ten jem udělal před OTL, kde jsem komplet pročistil registry a po OTL jsem ho udělal znovu a v registrech mi našel pár chyb. Přikládám screen výpisu pod LOGem. Výpis logu níže :-)
OTL vlastní čištění
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service InCDRm stopped successfully!
Service InCDRm deleted successfully!
File system32\drivers\InCDRm.sys File not found not found.
Service InCDPass stopped successfully!
Service InCDPass deleted successfully!
File system32\drivers\InCDPass.sys File not found not found.
Service InCDFs stopped successfully!
Service InCDFs deleted successfully!
File system32\drivers\InCDFs.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Prefs.js: "WebSearch" removed from browser.search.defaultenginename
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: "http://websearch.greatresults.info/?l=1&q=" removed from browser.search.defaulturl
Prefs.js: "WebSearch" removed from browser.search.order.1
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: "WebSearch" removed from browser.search.selectedEngine
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
Prefs.js: "http://websearch.greatresults.info/" removed from browser.startup.homepage
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 removed from extensions.enabledAddons
Prefs.js: "http://websearch.greatresults.info/?l=1&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Users\User\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\tv.fjr0s@uuayxs-ooa.org\content folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\tv.fjr0s@uuayxs-ooa.org folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\oepfxkdj@q-bkb.com\content folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\oepfxkdj@q-bkb.com folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\ku5wxux@gsscdjlbyae.edu\content folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\ku5wxux@gsscdjlbyae.edu folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions folder moved successfully.
Folder C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\ku5wxux@gsscdjlbyae.edu\ not found.
Folder C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\oepfxkdj@q-bkb.com\ not found.
Folder C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\tv.fjr0s@uuayxs-ooa.org\ not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\searchplugins\WebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohdnfbabgjckdgjjlkfeambdomknndi\1 folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohkfjmnafonfemihpphoddhbndifnneh\1 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\System32\perfh009.dat moved successfully.
C:\Windows\System32\perfc005.dat moved successfully.
C:\Windows\System32\perfc009.dat moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
C:\Windows\MusiccityDownload.exe moved successfully.
C:\Windows\System32\cis-2.4.dll moved successfully.
C:\Windows\System32\issacapi_bs-2.3.dll moved successfully.
C:\Windows\System32\issacapi_pe-2.3.dll moved successfully.
C:\Windows\System32\issacapi_se-2.3.dll moved successfully.
C:\Users\User\AppData\Roaming\Babylon folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MyFreeCodec not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Free
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 51504 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 289291618 bytes
->Flash cache emptied: 1116 bytes
User: Public
->Temp folder emptied: 0 bytes
User: User
->Temp folder emptied: 425588 bytes
->Temporary Internet Files folder emptied: 245760 bytes
->Java cache emptied: 1528081 bytes
->FireFox cache emptied: 2694980 bytes
->Google Chrome cache emptied: 6646921 bytes
->Flash cache emptied: 1303 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15148 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 287,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Free
->Flash cache emptied: 0 bytes
User: Public
User: User
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Free
->Java cache emptied: 0 bytes
User: Public
User: User
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05082013_103338
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL vlastní čištění
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service InCDRm stopped successfully!
Service InCDRm deleted successfully!
File system32\drivers\InCDRm.sys File not found not found.
Service InCDPass stopped successfully!
Service InCDPass deleted successfully!
File system32\drivers\InCDPass.sys File not found not found.
Service InCDFs stopped successfully!
Service InCDFs deleted successfully!
File system32\drivers\InCDFs.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Prefs.js: "WebSearch" removed from browser.search.defaultenginename
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: "http://websearch.greatresults.info/?l=1&q=" removed from browser.search.defaulturl
Prefs.js: "WebSearch" removed from browser.search.order.1
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: "WebSearch" removed from browser.search.selectedEngine
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
Prefs.js: "http://websearch.greatresults.info/" removed from browser.startup.homepage
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 removed from extensions.enabledAddons
Prefs.js: "http://websearch.greatresults.info/?l=1&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Users\User\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\tv.fjr0s@uuayxs-ooa.org\content folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\tv.fjr0s@uuayxs-ooa.org folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\oepfxkdj@q-bkb.com\content folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\oepfxkdj@q-bkb.com folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\ku5wxux@gsscdjlbyae.edu\content folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\ku5wxux@gsscdjlbyae.edu folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions folder moved successfully.
Folder C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\ku5wxux@gsscdjlbyae.edu\ not found.
Folder C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\oepfxkdj@q-bkb.com\ not found.
Folder C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\extensions\tv.fjr0s@uuayxs-ooa.org\ not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tb8hazwi.default\searchplugins\WebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohdnfbabgjckdgjjlkfeambdomknndi\1 folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohkfjmnafonfemihpphoddhbndifnneh\1 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\System32\perfh009.dat moved successfully.
C:\Windows\System32\perfc005.dat moved successfully.
C:\Windows\System32\perfc009.dat moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
C:\Windows\MusiccityDownload.exe moved successfully.
C:\Windows\System32\cis-2.4.dll moved successfully.
C:\Windows\System32\issacapi_bs-2.3.dll moved successfully.
C:\Windows\System32\issacapi_pe-2.3.dll moved successfully.
C:\Windows\System32\issacapi_se-2.3.dll moved successfully.
C:\Users\User\AppData\Roaming\Babylon folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MyFreeCodec not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Free
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 51504 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 289291618 bytes
->Flash cache emptied: 1116 bytes
User: Public
->Temp folder emptied: 0 bytes
User: User
->Temp folder emptied: 425588 bytes
->Temporary Internet Files folder emptied: 245760 bytes
->Java cache emptied: 1528081 bytes
->FireFox cache emptied: 2694980 bytes
->Google Chrome cache emptied: 6646921 bytes
->Flash cache emptied: 1303 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15148 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 287,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Free
->Flash cache emptied: 0 bytes
User: Public
User: User
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Free
->Java cache emptied: 0 bytes
User: Public
User: User
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05082013_103338
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
- Přílohy
-
Re: Opět problém s reklamními okny.
Zatím se mi reklamy nezobrazují, tak uvidíme, jestli to konečně havěť zahubilo :-) jinak mi stále hlásí MbAM blokované výchozí přístupy pro SKYPE a UTORRENT. Snad je to OK... V případě, že je můj problém vyřešen, tak opravdu velmi děkuji za váš věnovaný čas a úsilí k pomoci. Velmi si toho vážím.
Počkám pár dní pro kontrolu a pak téma uzavřu :-) Ještě jednou děkuji...
Počkám pár dní pro kontrolu a pak téma uzavřu :-) Ještě jednou děkuji...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Opět problém s reklamními okny.
obrázek--v Ccleaneru jsi dal :
Registry---vyhledat---poté opravit problémy? Pak je to OK.
Nemáš vůbec zač! Od toho jsme tady.
Spusť OTL a klikni na Vyčisti.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Registry---vyhledat---poté opravit problémy? Pak je to OK.
Nemáš vůbec zač! Od toho jsme tady.
Spusť OTL a klikni na Vyčisti.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Opět problém s reklamními okny. Vyřešeno
Presne tak. Vycistil jsem je jak jsi poradil a zatim mam klid. Myslim, ze dneska potvrdim (vyreseno) jak budu na PC. Fakt diky 
Odesláno z mého Desire HD pomocí Tapatalk 2
Odesláno z mého Desire HD pomocí Tapatalk 2
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 97 hostů