Odinstalace Qvo6 Vyřešeno

[memphisto]

A když ho smažeš, stáhneš znovu a spustíš jako správce?

[Reklama]

[romankovarik31]

Tak bohužel nic, smazal jsem to, opět stáhl a opět spustil jako správce, jen krátce naběhlo to Prohledávání a pak opět ta hláška, nevím proč to u mě nefunguje.

[memphisto]

To se holt občas stane...

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

[romankovarik31]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.7 (07.08.2013:2)
OS: Windows 7 Home Premium x64
Ran by z on po 08.07.2013 at 13:11:49,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1ClickDownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035382.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035382.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035382.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035382.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0035382.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0035382.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0035382.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0035382.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{11111111-1111-1111-1111-110311531182}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220322532282}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{11111111-1111-1111-1111-110311531182}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{22222222-2222-2222-2222-220322532282}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4925620A-AE8C-4DC7-B2F6-45F57CF84D01}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7C370897-9573-4C2C-A2A1-A46EDE52D358}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B16C0194-1C0E-4BD9-8693-C4C74EDFEFD9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C98A9C21-8B2D-4DC3-ABBE-9345ACED4FA5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\eSafe"
Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\goforfiles"



~~~ FireFox

Successfully deleted: [File] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\bocdlzxg.default\user.js
Successfully deleted: [File] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\bocdlzxg.default\searchplugins\privitize.xml
Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\bocdlzxg.default\jetpack
Successfully deleted the following from C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\bocdlzxg.default\prefs.js

user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119294&babsrc=HP_ss&mntrId=d2fdd44e0000000000004487fc4a116c");
user_pref("avg.install.userSPSettings", "Delta Search");
user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119294&babsrc=NT_ss&mntrId=D2FD4487FC4A116C");
user_pref("browser.search.defaultenginename", "qvo6");
user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=726&r=2013/04/08&hid=3391678578&lg=EN&cc=CZ&l=1&q=");
user_pref("browser.search.order.1", "qvo6");
user_pref("extensions.5162edfd3df6c.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.5162fc23c0ee5.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.APN_TB.first-previous-keyword-url", "hxxp://websearch.pu-results.info/?pid=726&r=2013/04/08&hid=3391678578&lg=EN&cc=CZ&l=1&q=");
user_pref("extensions.ATU4.hpr", "\"hxxp://www.search.ask.com/?l=dis&o=APN10462&gct=hp&apn_ptnrs=^AKM&apn_dtid=^zzz000^YY^CZ&p2=^AKM^zzz000^YY^CZ&tpid=ATU4&apn_dbr=cr_27.0.145
user_pref("extensions.ATU4.pref_tab_close", "[{\"title\":\"Nejchyt%C5%99ej%C5%A1%C3%AD%20hypot%C3%A9ka%20na%20trhu%20%7C%20honzovahypoteka.cz\",\"url\":\"hxxp://www.honzovahyp
user_pref("extensions.ATU4.previous-keyword-url", "\"hxxp://websearch.pu-results.info/?pid=726&r=2013/04/08&hid=3391678578&lg=EN&cc=CZ&l=1&q=\"");
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119294&babsrc=NT_ss&mntrId=d2fdd44e0000000000004487fc4a116c");
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.cookie.rules.value", "%22%23%20CZ%5Cn%5E%28www.%29%3F%28otto.de%29%24%20h
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.js", "\n\n /************************************************************
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBack
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQu
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.cbid", "^U3");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.crumb", "2013.05.28+22.42.13-toolbar010iad-CZ-WmFtYmVyayxDemVjaCBSZXB1YmxpYw%3D%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l}&q={query}&dm=all&gct=bar");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "^YYYYYY^YY^CZ");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
user_pref("extensions.asktb.ff19-config-first-run", "true");
user_pref("extensions.asktb.first-restart-after-config-update", true);
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1373028295193");
user_pref("extensions.asktb.locale", "en_EU");
user_pref("extensions.asktb.location", "Zamberk,Czech Republic");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "100000027");
user_pref("extensions.asktb.oldVersion", "5.15.23.36191");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "20");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.slwo", "1");
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "10000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.23.100013");
user_pref("extensions.asktb.volume", "");
user_pref("extensions.crossrider.bic", "13fafd144ada80db879aa8d55fffa668");
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=d2fdd44e0000000000004487fc4a116c");
user_pref("extensions.privitize.hpOld0", "www.seznam.cz");
user_pref("extensions.privitize.id", "d2fdd44e0000000000004487fc4a116c");
user_pref("extensions.privitize.instlDay", "15802");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=d2fdd44e0000000000004487fc4a116c");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=d2fdd44e0000000000004487fc4a116c");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=d2fdd44e0000000000004487fc4a116c&q=");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.2211:03:37");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
user_pref("extentions.y2layers.installId", "a08ad483-4cae-49e6-8bfe-1272141ba556");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\bocdlzxg.default\minidumps [31 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 08.07.2013 at 13:15:52,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[memphisto]

Jak je na tom PC teď?

[romankovarik31]

PC je rychlejší, ale to prokleté Qvo6 tam stále je. Funguje to tak, že když chci otevřít Chrome, nebo Mozillu a nebo IE 10, tak se mi to otevře v qvo6.com, pak musím kliknout na domovskou stránku, aby se mi otevřel nastavený prohližeč (např. na Chrome mám Google a na Mozille Seznam).

[jaro3]

Stáhni si OTH
na svojí plochu( pokud používáš Firefox , pravým klikni na OTH link a vyber uložit jako (Save as..).

Stáhni si OTL
na svojí plochu (pokud používáš Firefox , pravým klikni na OTL link a vyber uložit jako (Save as..).

Stáhni si soubor Scan.txt
na svojí plochu (pokud používáš Firefox , pravým klikni na OTL link a vyber uložit jako (Save as..).

Poklepej na soubor OTH na ploše , po spuštění programu klikni na Kill All Processes.Poté klikni na Start OTL .Poklepej Do prázdného okna pod Vlastní skenování /opravy ( Custom Scans box). Objeví se zpráva: Kliknutím na OK vyberete cestu k souboru, kliknutím na Zrušit zrušíte výběr.
Klikni na OK. Objeví se okno průzkumníku , zde klikneš na plochu a najdeš na ní soubor Scan.txt .Klikni na Otevřít.
Poté klikni na Rychle prohledat (Quick Scan). Neměň žádná jiná nastavení . Sken může trvat dlouho.
Kdy sken skončí , objeví se na ploše dva logy:
OTL.Txt a Extras.Txt , jsou uloženy ve stejném místě jako OTL.
Zkopíruj sem prosím celý obsah obou logů.

[romankovarik31]

OTL logfile created on: 10.7.2013 18:45:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\z\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,36% Memory free
6,00 Gb Paging File | 4,70 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,53 Gb Total Space | 523,35 Gb Free Space | 76,45% Space Free | Partition Type: NTFS

Computer Name: Z-PC | User Name: z | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.09 12:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\z\Desktop\otl.exe
PRC - [2013.07.09 12:20:45 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\z\Desktop\OTH.scr
PRC - [2013.06.27 13:54:34 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013.03.01 17:26:20 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013.02.12 11:43:56 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.09.28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
PRC - [2012.09.28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.04.30 17:01:12 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2006.11.10 08:12:28 | 000,099,936 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009.04.30 17:01:00 | 000,190,488 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2013.06.27 13:54:34 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013.05.18 11:22:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013.03.01 17:26:20 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013.02.26 01:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.12 11:43:56 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.13 15:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [On_Demand | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012.06.11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.24 22:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2013\DfSdkS64.exe -- (DfSdkS)
SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.11.10 08:12:28 | 000,099,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.07.06 15:50:12 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.06.27 13:54:34 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.05.23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.05.21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013.05.16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.04.25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.04.16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013.03.05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013.03.05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.02.18 10:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.10.11 15:06:34 | 000,241,800 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scrcamhrdrv_x64.sys -- (PCWinSoft)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.11 11:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.12 12:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.05.01 01:03:08 | 006,377,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009.05.01 01:01:36 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.05.01 00:59:24 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009.04.30 16:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.04.30 16:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2013.07.06 13:52:37 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130709.022\ex64.sys -- (NAVEX15)
DRV - [2013.07.06 13:52:36 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130709.022\eng64.sys -- (NAVENG)
DRV - [2013.07.05 15:14:20 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130709.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.07.02 03:01:42 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.08.18 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.18 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[romankovarik31]

color=#E56717]========== Standard Registry (SafeList) ==========[/color]


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source= ... 1373010220
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source= ... ts=3604546
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {70df8d13-bdd3-448e-944c-efde21b77161} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=1192 ... 87FC4A116C
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{4A723FA9-C490-4703-8740-4CC7D0E88B74}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_13415
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_cs
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6B786243-6612-40AB-84EC-1E295BAB6ED7}: "URL" = http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415
IE - HKCU\..\SearchScopes\{887B1577-E9C3-445D-BDF0-7184CCA5A6E6}: "URL" = http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415
IE - HKCU\..\SearchScopes\{A741E3BF-44A6-45EA-875F-2E16234A2DA2}: "URL" = http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_13415
IE - HKCU\..\SearchScopes\{B4A96E76-5F1B-4543-A9A4-4557A84AAEBD}: "URL" = http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415
IE - HKCU\..\SearchScopes\{F26F0CEA-670E-4D08-BB03-12415EBE81D4}: "URL" = http://www.firmy.cz/phr/{searchTerms}?sourceid=QuickSearch_13415
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7B003D3EDC-99B9-4a34-9C20-60CB94F7E829%7D:2010.03
FF - prefs.js..extensions.enabledAddons: toolbar_ATU4%40apn.ask.com:15.40906
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: 05dd836e-2cbd-4204-9ff3-2f8a8665967d%40a8876730-fb0c-4057-a2fc-f9c09d438e81.com:0.91.3
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\z\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013.07.10 10:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013.07.06 13:38:45 | 000,000,000 | ---D | M]

[2013.03.09 19:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Extensions
[2013.03.09 19:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013.07.08 19:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions
[2013.03.30 18:16:08 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2013.07.08 19:13:22 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2013.07.05 18:40:34 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
[2013.07.03 21:01:24 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\ascsurfingprotection@iobit.com
[2013.05.08 14:49:23 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\support@lastpass.com
[2013.07.05 18:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\extensionCode
[2013.06.09 10:10:30 | 000,446,987 | ---- | M] () (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\toolbar_ATU4@apn.ask.com.xpi
[2013.04.06 22:28:47 | 000,213,470 | ---- | M] () (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\torntv2@torntv.com.xpi
[2013.03.18 12:33:19 | 000,163,121 | ---- | M] () (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}.xpi
[2013.05.27 19:23:51 | 000,002,512 | ---- | M] () -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\searchplugins\ask-search.xml
[2013.07.08 19:13:17 | 000,003,915 | ---- | M] () -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\searchplugins\sweetim.xml
[2013.05.18 11:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.07.02 18:37:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.07.02 18:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.07.02 18:37:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.18 11:22:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.06 13:38:45 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPLGN

========== Chrome ==========

CHR - default_search_provider: Funmoods (Enabled)
CHR - default_search_provider: search_url = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&cd=2XzuyEtN2Y1L1QzuyEyEzzyB0F0CyE0AtCtCyC0C0DyEyE0EtN0D0Tzu0CyDyDyBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=418333858&ir=
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.cz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\z\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Funmoods = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.3.1_0\
CHR - Extension: Newtab = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.0.10_0\
CHR - Extension: LastPass = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0\
CHR - Extension: Skype Click to Call = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Norton Identity Protection = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: hosts = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.4_0\crossrider
CHR - Extension: hosts = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.4_0\

O1 HOSTS File: ([2013.07.06 09:35:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {70DF8D13-BDD3-448E-944C-EFDE21B77161} - No CLSID value found.
O4 - HKCU..\Run: [cfweatherStation] C:\Weather\weather.exe (weather-life.com)
O4 - HKLM..\RunOnce: [Del28079275] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Del28079072] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk = C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\z\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass vyplňování formulářů - file://C:\Users\z\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: LastPass - file://C:\Users\z\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass vyplňování formulářů - file://C:\Users\z\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{755CAEEB-C9B4-460B-8B89-51DF3F48839E}: DhcpNameServer = 192.168.100.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.04 12:43:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.07.10 18:18:51 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Local\Adobe
[2013.07.10 18:18:48 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Roaming\1O1L1I1PtF1F1C1N
[2013.07.10 18:18:44 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Roaming\Funmoods
[2013.07.10 18:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
[2013.07.09 12:20:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\z\Desktop\OTL.exe
[2013.07.09 12:20:44 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\z\Desktop\OTH.scr
[2013.07.08 19:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2013.07.08 19:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2013.07.08 13:11:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.08 13:10:50 | 000,000,000 | ---D | C] -- C:\JRT
[2013.07.07 11:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.07.06 15:50:06 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys
[2013.07.06 15:50:06 | 000,796,760 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys
[2013.07.06 15:50:06 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys
[2013.07.06 15:50:06 | 000,433,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys
[2013.07.06 15:50:06 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys
[2013.07.06 15:50:06 | 000,169,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys
[2013.07.06 15:50:06 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys
[2013.07.06 15:50:06 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symelam.sys
[2013.07.06 15:49:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1404000.028
[2013.07.06 13:38:41 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.07.06 13:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.07.06 13:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.07.06 13:37:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2013.07.06 13:37:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013.07.06 13:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013.07.06 13:36:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.06 09:22:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.06 09:22:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.06 09:22:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.06 09:18:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.07.06 09:18:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.05 18:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2013.07.05 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hosts
[2013.07.05 11:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013.07.05 11:52:34 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013.07.05 11:36:55 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Local\Apps
[2013.07.05 10:12:53 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Local\CrashDumps
[2013.07.05 09:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.05 09:55:34 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.04 17:52:32 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Roaming\Malwarebytes
[2013.07.04 17:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.04 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.04 13:07:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.07.04 12:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.04 11:25:14 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Roaming\Omiga Plus
[2013.07.04 11:25:11 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Roaming\WinZipper
[2013.07.04 11:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZipper
[2013.07.04 11:21:18 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.07.02 12:25:19 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2013.07.02 12:25:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQM
[2013.07.02 12:24:54 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Roaming\ICQ-Profile
[2013.07.02 12:24:54 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Roaming\ICQM
[2013.07.02 08:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013.07.02 08:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013.07.01 17:23:49 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Roaming\pctsGui
[2013.06.26 16:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.06.26 16:26:02 | 000,000,000 | ---D | C] -- C:\Users\z\Documents\My Digital Editions
[2013.06.26 16:09:54 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Local\FileTypeAssistant
[2013.06.26 16:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2013.06.26 16:02:47 | 000,000,000 | ---D | C] -- C:\Users\z\Documents\e-knihy formát ePUB
[2013.06.24 11:19:37 | 000,000,000 | ---D | C] -- C:\Users\z\AppData\Local\HF Designer
[2013.06.15 22:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics (64-bit)
[2013.06.15 22:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mathematics
[2013.06.14 15:07:57 | 000,000,000 | ---D | C] -- C:\Users\z\Documents\Poukaz do slevového portálu amplion.cz
[2013.06.14 15:00:47 | 000,000,000 | ---D | C] -- C:\Users\z\Desktop\Norton 2013
[2013.01.09 16:19:20 | 014,880,256 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2009.10.13 05:07:14 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2013.07.10 18:18:37 | 000,430,107 | ---- | M] () -- C:\Users\z\AppData\Local\funmoods_speedial_v9.0.10.crx
[2013.07.10 18:18:37 | 000,077,717 | ---- | M] () -- C:\Users\z\AppData\Local\funmoods_2.3.1.crx
[2013.07.10 18:18:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3834928719-1230591668-3264408331-1000UA.job
[2013.07.10 18:17:20 | 001,418,572 | ---- | M] () -- C:\Users\z\Desktop\Jak-si-vybrat-podrsenku.pdf
[2013.07.10 18:10:02 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.10 18:09:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.10 18:09:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.07.10 14:32:06 | 002,120,719 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013.07.10 10:38:41 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 10:38:41 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 10:36:11 | 001,586,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.10 10:36:11 | 000,669,678 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.07.10 10:36:11 | 000,655,072 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.10 10:36:11 | 000,141,310 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.07.10 10:36:11 | 000,121,944 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.10 10:31:26 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.10 10:31:02 | 2415,243,264 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.09 12:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\z\Desktop\OTL.exe
[2013.07.09 12:20:45 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\z\Desktop\OTH.scr
[2013.07.08 18:05:28 | 001,603,038 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.07 21:41:10 | 000,000,674 | ---- | M] () -- C:\Windows\SysNative\cc_20130707_214102.reg
[2013.07.07 21:27:18 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3834928719-1230591668-3264408331-1000Core.job
[2013.07.07 14:27:58 | 000,003,448 | ---- | M] () -- C:\{B9E203E9-485C-4B2F-9799-A4EE2D2F7AB6}
[2013.07.07 14:27:56 | 000,023,720 | ---- | M] () -- C:\{1D195542-C876-435B-A577-398425C891D4}
[2013.07.07 14:13:22 | 000,003,448 | ---- | M] () -- C:\{F0B406C3-2F18-4C4C-AB23-9984BB69CA82}
[2013.07.06 19:57:04 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021
[2013.07.06 15:50:13 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.07.06 15:50:12 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.07.06 15:50:12 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.07.06 09:35:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.05 17:18:18 | 000,000,105 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.04 12:43:36 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.07.04 11:21:18 | 000,001,272 | ---- | M] () -- C:\Users\z\Desktop\Revo Uninstaller.lnk
[2013.07.03 21:01:16 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013.06.29 22:27:20 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013.06.27 13:54:44 | 000,003,718 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013.06.27 13:54:34 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.06.24 11:16:28 | 000,879,109 | ---- | M] () -- C:\Users\z\Desktop\odmitnuti-zasilani-neobjednaneho-zbozi.pdf
[2013.06.16 12:53:30 | 000,000,173 | ---- | M] () -- C:\Users\z\AppData\Local\msmathematics.qat.z
[2013.06.16 10:21:24 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.12 20:53:35 | 002,365,790 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

========== Files Created - No Company Name ==========

[2013.07.10 18:18:40 | 000,430,107 | ---- | C] () -- C:\Users\z\AppData\Local\funmoods_speedial_v9.0.10.crx
[2013.07.10 18:18:40 | 000,077,717 | ---- | C] () -- C:\Users\z\AppData\Local\funmoods_2.3.1.crx
[2013.07.10 18:17:20 | 001,418,572 | ---- | C] () -- C:\Users\z\Desktop\Jak-si-vybrat-podrsenku.pdf
[2013.07.07 21:41:08 | 000,000,674 | ---- | C] () -- C:\Windows\SysNative\cc_20130707_214102.reg
[2013.07.07 14:27:56 | 000,023,720 | ---- | C] () -- C:\{1D195542-C876-435B-A577-398425C891D4}
[2013.07.07 14:27:56 | 000,003,448 | ---- | C] () -- C:\{B9E203E9-485C-4B2F-9799-A4EE2D2F7AB6}
[2013.07.07 14:13:20 | 000,003,448 | ---- | C] () -- C:\{F0B406C3-2F18-4C4C-AB23-9984BB69CA82}
[2013.07.06 19:57:04 | 002,120,719 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013.07.06 19:57:04 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021
[2013.07.06 15:50:06 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symelam64.cat
[2013.07.06 15:50:06 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnet64.cat
[2013.07.06 15:50:06 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\iron.cat
[2013.07.06 15:50:06 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.cat
[2013.07.06 15:50:06 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.cat
[2013.07.06 15:50:06 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa.inf
[2013.07.06 15:50:06 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds.inf
[2013.07.06 15:50:06 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnet.inf
[2013.07.06 15:50:06 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.inf
[2013.07.06 15:50:06 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.inf
[2013.07.06 15:50:06 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symelam.inf
[2013.07.06 15:50:06 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.inf
[2013.07.06 15:50:06 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\iron.inf
[2013.07.06 15:50:05 | 000,007,667 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.cat
[2013.07.06 15:49:51 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symvtcer.dat
[2013.07.06 15:49:51 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.cat
[2013.07.06 15:49:51 | 000,008,063 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.cat
[2013.07.06 15:49:51 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\isolate.ini
[2013.07.06 13:38:41 | 000,007,631 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.07.06 13:38:41 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.07.06 09:22:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.06 09:22:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.06 09:22:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.06 09:22:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.06 09:22:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.07.05 17:18:14 | 000,000,105 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.04 12:43:36 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.07.02 08:56:00 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.06.26 16:26:04 | 000,002,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk
[2013.06.24 11:16:24 | 000,879,109 | ---- | C] () -- C:\Users\z\Desktop\odmitnuti-zasilani-neobjednaneho-zbozi.pdf
[2013.06.15 22:16:16 | 000,000,173 | ---- | C] () -- C:\Users\z\AppData\Local\msmathematics.qat.z
[2013.05.21 09:34:55 | 000,003,718 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013.04.08 18:18:16 | 001,603,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.04 14:43:09 | 000,000,071 | ---- | C] () -- C:\Windows\CONTEXT.INI
[2013.03.13 17:46:30 | 000,002,765 | ---- | C] () -- C:\Users\z\AppData\Local\recently-used.xbel
[2013.02.24 19:57:21 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013.02.18 16:17:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013.02.17 13:06:06 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\qttask.exe
[2013.02.17 12:59:29 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2013.02.10 17:18:53 | 000,000,144 | ---- | C] () -- C:\Users\z\AppData\Roaming\wklnhst.dat
[2013.01.11 22:02:42 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2013.01.11 19:43:41 | 000,032,768 | ---- | C] () -- C:\Users\z\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.07.10 18:18:48 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\1O1L1I1PtF1F1C1N
[2013.04.19 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\ACD Systems
[2013.05.09 20:39:25 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Ashampoo
[2013.05.09 20:38:24 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Ashampoo Photo Commander 10
[2013.05.14 13:52:51 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Ashampoo Slideshow Studio HD 2
[2013.01.15 09:40:38 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Canon
[2013.03.26 12:47:05 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013.03.23 20:26:04 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\eSobi
[2013.07.10 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Funmoods
[2013.01.27 22:15:51 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\GG
[2013.03.27 21:09:19 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\HellSpy.cz Download Manager
[2013.07.08 18:48:03 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\ICQ-Profile
[2013.07.02 12:25:08 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\ICQM
[2013.05.03 21:17:40 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\IObit
[2013.02.18 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\IsolatedStorage
[2013.03.18 12:34:17 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\LangSoft
[2013.01.11 23:01:22 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Leadertech
[2013.01.14 18:36:47 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Maxthon3
[2013.01.23 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Monotea
[2013.04.23 12:04:48 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Nokia
[2013.07.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Omiga Plus
[2013.04.23 12:04:50 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\PC Suite
[2013.07.01 17:23:49 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\pctsGui
[2013.02.24 19:58:30 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Photobucket
[2013.02.17 19:29:08 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\PhotoFiltre
[2013.01.27 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\picpick
[2013.01.31 13:34:00 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\PotPlayerMini64
[2013.02.17 15:49:26 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\PowerCinema
[2013.01.11 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\ScanSoft
[2013.02.20 12:59:33 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Seznam.cz
[2013.02.17 15:49:33 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\SoftDMA
[2013.02.11 19:06:21 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\SuperEasy Software
[2013.02.10 17:18:55 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Template
[2013.01.09 21:32:23 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\TestApp
[2013.03.09 19:53:21 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\TomTom
[2013.02.02 11:44:30 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\TuneUp Software
[2013.05.15 20:34:44 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\uTorrent
[2013.01.11 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\VitySoft
[2013.02.08 20:23:28 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\vptmpdownload
[2013.07.04 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\WinZipper
[2013.01.11 19:28:49 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\XnConvert
[2013.04.17 12:38:20 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\YoWindow
[2013.02.17 14:41:38 | 000,000,000 | ---D | M] -- C:\Users\z\AppData\Roaming\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2013.07.08 11:35:20 | 000,000,351 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013.07.08 11:36:54 | 000,000,354 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2013.07.08 11:40:11 | 000,000,349 | ---- | M] () -- C:\AdwCleaner[R3].txt
[2013.07.07 19:57:01 | 000,001,887 | ---- | M] () -- C:\aswMBR.txt
[2013.07.04 12:43:36 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2009.10.13 05:43:07 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013.07.06 13:12:43 | 000,029,973 | ---- | M] () -- C:\ComboFix.txt
[2013.07.10 10:31:02 | 2415,243,264 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.08 13:15:52 | 000,016,706 | ---- | M] () -- C:\JRT.txt
[2013.07.10 10:31:07 | 3220,324,352 | -HS- | M] () -- C:\pagefile.sys
[2013.07.07 10:11:11 | 000,002,606 | ---- | M] () -- C:\Rkill.txt
[2013.07.06 09:09:14 | 000,145,610 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_06.07.2013_09.07.24_log.txt
[2013.04.28 13:58:59 | 000,003,080 | ---- | M] () -- C:\{0A0E1429-77BA-4C73-86D4-7F0AD4FF11E6}
[2013.07.07 14:27:56 | 000,023,720 | ---- | M] () -- C:\{1D195542-C876-435B-A577-398425C891D4}
[2013.04.28 12:52:40 | 000,002,328 | ---- | M] () -- C:\{367D1CA6-3337-42BF-8CA7-4C27EA75E146}
[2013.04.28 13:20:34 | 000,002,648 | ---- | M] () -- C:\{47E0F583-6E37-43F5-B38C-008AD56C523A}
[2013.04.28 13:41:24 | 000,002,456 | ---- | M] () -- C:\{7A54C62F-F20B-4AC5-B451-E2F885151E06}
[2013.07.07 14:27:58 | 000,003,448 | ---- | M] () -- C:\{B9E203E9-485C-4B2F-9799-A4EE2D2F7AB6}
[2013.04.28 13:43:09 | 000,002,600 | ---- | M] () -- C:\{BEB110CC-32AA-4713-9B06-5D7D05E4DD9E}
[2013.04.28 13:39:37 | 000,002,416 | ---- | M] () -- C:\{C732206F-9291-4B1E-A4DA-EB089D70C6D1}
[2013.04.28 13:44:32 | 000,002,696 | ---- | M] () -- C:\{D9E3ECD4-5F4B-48B5-8865-7B495A0F6187}
[2013.04.28 14:03:17 | 000,002,024 | ---- | M] () -- C:\{DA5E5F4D-134F-4947-9EC4-A15E76D71764}
[2013.07.07 14:13:22 | 000,003,448 | ---- | M] () -- C:\{F0B406C3-2F18-4C4C-AB23-9984BB69CA82}
[2013.04.28 13:48:59 | 000,003,560 | ---- | M] () -- C:\{FCDE918B-A742-4D53-A9F1-3A57949E2B86}

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Files - Unicode (All) ==========
[2013.07.01 18:28:12 | 010,903,837 | ---- | M] ()(C:\Users\z\Desktop\??????? ???????? ?? ???????? !.mp3) -- C:\Users\z\Desktop\Товарищ Горбачёв до свидания !.mp3
[2013.07.01 18:28:02 | 010,903,837 | ---- | C] ()(C:\Users\z\Desktop\??????? ???????? ?? ???????? !.mp3) -- C:\Users\z\Desktop\Товарищ Горбачёв до свидания !.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:820563D3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

[romankovarik31]

Omlouvám se za zpoždění, ale včera mi OTH nešel spustit, tak jsem ho smazal a dnes opět stáhl a už to šlo.

[romankovarik31]

OTL Extras logfile created on: 10.7.2013 18:45:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\z\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,36% Memory free
6,00 Gb Paging File | 4,70 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,53 Gb Total Space | 523,35 Gb Free Space | 76,45% Space Free | Partition Type: NTFS

Computer Name: Z-PC | User Name: z | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EE357A9-42A0-44B5-AF2D-9A715888E1AE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8BC765E4-D906-4B92-B928-C9B06F1FFDE9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{99B44804-7D39-4BDA-A222-BA99762BA742}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A4F1EED9-4AEB-4DAB-8C0B-E9391708B81D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D5CC821D-F86D-400C-83E6-A99546E33DDE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD9F85C-F07F-42CB-BFEC-FF1BE9A9F4F7}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{0DA28F01-A441-406E-904A-4B55672FF681}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{1AFE21A0-8FD7-4629-9624-0272C13C6F9F}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{1B035476-994F-4725-9EDF-5CFAD4A6136C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1B175BF2-1E3D-4985-9208-5506577F2896}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{1C36DDA1-86BF-4217-AA7C-E63DC8D20EFE}" = protocol=17 | dir=in | app=c:\users\z\appdata\roaming\icqm\icq.exe |
"{2BA7DE5D-71BA-490B-8C83-3C6DF02C7CE1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{2EA14C8A-DD88-40BE-9F3E-B43301C620EC}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{515F5112-59D3-4CE2-BE29-F45C8BD7DD4B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{54845890-592E-4BCE-B3E9-566409F2ABD5}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{579E9E36-0879-488A-9586-643D5399B2DE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{7407677B-E8C6-4601-9337-9AAAF9E31AC4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{76B67F00-79CC-4348-95DB-535638077C2E}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{82B10968-219B-46B0-B34C-745594DA6FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8EF5087B-D9F1-4073-87BF-07EC92A8FEA3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{91B88E85-44F6-4582-A196-533AD336DF01}" = dir=in | app=c:\users\z\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{937A45B5-C6CF-45D8-B337-309F1D9EE91E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{9D539905-B559-4B43-8264-493CBB23AD79}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{ADC09E04-670C-41F6-8903-21EB5388ACAA}" = protocol=6 | dir=in | app=c:\users\z\appdata\roaming\icqm\icq.exe |
"{BA3443AF-B10A-4BFC-B054-8D1F3FF1CB50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CDA3EE58-DBC0-4710-A9F2-C84437C1B5B0}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{DD205556-7375-4C72-AFEA-4B8CCE834929}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{E41F536C-07EB-4C69-90EA-A8670FBAB4BF}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{E700B6B9-6FCB-420F-9917-56BD5FD9A6A6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EF9E2372-6DFF-4136-9CAE-DC110D548C5E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"TCP Query User{1E3B1971-0118-4D85-935A-839F03CB0D9C}C:\program files (x86)\orbitron\orbitron.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitron\orbitron.exe |
"TCP Query User{892EDE22-8F97-4383-B56E-2A0CC25D96A4}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\frd.exe |
"TCP Query User{CF51FF3B-B1AA-4243-A60A-738DBC187E0C}C:\program files (x86)\the kmplayer\kmplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the kmplayer\kmplayer.exe |
"UDP Query User{04D5B1B6-D73A-4FC2-81C1-84B7FF5E8B11}C:\program files (x86)\orbitron\orbitron.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitron\orbitron.exe |
"UDP Query User{382FA6D8-F2CD-433A-B9C8-F754933670A1}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\frd.exe |
"UDP Query User{87B3744F-31AD-4E34-9B4B-BD6B39AD61C1}C:\program files (x86)\the kmplayer\kmplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the kmplayer\kmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20AC583C-A6FB-410A-807D-25308225C202}" = Paint.NET v3.35
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A324DC11-FF02-3CE8-9D6F-67EBC006D970}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9)
"CCleaner" = CCleaner
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7)
"GIMP-2_is1" = GIMP 2.8.4
"Logitech Unifying" = Oprogramowanie Logitech Unifying 2.10
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"PotPlayer64" = Daum PotPlayer 1.5.35431 x64 Edition
"Speccy" = Speccy
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039BC111-5D42-BD22-5D57-C7073E40209A}_is1" = SuperEasy Video Converter 2 v.2.1.2296
"{06BA6321-B6FC-4A36-8571-B642404D22B6}" = Photobucket Backup
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08F8A05F-C6FD-4A1C-96DA-4B48AACA7F35}_is1" = Incomedia WebSite X5 v9 - Smart
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1407B87C-36E3-4FC1-9051-D08B21E1096F}" = Windows Live Sync
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{414D143D-7DB6-47A6-9E23-1914FD1B535A}_is1" = Incomedia WebSite X5 v9 - Compact
"{41545534-0076-A76A-76A7-A758B70B0A00}" = Ask Toolbar
"{4209F371-7B85-60AD-E5CE-E4409D39E3DE}_is1" = Ashampoo WinOptimizer 2013 v.1.0.0
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{494B56CB-7B7D-4A2F-B682-AA98E25E3722}" = Encyklopedie vesmíru
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553E24F0-09FD-4BCB-9CF0-4FC0F6DB95D1}_is1" = HellSpy Klient verze 0.8.0
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57D2064C-980E-4B80-A3EA-BE5E34B60989}_is1" = Monotea SMS Posílač 4 verze 4.09
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64392EEB-38EF-45FD-822D-5C75CA136860}_is1" = Incomedia WebSite X5 v9 - Evolution
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_STANDARD_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_STANDARD_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_STANDARD_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_STANDARD_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91B33C97-9309-C89E-8FF9-DF4A2A3B8269}_is1" = Ashampoo Photo Mailer v.1.0.6
"{91B33C97-C201-47CC-5004-C35C8472437F}_is1" = Ashampoo Slideshow Studio HD 2 v.2.0.5
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{99D7DE4C-2775-4B16-B155-7F09AE939E8E}" = Microsoft Works
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A6142247-58B1-40C7-B8E0-965C1A8026A5}" = ACDSee Photo Editor 2008
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C92AB6F1-0F9C-8526-5DF1-0A2FD0FB33D9}_is1" = Ashampoo Photo Commander 11 v.11.0.2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DFF29C16-11B8-4AD2-AC1A-2841DA197982}" = Rally Championship Xtreme
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"aTube Catcher" = aTube Catcher
"CANONIJPLM100" = PIXMA Extended Survey Program
"CodInstl" = Intel A/V Codecs V2.0
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FormatFactory" = FormatFactory 3.0.1
"Freemake Video Converter_is1" = Freemake Video Converter verze 3.2.1
"funmoods" = Funmoods
"Google Chrome" = Google Chrome
"hosts" = hosts
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.5 (Full)
"LastPass" = LastPass(uninstall only)
"Live Aquarium HD_is1" = Live Aquarium HD
"MailStore Home_universal1" = MailStore Home 8.0.5.8779
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Maxthon3" = Maxthon 3
"Mozilla Firefox 21.0 (x86 cs)" = Mozilla Firefox 21.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.1" = Canon MP Navigator 3.1
"NIS" = Norton Internet Security
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Orbitron_is1" = Orbitron - Satellite Tracking System
"Picasa 3" = Picasa 3
"PicPick" = PicPick
"QuickTime" = QuickTime
"Registrace uživatele zařízení Canon MP140 series" = Registrace uživatele zařízení Canon MP140 series
"Revo Uninstaller" = Revo Uninstaller 1.95
"SP_f2a323db" = BrowseToSave 1.74
"STANDARD" = Microsoft Office Standard 2007
"The KMPlayer" = The KMPlayer (remove only)
"Trusted Software Assistant_is1" = File Type Assistant
"uTorrent" = µTorrent
"Weather_ask1.7_is1" = weather_ask1.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"XnConvert_is1" = XnConvert 1.50
"yowindow" = YoWindow
"ZonerPhotoStudio11_CZ_is1" = Zoner Photo Studio 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"3c12599708491691" = Vydělávej Počítačem.cz
"Adobe Flash Player ActiveX Free Download Packages" = Adobe Flash Player ActiveX Free Download Packages
"GG" = GG
"ICQ" = ICQ 8.1 (verze 6327)
"PhotoFiltre" = PhotoFiltre
"Pokki" = Pokki
"SeznamInstall" = Seznam Software

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.7.2013 4:31:40 | Computer Name = z-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 10.7.2013 4:31:40 | Computer Name = z-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 10.7.2013 4:31:40 | Computer Name = z-PC | Source = ESENT | ID = 455
Description = Windows (3120) Windows: Při otevírání souboru protokolu C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0008E.log
došlo k chybě -1811.

Error - 10.7.2013 4:31:40 | Computer Name = z-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 10.7.2013 4:31:40 | Computer Name = z-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 10.7.2013 4:31:40 | Computer Name = z-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 10.7.2013 4:31:41 | Computer Name = z-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 10.7.2013 4:31:41 | Computer Name = z-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 10.7.2013 4:31:41 | Computer Name = z-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 10.7.2013 4:31:41 | Computer Name = z-PC | Source = Windows Search Service | ID = 7010
Description =

[ System Events ]
Error - 9.7.2013 6:56:46 | Computer Name = z-PC | Source = Service Control Manager | ID = 7038
Description = Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s
aktuálně konfigurovaným heslem z důvodu následující chyby: %%1330 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 9.7.2013 6:56:46 | Computer Name = z-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 10.7.2013 4:31:10 | Computer Name = z-PC | Source = Service Control Manager | ID = 7000
Description = Služba Wsys Service neuspěla při spuštění v důsledku následující chyby:
%%3

Error - 10.7.2013 4:31:19 | Computer Name = z-PC | Source = Service Control Manager | ID = 7000
Description = Služba Nero BackItUp Scheduler 4.0 neuspěla při spuštění v důsledku
následující chyby: %%3

Error - 10.7.2013 4:31:41 | Computer Name = z-PC | Source = Service Control Manager | ID = 7024
Description = Služba Windows Search ukončena s chybou %%-2147218173, specifickou
pro službu.

Error - 10.7.2013 4:31:41 | Computer Name = z-PC | Source = Service Control Manager | ID = 7031
Description = Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error - 10.7.2013 4:33:37 | Computer Name = z-PC | Source = Service Control Manager | ID = 7038
Description = Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s
aktuálně konfigurovaným heslem z důvodu následující chyby: %%1330 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 10.7.2013 4:33:37 | Computer Name = z-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 10.7.2013 12:43:16 | Computer Name = z-PC | Source = Service Control Manager | ID = 7034
Description = Služba Advanced SystemCare Service 6 byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 10.7.2013 12:43:18 | Computer Name = z-PC | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Stereoscopic 3D Driver Service byla neočekávaně ukončena.
Tento stav nastal již 1krát.


< End of report >

[jaro3]

Takovej bordel jsem už dlouho , velmi dlouho neviděl...

SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
Zkus si zapnout Windows Defender

AVG Secure Search
AVG
AVG SiteSafety plugin
Advanced SystemCare 6
Ashampoo WinOptimizer 2013
Kaspersky Lab
PC Tools
To příště neinstaluj , co půjde odinstaluj , co nejde mažu!!

Dávej pozor , co instaluješ s programem , který instalovat chceš , ne jen klikat. Nataháš si tam zbytečně moc balastu adware i viry.

Nech si jen Norton Internet Security , ten stačí.

Píšu:
Stáhni AdwCleaner

Ulož si ho na svojí plochu

a skutek?

C:\Users\z\Downloads\adwcleaner.exe !!

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - [2013.06.27 13:54:34 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
SRV - [2013.06.27 13:54:34 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2012.06.11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
DRV:64bit: - [2013.06.27 13:54:34 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source= ... 1373010220
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source= ... ts=3604546
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {70df8d13-bdd3-448e-944c-efde21b77161} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=1192 ... 87FC4A116C
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{4A723FA9-C490-4703-8740-4CC7D0E88B74}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_13415
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_cs
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6B786243-6612-40AB-84EC-1E295BAB6ED7}: "URL" = http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415
IE - HKCU\..\SearchScopes\{887B1577-E9C3-445D-BDF0-7184CCA5A6E6}: "URL" = http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415
IE - HKCU\..\SearchScopes\{A741E3BF-44A6-45EA-875F-2E16234A2DA2}: "URL" = http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_13415
IE - HKCU\..\SearchScopes\{B4A96E76-5F1B-4543-A9A4-4557A84AAEBD}: "URL" = http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415
IE - HKCU\..\SearchScopes\{F26F0CEA-670E-4D08-BB03-12415EBE81D4}: "URL" = http://www.firmy.cz/phr/{searchTerms}?sourceid=QuickSearch_13415
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7B003D3EDC-99B9-4a34-9C20-60CB94F7E829%7D:2010.03
FF - prefs.js..extensions.enabledAddons: toolbar_ATU4%40apn.ask.com:15.40906
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: 05dd836e-2cbd-4204-9ff3-2f8a8665967d%40a8876730-fb0c-4057-a2fc-f9c09d438e81.com:0.91.3
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2013.03.09 19:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Extensions
[2013.07.08 19:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions
[2013.03.30 18:16:08 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2013.07.08 19:13:22 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2013.07.05 18:40:34 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
[2013.07.05 18:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\extensionCode
[2013.06.09 10:10:30 | 000,446,987 | ---- | M] () (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\toolbar_ATU4@apn.ask.com.xpi
[2013.04.06 22:28:47 | 000,213,470 | ---- | M] () (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\torntv2@torntv.com.xpi
[2013.03.18 12:33:19 | 000,163,121 | ---- | M] () (No name found) -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}.xpi
[2013.05.27 19:23:51 | 000,002,512 | ---- | M] () -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\searchplugins\ask-search.xml
[2013.07.08 19:13:17 | 000,003,915 | ---- | M] () -- C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\bocdlzxg.default\searchplugins\sweetim.xml
[2013.05.18 11:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.07.02 18:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.07.02 18:37:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
CHR - default_search_provider: search_url = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&cd=2XzuyEtN2Y1L1QzuyEyEzzyB0F0CyE0AtCtCyC0C0DyEyE0EtN0D0Tzu0CyDyDyBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=418333858&ir=
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
CHR - Extension: Funmoods = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.3.1_0\
CHR - Extension: Newtab = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\9.0.10_0\
CHR - Extension: hosts = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.4_0\crossrider
CHR - Extension: hosts = C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.4_0\
O1 HOSTS File: ([2013.07.06 09:35:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {70DF8D13-BDD3-448E-944C-EFDE21B77161} - No CLSID value found.
O4 - HKLM..\RunOnce: [Del28079275] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Del28079072] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk = C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\z\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass vyplňování formulářů - file://C:\Users\z\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: LastPass - file://C:\Users\z\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass vyplňování formulářů - file://C:\Users\z\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013.07.10 10:36:11 | 000,669,678 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.07.10 10:36:11 | 000,655,072 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.10 10:36:11 | 000,141,310 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.07.10 10:36:11 | 000,121,944 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:820563D3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Users\z\AppData\Roaming\Funmoods
C:\Program Files (x86)\Funmoods
C:\ProgramData\SweetIM
C:\Program Files (x86)\SweetIM
C:\ProgramData\Kaspersky Lab
C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\NIRCMD.exe
C:\Qoobox
C:\Program Files (x86)\hosts
C:\Users\z\AppData\Roaming\pctsGui
C:\ProgramData\FullRemove.exe
C:\Users\z\AppData\Local\funmoods_speedial_v9.0.10.crx
C:\Users\z\AppData\Local\funmoods_2.3.1.crx
C:\Windows\SysNative\drivers\lvuvc.hs
C:\Windows\SysNative\cc_20130707_214102.reg
C:\Windows\DeleteOnReboot.bat
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
C:\Windows\SysNative\drivers\avgtpx64.sys
C:\Users\z\AppData\Local\funmoods_speedial_v9.0.10.crx
C:\Users\z\AppData\Local\funmoods_2.3.1.crx
C:\Windows\PEV.exe
C:\Windows\MBR.exe
C:\Windows\sed.exe
C:\Windows\grep.exe
C:\Windows\zip.exe
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
C:\Windows\SysWow64\qttask.exe
C:\Users\z\AppData\Roaming\wklnhst.dat
C:\Users\z\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\z\AppData\Roaming\Funmoods
C:\Users\z\AppData\Roaming\pctsGui

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
""=""%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{41545534-0076-A76A-76A7-A758B70B0A00}" =-
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" =-
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" =-
"funmoods" =-
"hosts" =-
"SP_f2a323db" =-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" =-

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Pak:

Stáhni si rkill
na svojí plochu
a spusť ho . Spustí se sken .Po skenu se program sám ukončí.
Pozn.: NERESTARTUJ PC !

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

C:\Users\z\AppData\Roaming\1O1L1I1PtF1F1C1N
C:\{B9E203E9-485C-4B2F-9799-A4EE2D2F7AB6}
C:\{1D195542-C876-435B-A577-398425C891D4}
C:\{F0B406C3-2F18-4C4C-AB23-9984BB69CA82}
znáš ty složky? Koukni do nich , co tam je.