Jump to content

please check logs my army friends problems with windows defender


Guest

Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.19393

Run by Planeo at 18:07:39 on 2013-01-29

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1525.494 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Users\Planeo\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

D:\CDBurnerXP\NMSAccessU.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\tsnpstd3.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.icq.com/

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://cs.intl.acer.yahoo.com

mDefault_Page_URL = hxxp://cs.intl.acer.yahoo.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>

BHO: XTTBPos00 Class: {055FD26D-3A88-4e15-963D-DC8493744B1D} - c:\program files\icqtoolbar\4925\toolbaru.dll

BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\windows\system32\ActiveToolBand.dll

TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll

TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll

EB: Ukazatel S-Rank: {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - c:\users\planeo\appdata\local\seznam.cz\core.2.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Acer Tour Reminder] <no file>

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"

mRun: [Acer Tour] <no file>

dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - d:\office\office10\OSA.EXE

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xportovat do aplikace Microsoft Excel - d:\office\office10\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 10.0.0.138

TCP: Interfaces\{202A32AC-1BED-47A1-89AB-3A2B8781C00E} : DHCPNameServer = 10.0.0.138

TCP: Interfaces\{82B9EFE9-1B87-4748-8B2B-910FBC198A87} : DHCPNameServer = 10.0.0.138

TCP: Interfaces\{AD2EE0F9-F4B7-458A-8771-6C55897E8BBE} : DHCPNameServer = 10.0.0.138

Notify: igfxcui - igfxdev.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\planeo\appdata\roaming\mozilla\firefox\profiles\k6amfei8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=

FF - component: c:\users\planeo\appdata\roaming\mozilla\firefox\profiles\k6amfei8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\users\planeo\appdata\roaming\mozilla\firefox\profiles\k6amfei8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\users\planeo\appdata\roaming\mozilla\firefox\profiles\k6amfei8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll

FF - component: c:\users\planeo\appdata\roaming\mozilla\firefox\profiles\k6amfei8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\users\planeo\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: 2013-01-28 19:44; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\planeo\appdata\roaming\mozilla\firefox\profiles\k6amfei8.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

FF - ExtSQL: !HIDDEN! 2009-09-02 21:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-25 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-8-15 361032]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-1-24 13560]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-15 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-2-5 58680]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-25 44808]

R2 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-4 21504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-01-18 22:11:59 91696 ----a-w- c:\program files\mozilla firefox\updated\nssdbm3.dll

2013-01-18 21:47:29 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb23a608-1a91-4ccd-9735-e08a37b0234c}\mpengine.dll

2013-01-18 21:45:42 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{30501050-33af-4e21-a713-12f7c3dea019}\mpengine.dll

2013-01-18 21:40:08 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{aa09bf0a-7f2d-4312-bb29-a39588385d16}\mpengine.dll

2013-01-18 21:34:54 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d9c79d7c-f445-4798-9910-c302699030f2}\mpengine.dll

2013-01-16 17:04:46 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ec3143e4-c8ee-448d-b198-d119cb7971f8}\offreg.dll

2013-01-15 17:35:28 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ec3143e4-c8ee-448d-b198-d119cb7971f8}\mpengine.dll

2013-01-11 17:30:59 58848 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2013-01-11 17:30:53 4220896 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2013-01-11 17:30:52 258528 ----a-w- c:\program files\mozilla firefox\freebl3.dll

2013-01-11 17:30:50 916960 ----a-w- c:\program files\mozilla firefox\firefox.exe

2013-01-11 17:30:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2013-01-11 17:30:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2013-01-11 17:30:41 116192 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

2013-01-11 17:30:38 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2013-01-11 17:30:37 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2013-01-11 17:30:36 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll

2013-01-09 18:28:45 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 18:28:40 2048000 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 18:24:10 1400832 ----a-w- c:\windows\system32\msxml6.dll

.

==================== Find3M ====================

.

2013-01-09 19:31:50 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-09 19:31:48 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 10:42:46 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-09 10:37:14 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-09 10:36:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-09 10:36:28 71680 ----a-w- c:\windows\system32\iesetup.dll

2012-11-09 10:36:28 109056 ----a-w- c:\windows\system32\iesysprep.dll

2012-11-09 09:01:43 385024 ----a-w- c:\windows\system32\html.iec

2012-11-09 07:13:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-09 07:11:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe

.

============= FINISH: 18:09:53,93 ===============

bug.bmp

attach.txt

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

OTL logfile created on: 30.1.2013 11:39:57 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Planeo\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19393)

Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,49 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 52,94% Memory free

3,23 Gb Paging File | 2,28 Gb Available in Paging File | 70,66% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 49,14 Gb Total Space | 6,71 Gb Free Space | 13,66% Space Free | Partition Type: NTFS

Drive D: | 48,98 Gb Total Space | 24,20 Gb Free Space | 49,41% Space Free | Partition Type: NTFS

Computer Name: PLANEO-PC | User Name: Planeo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.30 11:38:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Planeo\Desktop\OTL.exe

PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.04.11 10:54:22 | 003,672,384 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- D:\CDBurnerXP\NMSAccessU.exe

PRC - [2009.11.02 14:05:06 | 000,448,664 | ---- | M] () -- C:\Users\Planeo\AppData\Local\Seznam.cz\postak.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.24 16:01:13 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Planeo\AppData\Local\Temp\RtkBtMnt.exe

PRC - [2007.09.12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007.08.29 10:35:38 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2007.07.24 10:21:26 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007.06.13 15:56:18 | 000,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe

PRC - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2007.06.13 10:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2007.06.11 13:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe

PRC - [2007.05.24 13:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

PRC - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

PRC - [2007.04.25 15:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

PRC - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2007.04.23 08:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007.03.21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

PRC - [2005.12.20 14:39:32 | 000,094,208 | ---- | M] () -- C:\Windows\tsnpstd3.exe

========== Modules (No Company Name) ==========

MOD - [2012.10.05 11:59:08 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2012.10.05 11:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2012.10.05 11:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2012.08.31 12:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

MOD - [2011.12.27 03:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

MOD - [2009.11.02 14:05:06 | 000,448,664 | ---- | M] () -- C:\Users\Planeo\AppData\Local\Seznam.cz\postak.exe

MOD - [2009.11.02 14:04:52 | 000,704,664 | ---- | M] () -- C:\Users\Planeo\AppData\Local\Seznam.cz\email.2.dll

MOD - [2009.11.02 14:04:16 | 001,085,080 | ---- | M] () -- C:\Users\Planeo\AppData\Local\Seznam.cz\core.2.dll

MOD - [2009.04.13 13:39:02 | 007,331,840 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll

MOD - [2009.04.13 13:39:02 | 002,023,424 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

MOD - [2009.04.13 13:38:44 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2009.03.31 19:04:50 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.03.30 05:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2009.03.30 05:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2009.03.30 05:42:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

MOD - [2009.03.30 05:42:18 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

MOD - [2009.03.30 05:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2009.03.30 05:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

MOD - [2007.08.29 10:35:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll

MOD - [2007.08.29 10:34:34 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll

MOD - [2007.07.24 09:39:40 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll

MOD - [2007.06.28 17:50:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll

MOD - [2007.06.28 17:50:56 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\cs\eSettings.Plugin.resources.dll

MOD - [2007.06.28 17:50:38 | 000,011,264 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\cs\eSettings.Presenter.resources.dll

MOD - [2007.06.28 17:50:36 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll

MOD - [2007.06.28 17:50:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll

MOD - [2007.06.28 17:50:20 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll

MOD - [2007.06.13 15:56:36 | 000,249,856 | R--- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll

MOD - [2007.06.11 13:54:18 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll

MOD - [2007.05.24 08:53:32 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll

MOD - [2007.05.24 08:53:32 | 000,118,784 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\cs\eLockCTL.resources.dll

MOD - [2007.04.25 15:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll

MOD - [2007.04.25 15:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

MOD - [2007.04.11 15:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll

MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll

MOD - [2005.12.20 14:39:32 | 000,094,208 | ---- | M] () -- C:\Windows\tsnpstd3.exe

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)

SRV - [2013.01.11 18:34:50 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.01.09 20:33:23 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.09.12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007.09.12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2007.06.13 10:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)

SRV - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ahi2jhz1)

DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012.08.19 12:01:08 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012.07.15 20:02:35 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2007.06.21 07:40:04 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)

DRV - [2007.06.18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007.06.11 16:59:04 | 000,766,376 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)

DRV - [2007.04.11 09:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)

DRV - [2007.04.11 09:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)

DRV - [2007.01.30 21:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2006.12.05 13:26:00 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})

DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: - No CLSID value found

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PTV2&o=15851&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=H3&apn_dtid=YYYYYYYYCZ&apn_uid=4D1C726E-F582-4A99-BFDA-102AB1FCE7B6&apn_sauid=508D2D7E-56E1-4363-81B5-75FCDE877B11

IE - HKCU\..\SearchScopes\{3E268680-AF68-4212-8FD8-9FEA89962BDD}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"

FF - prefs.js..extensions.enabledAddons: %7Bafe43e80-0abc-4df2-81a0-3fe44b74abe8%7D:1.300.434

FF - prefs.js..extensions.enabledAddons: %7Bea614400-e918-4741-9a97-7a972ff7c30b%7D:2.5.14

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590

FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.306

FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.2.5.2

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Planeo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.28 19:43:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.11 18:31:27 | 000,000,000 | ---D | M]

[2008.08.16 12:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Planeo\AppData\Roaming\mozilla\Extensions

[2013.01.30 11:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Planeo\AppData\Roaming\mozilla\Firefox\Profiles\k6amfei8.default\extensions

[2010.07.01 17:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Planeo\AppData\Roaming\mozilla\Firefox\Profiles\k6amfei8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2013.01.30 11:25:51 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\Planeo\AppData\Roaming\mozilla\Firefox\Profiles\k6amfei8.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

[2011.04.03 09:48:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Planeo\AppData\Roaming\mozilla\Firefox\Profiles\k6amfei8.default\extensions\engine@conduit.com

[2013.01.04 18:28:48 | 000,580,185 | ---- | M] () (No name found) -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi

[2011.10.29 11:46:57 | 000,002,396 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\askcom.xml

[2010.11.23 12:02:32 | 000,000,921 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\conduit.xml

[2013.01.28 19:53:28 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-1.xml

[2011.06.26 13:52:37 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-10.xml

[2011.07.01 16:36:53 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-11.xml

[2011.08.18 08:59:38 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-12.xml

[2011.08.23 16:22:42 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-13.xml

[2011.09.14 15:13:19 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-14.xml

[2011.10.06 23:11:43 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-15.xml

[2011.11.10 18:59:12 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-16.xml

[2009.04.22 19:54:11 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-2.xml

[2009.05.01 10:41:32 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-3.xml

[2009.06.14 16:00:58 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-4.xml

[2009.07.30 04:33:39 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-5.xml

[2009.08.09 13:26:05 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-6.xml

[2009.08.09 15:08:49 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-7.xml

[2011.04.08 18:00:02 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-8.xml

[2011.05.08 09:41:31 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-9.xml

[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin.xml

[2013.01.28 19:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013.01.11 18:30:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2013.01.28 19:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions

[2013.01.28 19:43:23 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

[2013.01.29 04:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions

[2013.01.29 04:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.11.29 12:32:34 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml

[2012.11.29 12:32:34 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml

[2012.11.29 12:32:34 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml

[2012.11.29 12:32:34 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml

[2012.11.29 12:32:35 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage:

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Planeo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Planeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Planeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_2\

CHR - Extension: Stylish = C:\Users\Planeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.0_0\

CHR - Extension: Gmail = C:\Users\Planeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\4925\toolbaru.dll (IE Toolbar)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer Tour] File not found

O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)

O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [setPanel] C:\Acer\APanel\APanel.cmd File not found

O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Acer Tour Reminder] File not found

O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [seznam Postak] C:\Users\Planeo\AppData\Local\Seznam.cz\postak.exe ()

O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - D:\office\Office10\EXCEL.EXE (Microsoft Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{202A32AC-1BED-47A1-89AB-3A2B8781C00E}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82B9EFE9-1B87-4748-8B2B-910FBC198A87}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD2EE0F9-F4B7-458A-8771-6C55897E8BBE}: DhcpNameServer = 10.0.0.138

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Planeo\Pictures\13AFZ-3Hp.jpg

O24 - Desktop BackupWallPaper: C:\Users\Planeo\Pictures\13AFZ-3Hp.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{4d9295e5-fa4a-11df-bbda-e1cfef49471b}\Shell - "" = AutoRun

O33 - MountPoints2\{4d9295e5-fa4a-11df-bbda-e1cfef49471b}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{4d9295e5-fa4a-11df-bbda-e1cfef49471b}\Shell\dinstall\command - "" = F:\Quake3\directx7\dxsetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.01.30 11:38:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Planeo\Desktop\OTL.exe

[2013.01.29 18:07:23 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Planeo\Desktop\dds.exe

[2013.01.11 18:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013.01.09 19:28:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2013.01.09 19:28:40 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.02.22 19:36:58 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Planeo\SkypeSetup(2).exe

[2011.02.06 19:59:22 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Users\Planeo\setup(2).exe

[2011.02.06 19:57:06 | 024,269,344 | ---- | C] (Microsoft) -- C:\Users\Planeo\dotnetfx(2).exe

[2011.01.29 11:37:16 | 001,903,616 | ---- | C] (Microsoft Corporation) -- C:\Users\Planeo\setup.exe

[2011.01.29 11:35:51 | 024,269,344 | ---- | C] (Microsoft) -- C:\Users\Planeo\dotnetfx.exe

[2009.05.03 15:31:20 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Users\Planeo\wmpfirefoxplugin.exe

[2009.05.03 15:30:00 | 000,163,256 | ---- | C] (Microsoft Corporation) -- C:\Users\Planeo\np-mswmp.dll

========== Files - Modified Within 30 Days ==========

[2013.01.30 11:38:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Planeo\Desktop\OTL.exe

[2013.01.30 11:25:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.01.30 11:25:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.01.30 11:23:31 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2013.01.30 11:23:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.01.29 18:07:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Planeo\Desktop\dds.exe

[2013.01.28 19:50:28 | 097,565,024 | ---- | M] () -- C:\Users\Planeo\Desktop\avast_free_antivirus_setup(1).exe

[2013.01.28 19:43:42 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013.01.21 22:16:39 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013.01.19 00:53:22 | 102,315,992 | ---- | M] () -- C:\Users\Planeo\Desktop\avast_free_antivirus_setup.exe

[2013.01.18 23:51:29 | 000,629,592 | ---- | M] () -- C:\Windows\System32\perfh005.dat

[2013.01.18 23:51:29 | 000,605,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.01.18 23:51:29 | 000,127,914 | ---- | M] () -- C:\Windows\System32\perfc005.dat

[2013.01.18 23:51:29 | 000,108,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.01.18 22:58:56 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.01.18 22:44:17 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.01.18 22:37:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2013.01.18 22:34:16 | 135,192,492 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013.01.16 21:28:08 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.01.10 11:08:45 | 000,298,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013.01.09 20:31:50 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013.01.09 20:31:48 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013.01.09 14:01:50 | 000,101,376 | ---- | M] () -- C:\Users\Planeo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.01.09 14:01:46 | 001,056,417 | ---- | M] () -- C:\Users\Planeo\Desktop\DSC_0005.JPG

[2013.01.09 14:01:42 | 001,052,023 | ---- | M] () -- C:\Users\Planeo\Desktop\DSC_0004.JPG

========== Files Created - No Company Name ==========

[2013.01.28 19:47:45 | 097,565,024 | ---- | C] () -- C:\Users\Planeo\Desktop\avast_free_antivirus_setup(1).exe

[2013.01.28 19:43:42 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013.01.19 00:51:59 | 102,315,992 | ---- | C] () -- C:\Users\Planeo\Desktop\avast_free_antivirus_setup.exe

[2013.01.09 14:01:46 | 001,056,417 | ---- | C] () -- C:\Users\Planeo\Desktop\DSC_0005.JPG

[2013.01.09 14:01:42 | 001,052,023 | ---- | C] () -- C:\Users\Planeo\Desktop\DSC_0004.JPG

[2011.11.24 14:54:38 | 000,000,837 | ---- | C] () -- C:\Users\Planeo\.recently-used.xbel

[2011.05.19 18:58:07 | 000,385,317 | ---- | C] () -- C:\Users\Planeo\domaci pekarna manual.pdf

[2011.03.21 18:13:59 | 000,637,784 | ---- | C] () -- C:\Users\Planeo\MOV0002A.avi

[2011.01.29 11:46:07 | 000,000,094 | ---- | C] () -- C:\Users\Planeo\AppData\Local\fusioncache.dat

[2010.10.12 20:12:19 | 000,153,318 | ---- | C] () -- C:\Users\Planeo\Email0117.TIF

[2009.08.09 13:11:42 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008.05.05 14:56:04 | 000,005,000 | ---- | C] () -- C:\Users\Planeo\AppData\Local\d3d9caps.dat

[2008.04.03 20:12:30 | 000,101,376 | ---- | C] () -- C:\Users\Planeo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.03.05 22:54:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2008.02.10 12:10:01 | 000,008,595 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >

[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2007.09.05 20:16:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2009.02.04 21:03:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2005.08.16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe

[2006.11.29 16:35:22 | 000,000,512 | ---- | M] () -- C:\MDR.iss

[2009.02.04 21:03:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2013.01.30 11:22:57 | 1914,048,512 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto >

< Update\Results\Install|LastSuccessTime /rs >

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 30.1.2013 11:39:57 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Planeo\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19393)

Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,49 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 52,94% Memory free

3,23 Gb Paging File | 2,28 Gb Available in Paging File | 70,66% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 49,14 Gb Total Space | 6,71 Gb Free Space | 13,66% Space Free | Partition Type: NTFS

Drive D: | 48,98 Gb Total Space | 24,20 Gb Free Space | 49,41% Space Free | Partition Type: NTFS

Computer Name: PLANEO-PC | User Name: Planeo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "D:\office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- Reg Error: Value error.

https [open] -- Reg Error: Value error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{19DD6F45-5D19-4469-A8DC-44E52C019438}" = rport=10243 | protocol=6 | dir=out | app=system |

"{2D9F236D-FDA0-4C17-BE54-969A97E28737}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2E45965A-8485-4948-B924-B9608496C9A4}" = lport=10243 | protocol=6 | dir=in | app=system |

"{597C32DD-F941-4E9D-B5EA-12154A75D8EC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{770C6779-F2F7-49AB-8941-AD0DB81B42FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{89D47D11-0AE3-4D8F-B138-9E3CEE1069B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9AF9FE0D-E75A-40B6-8F57-4564CED3E10D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D1833506-C323-4DBD-908A-8393814057B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EF01104E-2D75-4DDD-93CC-41BF7E03839B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00AF6A77-31E1-4840-8F97-28321478C3E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{03C89EB0-FDD7-4CBA-8F48-3CFDAB5CD307}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{041BB5E0-976D-4719-841F-9ACE541E4902}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{04DAC990-F40A-4FD7-AEE4-EB5625E0453A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{05336FAF-1D3B-44B8-9091-2E97262F62A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0686AB6D-A1B2-4735-AA90-083D032E96B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{07D280EE-7999-4A2A-847F-7D75399AE66F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{07ECD44C-9F13-4247-B153-C4362838DFB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0958E338-DD24-4112-9D0C-9682F466007A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0B9ECAF0-3D92-4942-B497-733E946113C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0CEA2705-1DE7-4342-A8E4-C82A91A601DD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{0F37C3A6-F094-483C-B1D3-23AA181CEE33}" = protocol=6 | dir=out | app=system |

"{11CF722F-FD5B-4BB8-9BFA-F1723CEE58A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{19017126-E7D2-440C-93DE-8F39AEFE5DCC}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{1A2AE097-0521-47A8-83C3-01C77B9DEEFB}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |

"{1F1CAD90-E50D-48BA-B451-FC946BF980D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{1FC4CD72-C1DF-4456-B5E5-594DCE825725}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{20483FB7-FB03-4A66-9F5C-8A035DC579B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{265FCB06-39F8-41D7-8D9B-779A114E338D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2848482C-9CD0-4385-831A-77EDD41D5D61}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |

"{2AE0B982-12A6-4F2B-9A45-4926061EB4E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2C3C7ACA-0866-49C1-8798-65F672E15520}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{30634978-3FF4-4256-BAFB-45E2DFB69F1B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{31F4CB26-9B4D-4E8B-B303-39C4E0143976}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{3666BBFD-7E74-416B-943A-C31F901C19B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{3CE57559-9BFA-4016-ABC2-986457FB1795}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{3E193AC6-03D0-4186-89DE-4539717EBFA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{3F0C9A30-8CA8-4D7B-B58B-BC0F07436AFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{46951392-FBE7-496B-BFD3-C9F163153D9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{47485445-AA00-4AB8-A860-30DC9561E1C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{48ABD950-67B9-4323-8938-6AD0A502DED8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{48E7B99A-5E33-4C30-B12F-CA99C7207E7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4B901BFB-5BFE-49FD-8D0C-9621FF295C36}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |

"{4C085720-4A4D-4C8A-9702-B47676101748}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4CC97ECE-6325-411C-A40A-587CDF13473F}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |

"{4CDE193A-F9E3-4804-8EA4-81B907FBAADA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{52287FE3-ED04-4D59-BCB2-50C277AEBD6E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{52574672-6A0F-4B5B-8AE9-47A0A0078580}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{54C35502-28AB-4669-844E-787DA9ED48AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5644E427-781C-4DE0-AFC6-F5B579EEB5E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{56B7B90E-3D3E-4CEF-B4B1-129412C36DFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5ABE86BA-C25B-4101-B6D4-FCE85DE8329F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6394EB66-E216-461D-BD7A-F5D008CA3A67}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |

"{639EE666-0F11-430E-8FD4-086302566F5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{67C2214D-D701-48EA-8E72-A96DD6CF9D13}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{67E1D005-B556-49A9-8079-0F87C278544A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{6808FBCE-FABC-4274-A857-D04A4CA08232}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{6B0692BD-3634-4E0E-B034-7D039C7EADC0}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"{6C27078A-8C84-47E8-8671-EDE283A69B18}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{71B2ACE7-D760-41D3-BBCC-D973A1686275}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7520A5F7-C02A-444B-9847-E9539EF840DB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |

"{75B59E8F-A4BC-4165-8ECE-3A2CD09CFB5A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7BA09601-8933-4FFB-90D0-A6484E500165}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7C5311A6-E7A3-4691-BE94-A37329FADF60}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |

"{7DE2C06D-ED59-494B-9D2F-62062FC28584}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{7E7BE592-06A3-43FA-9335-7ACB2BC91F8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7FC1E34A-2166-48E4-84D3-1975A910B9BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7FD86F29-836D-450C-91F2-A77324146734}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{84CF4E04-FF77-4820-8692-197ECE2396C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{858BEFDC-AA19-4DFE-800D-0DE020D98891}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{87BB4140-8554-4D69-940E-E7B03F5ED6AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{87E84FD1-08FC-46C7-BD6C-B369A36C03A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{884702DF-C6E8-478A-B9D9-7B0885475D70}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{8B62C569-3F1A-4A49-9926-7C51947F314F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8F7E0082-1902-4254-BD23-5D27F666A1D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9076C225-65C6-422D-AE77-6FA59F226C79}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{95055C34-0AC8-48A4-906C-7A2668E5B2F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{987332AE-C2B4-4624-953D-823E31CD7C87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9A64CFF4-EA4C-4E1C-906B-304C1E099D85}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9AA95A92-BFB5-4586-99E7-8BBDC0C39316}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9C9B150B-09DF-44BA-ADC5-CB330A5CA04F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9F544D40-F5E5-42A5-96C5-6CD2F40F8235}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A34D862B-5515-4435-A436-49FBD7961989}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A75649A4-DAE6-48AF-8B22-1546C118FB71}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A96F210F-8220-4F05-BF0E-AEE2BC274D81}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A9ABB65E-579B-4B89-8705-EAAF08461161}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{AC426591-DB2A-483F-B424-D68CA38AA1F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B17488E8-7230-413D-AFA4-11BADEF7D6DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B4AA8D65-46C4-4F48-9338-D6CDA9D4CA25}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B915FEC5-0516-4B99-BE4C-184C9C10C5A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B957A2CF-49E3-4C4B-8009-53C6616E3FBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B9758730-39BB-4B68-816B-F9BAA2C1A734}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BA1232B6-49DC-4454-AB96-04553F9F7D45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BC14341E-1380-41FB-BEE1-8C306B5F24DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{BD272965-CA80-47A6-B4E5-AE6FF8F84F0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{BECCD53A-7C27-4665-ADF9-E772B7352AAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C2009F67-C328-462D-8136-C14FEF883112}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C245E6E2-B7F2-4273-93AC-7BAC103FC9D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C3C7C423-DB32-4AC9-8D57-782522C3D719}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C506B208-F4BB-4C9F-921C-51AECDEF9143}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C54D8313-1B1F-4C9B-94EE-37736FB0DCE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C73C7F71-CEC8-4D09-9485-E4227F866E9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CC4828FF-9405-4630-9B7E-8F377A310E23}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CE437FF8-E3FF-4A98-8DB5-3A81C8494A78}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CFD553D7-B618-4218-9C75-A87F2FFFEA9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D3C77578-7734-468C-8387-304F52805E38}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D81F88D7-339E-4B49-8465-54D7896CF44B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{DC684231-4101-47A8-8D38-92E407A0C2F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{DCEE72CC-BF09-4248-85C1-1025166D4C8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{DD506571-0908-47D1-BE88-57850E80C13C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{DDC064D8-4EF0-439B-B365-7C242CB28AB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{E094C403-C4EB-473C-8DA8-F7793628516A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{E9716C3C-D8D9-4238-8A23-0BFA0A79A404}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EA81F875-F44F-4F0D-9522-12EC06594D93}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F0602351-5137-4DC6-BFA7-1B4E04051F56}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"{F84CD45F-DC97-4C4A-9C51-16B7FB64E3F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{0E67C275-B223-458C-BFEA-8BF8E95CFF8E}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |

"TCP Query User{217FB986-8D1F-4B88-B77E-47628B79442E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{37C25495-3350-4787-AAA6-8D6DFDB4554F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{55FA6482-6FCF-4915-AF85-D6F9750DD83B}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |

"TCP Query User{6FA02861-8816-4C65-AE94-410043B4C2F9}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |

"TCP Query User{97147DC3-8F78-4440-A933-9F735FA803BA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |

"TCP Query User{9D69592F-1684-4FFA-99AC-71CF50650390}C:\users\planeo\desktop\quake3\quake3.exe" = protocol=6 | dir=in | app=c:\users\planeo\desktop\quake3\quake3.exe |

"TCP Query User{A19571E9-6388-4381-96BF-7DCCCE707B8C}C:\program files\valve\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\counter-strike source\hl2.exe |

"TCP Query User{A3CEE5A4-AABF-4C85-8FBC-B37FAAAF9B36}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{A48D18AF-DB62-4B4F-A6A6-FF99CF8D8BE5}C:\program files\railroad tycoon ii\rt2.exe" = protocol=6 | dir=in | app=c:\program files\railroad tycoon ii\rt2.exe |

"TCP Query User{CC02FF52-B5B0-49F0-9C62-9BB5C52C736A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |

"TCP Query User{D33A5B7E-CE5A-46DA-9D9C-9E432401054D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |

"TCP Query User{EF4CF17E-D24A-446C-AA61-0EF780708650}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"UDP Query User{06500A30-AD46-4FA2-A3B9-33438FAB7A28}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"UDP Query User{19E84FF4-13E9-452F-BDAB-10723D632EA7}C:\program files\railroad tycoon ii\rt2.exe" = protocol=17 | dir=in | app=c:\program files\railroad tycoon ii\rt2.exe |

"UDP Query User{3A43056E-D94D-43D0-9A37-B0A80CB7EAC4}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

"UDP Query User{4A4913D8-4B00-424C-8B30-77DF2652D844}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{4CE89C4F-9BD5-4016-8EB4-8FB3BA10AA20}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |

"UDP Query User{6AFEEADF-34E2-48B7-8D6C-79F10D1B60F3}C:\program files\valve\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\counter-strike source\hl2.exe |

"UDP Query User{6E249B85-CC15-46F7-9FA0-B3A007FA10CE}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |

"UDP Query User{8EF04E9E-1670-476B-AE95-3C8884D56ADC}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |

"UDP Query User{93DEB559-EF66-4910-9C36-3A4A27BBD4B8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

"UDP Query User{9D90C778-7CF6-4769-B5FB-1F3D90D6AFDA}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

"UDP Query User{B70AA90B-AA34-4AB5-9574-42B622853A37}C:\users\planeo\desktop\quake3\quake3.exe" = protocol=17 | dir=in | app=c:\users\planeo\desktop\quake3\quake3.exe |

"UDP Query User{CAADAA99-526E-4018-A5D2-BAE5E1777FC0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |

"UDP Query User{E558A1AA-A542-47C4-A88F-0793D2C1257C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Mozilla Firefox 17.0.1 (x86 cs)" = Mozilla Firefox 17.0.1 (x86 cs)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"VLC media player" = VLC media player 2.0.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

"szn-software-postak" = Seznam Pošťák 2 (Pouze já.)

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 29.1.2013 12:55:25 | Computer Name = Planeo-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 29.1.2013 12:55:25 | Computer Name = Planeo-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 29.1.2013 12:55:25 | Computer Name = Planeo-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 29.1.2013 12:55:25 | Computer Name = Planeo-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 29.1.2013 12:55:26 | Computer Name = Planeo-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 29.1.2013 12:55:26 | Computer Name = Planeo-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 29.1.2013 12:55:58 | Computer Name = Planeo-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 29.1.2013 12:55:58 | Computer Name = Planeo-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 29.1.2013 12:55:58 | Computer Name = Planeo-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 29.1.2013 12:55:58 | Computer Name = Planeo-PC | Source = Windows Search Service | ID = 3013

Description =

[ System Events ]

Error - 29.1.2013 12:52:25 | Computer Name = Planeo-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 29.1.2013 12:52:36 | Computer Name = Planeo-PC | Source = Service Control Manager | ID = 7023

Description =

Error - 29.1.2013 12:54:28 | Computer Name = Planeo-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 29.1.2013 12:54:28 | Computer Name = Planeo-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 29.1.2013 12:54:29 | Computer Name = Planeo-PC | Source = WMPNetworkSvc | ID = 866297

Description =

Error - 30.1.2013 6:23:40 | Computer Name = Planeo-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 30.1.2013 6:23:51 | Computer Name = Planeo-PC | Source = Service Control Manager | ID = 7023

Description =

Error - 30.1.2013 6:25:52 | Computer Name = Planeo-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 30.1.2013 6:25:52 | Computer Name = Planeo-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 30.1.2013 6:26:03 | Computer Name = Planeo-PC | Source = WMPNetworkSvc | ID = 866297

Description =

< End of report >

Link to post
Share on other sites

Good evening kasper. :)

You have the Ask Toolbar (AskBarDis) installed. I strongly recommend you remove the Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

I also notice that the Zynga Toolbar is installed. It has been known to exhibit suspicious activity (please see here for more information). I recommend removing this toolbar.

There is the BS Player Toolbar, which has shown questionable actions in the past (please see here for further information). I recommend removing this toolbar.

Further, I see the Gamers Unite! Snag Bar is present. It too has been known to show suspicious activity (please see here for more information). I recommend removing this toolbar also.

I noticed that the Conduit Engine is installed. This program is notorious because often when infections are present Conduit is too. I strongly recommend removing this program.

Please go to Start>Control Panel> Add or Remove Programs and remove the following programs (if present):

  • AskBarDis
  • BS Player Toolbar
  • Conduit Engine
  • Gamers Unite! Snag Bar
  • ICQ Toolbar
  • Zynga Toolbar

Please restart your computer after these program removals.

=====

Next, please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ahi2jhz1)
    [2013.01.11 18:30:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
    [2013.01.29 04:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
    O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\4925\toolbaru.dll (IE Toolbar)
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

Also, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

In your reply please provide the following contents:

  • OTL fix log.
  • AdwCleaner[R1].txt.

What issues remain on the computer?

Link to post
Share on other sites

OK friends have done work with OLT but have some problem with AdwCleaner we work work fine

OTL logfile created on: 30.1.2013 11:39:57 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Planeo\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19393)

Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,49 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 52,94% Memory free

3,23 Gb Paging File | 2,28 Gb Available in Paging File | 70,66% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 49,14 Gb Total Space | 6,71 Gb Free Space | 13,66% Space Free | Partition Type: NTFS

Drive D: | 48,98 Gb Total Space | 24,20 Gb Free Space | 49,41% Space Free | Partition Type: NTFS

Computer Name: PLANEO-PC | User Name: Planeo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.30 11:38:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Planeo\Desktop\OTL.exe

PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.04.11 10:54:22 | 003,672,384 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- D:\CDBurnerXP\NMSAccessU.exe

PRC - [2009.11.02 14:05:06 | 000,448,664 | ---- | M] () -- C:\Users\Planeo\AppData\Local\Seznam.cz\postak.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.24 16:01:13 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Planeo\AppData\Local\Temp\RtkBtMnt.exe

PRC - [2007.09.12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007.08.29 10:35:38 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2007.07.24 10:21:26 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007.06.13 15:56:18 | 000,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe

PRC - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2007.06.13 10:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2007.06.11 13:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe

PRC - [2007.05.24 13:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

PRC - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

PRC - [2007.04.25 15:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

PRC - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2007.04.23 08:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007.03.21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

PRC - [2005.12.20 14:39:32 | 000,094,208 | ---- | M] () -- C:\Windows\tsnpstd3.exe

========== Modules (No Company Name) ==========

MOD - [2012.10.05 11:59:08 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2012.10.05 11:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2012.10.05 11:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2012.08.31 12:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

MOD - [2011.12.27 03:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

MOD - [2009.11.02 14:05:06 | 000,448,664 | ---- | M] () -- C:\Users\Planeo\AppData\Local\Seznam.cz\postak.exe

MOD - [2009.11.02 14:04:52 | 000,704,664 | ---- | M] () -- C:\Users\Planeo\AppData\Local\Seznam.cz\email.2.dll

MOD - [2009.11.02 14:04:16 | 001,085,080 | ---- | M] () -- C:\Users\Planeo\AppData\Local\Seznam.cz\core.2.dll

MOD - [2009.04.13 13:39:02 | 007,331,840 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll

MOD - [2009.04.13 13:39:02 | 002,023,424 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

MOD - [2009.04.13 13:38:44 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2009.03.31 19:04:50 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.03.30 05:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2009.03.30 05:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2009.03.30 05:42:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

MOD - [2009.03.30 05:42:18 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

MOD - [2009.03.30 05:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2009.03.30 05:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

MOD - [2007.08.29 10:35:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll

MOD - [2007.08.29 10:34:34 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll

MOD - [2007.07.24 09:39:40 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll

MOD - [2007.06.28 17:50:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll

MOD - [2007.06.28 17:50:56 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\cs\eSettings.Plugin.resources.dll

MOD - [2007.06.28 17:50:38 | 000,011,264 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\cs\eSettings.Presenter.resources.dll

MOD - [2007.06.28 17:50:36 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll

MOD - [2007.06.28 17:50:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll

MOD - [2007.06.28 17:50:20 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll

MOD - [2007.06.13 15:56:36 | 000,249,856 | R--- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll

MOD - [2007.06.11 13:54:18 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll

MOD - [2007.05.24 08:53:32 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll

MOD - [2007.05.24 08:53:32 | 000,118,784 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\cs\eLockCTL.resources.dll

MOD - [2007.04.25 15:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll

MOD - [2007.04.25 15:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

MOD - [2007.04.11 15:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll

MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll

MOD - [2005.12.20 14:39:32 | 000,094,208 | ---- | M] () -- C:\Windows\tsnpstd3.exe

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)

SRV - [2013.01.11 18:34:50 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.01.09 20:33:23 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.09.12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007.09.12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2007.06.13 10:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)

SRV - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ahi2jhz1)

DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012.08.19 12:01:08 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012.07.15 20:02:35 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2007.06.21 07:40:04 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)

DRV - [2007.06.18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007.06.11 16:59:04 | 000,766,376 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)

DRV - [2007.04.11 09:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)

DRV - [2007.04.11 09:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)

DRV - [2007.01.30 21:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2006.12.05 13:26:00 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})

DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: - No CLSID value found

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PTV2&o=15851&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=H3&apn_dtid=YYYYYYYYCZ&apn_uid=4D1C726E-F582-4A99-BFDA-102AB1FCE7B6&apn_sauid=508D2D7E-56E1-4363-81B5-75FCDE877B11

IE - HKCU\..\SearchScopes\{3E268680-AF68-4212-8FD8-9FEA89962BDD}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"

FF - prefs.js..extensions.enabledAddons: %7Bafe43e80-0abc-4df2-81a0-3fe44b74abe8%7D:1.300.434

FF - prefs.js..extensions.enabledAddons: %7Bea614400-e918-4741-9a97-7a972ff7c30b%7D:2.5.14

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590

FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.306

FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.2.5.2

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Planeo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.28 19:43:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.11 18:31:27 | 000,000,000 | ---D | M]

[2008.08.16 12:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Planeo\AppData\Roaming\mozilla\Extensions

[2013.01.30 11:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Planeo\AppData\Roaming\mozilla\Firefox\Profiles\k6amfei8.default\extensions

[2010.07.01 17:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Planeo\AppData\Roaming\mozilla\Firefox\Profiles\k6amfei8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2013.01.30 11:25:51 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\Planeo\AppData\Roaming\mozilla\Firefox\Profiles\k6amfei8.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

[2011.04.03 09:48:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Planeo\AppData\Roaming\mozilla\Firefox\Profiles\k6amfei8.default\extensions\engine@conduit.com

[2013.01.04 18:28:48 | 000,580,185 | ---- | M] () (No name found) -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi

[2011.10.29 11:46:57 | 000,002,396 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\askcom.xml

[2010.11.23 12:02:32 | 000,000,921 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\conduit.xml

[2013.01.28 19:53:28 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-1.xml

[2011.06.26 13:52:37 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-10.xml

[2011.07.01 16:36:53 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-11.xml

[2011.08.18 08:59:38 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-12.xml

[2011.08.23 16:22:42 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-13.xml

[2011.09.14 15:13:19 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-14.xml

[2011.10.06 23:11:43 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-15.xml

[2011.11.10 18:59:12 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-16.xml

[2009.04.22 19:54:11 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-2.xml

[2009.05.01 10:41:32 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-3.xml

[2009.06.14 16:00:58 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-4.xml

[2009.07.30 04:33:39 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-5.xml

[2009.08.09 13:26:05 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-6.xml

[2009.08.09 15:08:49 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-7.xml

[2011.04.08 18:00:02 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-8.xml

[2011.05.08 09:41:31 | 000,000,950 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin-9.xml

[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\k6amfei8.default\searchplugins\icqplugin.xml

[2013.01.28 19:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013.01.11 18:30:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2013.01.28 19:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions

[2013.01.28 19:43:23 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

[2013.01.29 04:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions

[2013.01.29 04:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.11.29 12:32:34 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml

[2012.11.29 12:32:34 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml

[2012.11.29 12:32:34 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml

[2012.11.29 12:32:34 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml

[2012.11.29 12:32:35 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage:

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Planeo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Planeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Planeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_2\

CHR - Extension: Stylish = C:\Users\Planeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.0_0\

CHR - Extension: Gmail = C:\Users\Planeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\4925\toolbaru.dll (IE Toolbar)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer Tour] File not found

O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)

O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [setPanel] C:\Acer\APanel\APanel.cmd File not found

O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Acer Tour Reminder] File not found

O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [seznam Postak] C:\Users\Planeo\AppData\Local\Seznam.cz\postak.exe ()

O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - D:\office\Office10\EXCEL.EXE (Microsoft Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{202A32AC-1BED-47A1-89AB-3A2B8781C00E}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82B9EFE9-1B87-4748-8B2B-910FBC198A87}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD2EE0F9-F4B7-458A-8771-6C55897E8BBE}: DhcpNameServer = 10.0.0.138

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Planeo\Pictures\13AFZ-3Hp.jpg

O24 - Desktop BackupWallPaper: C:\Users\Planeo\Pictures\13AFZ-3Hp.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{4d9295e5-fa4a-11df-bbda-e1cfef49471b}\Shell - "" = AutoRun

O33 - MountPoints2\{4d9295e5-fa4a-11df-bbda-e1cfef49471b}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{4d9295e5-fa4a-11df-bbda-e1cfef49471b}\Shell\dinstall\command - "" = F:\Quake3\directx7\dxsetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.01.30 11:38:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Planeo\Desktop\OTL.exe

[2013.01.29 18:07:23 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Planeo\Desktop\dds.exe

[2013.01.11 18:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013.01.09 19:28:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2013.01.09 19:28:40 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.02.22 19:36:58 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Planeo\SkypeSetup(2).exe

[2011.02.06 19:59:22 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Users\Planeo\setup(2).exe

[2011.02.06 19:57:06 | 024,269,344 | ---- | C] (Microsoft) -- C:\Users\Planeo\dotnetfx(2).exe

[2011.01.29 11:37:16 | 001,903,616 | ---- | C] (Microsoft Corporation) -- C:\Users\Planeo\setup.exe

[2011.01.29 11:35:51 | 024,269,344 | ---- | C] (Microsoft) -- C:\Users\Planeo\dotnetfx.exe

[2009.05.03 15:31:20 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Users\Planeo\wmpfirefoxplugin.exe

[2009.05.03 15:30:00 | 000,163,256 | ---- | C] (Microsoft Corporation) -- C:\Users\Planeo\np-mswmp.dll

========== Files - Modified Within 30 Days ==========

[2013.01.30 11:38:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Planeo\Desktop\OTL.exe

[2013.01.30 11:25:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.01.30 11:25:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.01.30 11:23:31 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2013.01.30 11:23:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.01.29 18:07:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Planeo\Desktop\dds.exe

[2013.01.28 19:50:28 | 097,565,024 | ---- | M] () -- C:\Users\Planeo\Desktop\avast_free_antivirus_setup(1).exe

[2013.01.28 19:43:42 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013.01.21 22:16:39 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013.01.19 00:53:22 | 102,315,992 | ---- | M] () -- C:\Users\Planeo\Desktop\avast_free_antivirus_setup.exe

[2013.01.18 23:51:29 | 000,629,592 | ---- | M] () -- C:\Windows\System32\perfh005.dat

[2013.01.18 23:51:29 | 000,605,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.01.18 23:51:29 | 000,127,914 | ---- | M] () -- C:\Windows\System32\perfc005.dat

[2013.01.18 23:51:29 | 000,108,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.01.18 22:58:56 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.01.18 22:44:17 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.01.18 22:37:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2013.01.18 22:34:16 | 135,192,492 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013.01.16 21:28:08 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.01.10 11:08:45 | 000,298,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013.01.09 20:31:50 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013.01.09 20:31:48 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013.01.09 14:01:50 | 000,101,376 | ---- | M] () -- C:\Users\Planeo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.01.09 14:01:46 | 001,056,417 | ---- | M] () -- C:\Users\Planeo\Desktop\DSC_0005.JPG

[2013.01.09 14:01:42 | 001,052,023 | ---- | M] () -- C:\Users\Planeo\Desktop\DSC_0004.JPG

========== Files Created - No Company Name ==========

[2013.01.28 19:47:45 | 097,565,024 | ---- | C] () -- C:\Users\Planeo\Desktop\avast_free_antivirus_setup(1).exe

[2013.01.28 19:43:42 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013.01.19 00:51:59 | 102,315,992 | ---- | C] () -- C:\Users\Planeo\Desktop\avast_free_antivirus_setup.exe

[2013.01.09 14:01:46 | 001,056,417 | ---- | C] () -- C:\Users\Planeo\Desktop\DSC_0005.JPG

[2013.01.09 14:01:42 | 001,052,023 | ---- | C] () -- C:\Users\Planeo\Desktop\DSC_0004.JPG

[2011.11.24 14:54:38 | 000,000,837 | ---- | C] () -- C:\Users\Planeo\.recently-used.xbel

[2011.05.19 18:58:07 | 000,385,317 | ---- | C] () -- C:\Users\Planeo\domaci pekarna manual.pdf

[2011.03.21 18:13:59 | 000,637,784 | ---- | C] () -- C:\Users\Planeo\MOV0002A.avi

[2011.01.29 11:46:07 | 000,000,094 | ---- | C] () -- C:\Users\Planeo\AppData\Local\fusioncache.dat

[2010.10.12 20:12:19 | 000,153,318 | ---- | C] () -- C:\Users\Planeo\Email0117.TIF

[2009.08.09 13:11:42 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008.05.05 14:56:04 | 000,005,000 | ---- | C] () -- C:\Users\Planeo\AppData\Local\d3d9caps.dat

[2008.04.03 20:12:30 | 000,101,376 | ---- | C] () -- C:\Users\Planeo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.03.05 22:54:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2008.02.10 12:10:01 | 000,008,595 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >

[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2007.09.05 20:16:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2009.02.04 21:03:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2005.08.16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe

[2006.11.29 16:35:22 | 000,000,512 | ---- | M] () -- C:\MDR.iss

[2009.02.04 21:03:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2013.01.30 11:22:57 | 1914,048,512 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto >

< Update\Results\Install|LastSuccessTime /rs >

< End of report >

Link to post
Share on other sites

Good morning kasper,

You posted a fresh log from OTL, but what I need to see is the fix log it produced please.

What is the issue with AdwCleaner?

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.5.7 (01.30.2013:4)

OS: Windows Vista Home Premium x86

Ran by Planeo on so 02.02.2013 at 15:36:49,42

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{855f3b16-6d32-4fe6-8a56-bbb695989046}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\gamesbar"

Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"

Successfully deleted: [Folder] "C:\Program Files\icqtoolbar"

~~~ FireFox

Emptied folder: C:\Users\Planeo\AppData\Roaming\mozilla\firefox\profiles\ihu5be2h.default-1359652055765\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on so 02.02.2013 at 15:44:27,74

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

hi TheDarkKnight how do you do today ? I tray cobofix I and have success

ComboFix 13-02-03.03 - Planeo 03.02.2013 20:52:13.1.1 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1525.615 [GMT 1:00]

Spuštěný z: c:\users\Planeo\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Planeo\Objednavkovy list - aktualizace k 17.6.11 - PC verze .xls

c:\windows\security\Database\tmp.edb

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Soubory vytvořené od 2013-01-03 do 2013-02-03 )))))))))))))))))))))))))))))))

.

.

2013-02-03 20:05 . 2013-02-03 20:06 -------- d-----w- c:\users\Planeo\AppData\Local\temp

2013-02-03 20:05 . 2013-02-03 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-02 14:36 . 2013-02-02 14:36 -------- d-----w- c:\windows\ERUNT

2013-02-02 14:36 . 2013-02-02 14:36 -------- d-----w- C:\JRT

2013-01-31 20:56 . 2013-01-31 20:56 -------- d-----w- c:\program files\CCleaner

2013-01-31 19:46 . 2013-01-31 19:46 -------- d-----w- c:\program files\TeamViewer

2013-01-31 17:18 . 2013-01-31 17:18 -------- d-----w- C:\_OTL

2013-01-18 21:47 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB23A608-1A91-4CCD-9735-E08A37B0234C}\mpengine.dll

2013-01-18 21:45 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30501050-33AF-4E21-A713-12F7C3DEA019}\mpengine.dll

2013-01-18 21:40 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA09BF0A-7F2D-4312-BB29-A39588385D16}\mpengine.dll

2013-01-18 21:34 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9C79D7C-F445-4798-9910-C302699030F2}\mpengine.dll

2013-01-16 17:04 . 2013-01-16 17:04 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC3143E4-C8EE-448D-B198-D119CB7971F8}\offreg.dll

2013-01-15 17:35 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC3143E4-C8EE-448D-B198-D119CB7971F8}\mpengine.dll

2013-01-09 18:28 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 18:28 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 18:24 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 19:31 . 2012-08-06 18:29 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-09 19:31 . 2011-12-03 19:33 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 13:12 . 2012-12-21 17:18 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 10:50 . 2012-12-21 17:18 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:29 . 2012-12-12 13:07 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 10:42 . 2012-12-12 13:08 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-09 10:37 . 2012-12-12 13:08 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-09 10:36 . 2012-12-12 13:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-09 10:36 . 2012-12-12 13:08 71680 ----a-w- c:\windows\system32\iesetup.dll

2012-11-09 10:36 . 2012-12-12 13:08 109056 ----a-w- c:\windows\system32\iesysprep.dll

2012-11-09 09:01 . 2012-12-12 13:08 385024 ----a-w- c:\windows\system32\html.iec

2012-11-09 07:13 . 2012-12-12 13:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-09 07:11 . 2012-12-12 13:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-04-13 2387968]

"Seznam Postak"="c:\users\Planeo\AppData\Local\Seznam.cz\postak.exe" [2009-11-02 448664]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-08-31 772616]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]

"Skytel"="Skytel.exe" [2007-04-13 1822720]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-9-5 535336]

Microsoft Office.lnk - d:\office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-04-13 13:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-12 13:26 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Obsah adresáře 'Naplánované úlohy'

.

2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 19:33]

.

2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 22:31]

.

2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 22:31]

.

.

------- Doplňkový sken -------

.

uStart Page = hxxp://start.icq.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://cs.intl.acer.yahoo.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

IE: E&xportovat do aplikace Microsoft Excel - d:\office\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.138

.

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

.

HKCU-Run-Acer Tour Reminder - (no file)

HKLM-Run-Acer Tour - (no file)

HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd

HKLM-Run-eRecoveryService - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-03 21:06

Windows 6.0.6002 Service Pack 2 NTFS

.

skenování skrytých procesů ...

.

skenování skrytých položek 'Po spuštění' ...

.

skenování skrytých souborů ...

.

sken byl úspešně dokončen

skryté soubory: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

.

--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Celkový čas: 2013-02-03 21:10:14

ComboFix-quarantined-files.txt 2013-02-03 20:09

.

Před spuštěním: 5 606 137 856

Po spuštění: 5 540 089 856

.

- - End Of File - - 76D5917B8236979A9031A6BE57DCEE5F

Link to post
Share on other sites

Good morning kasper,

I am well thank you. I trust things are safe on your end. :)

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Are there any current issues on the computer?

Link to post
Share on other sites

Hey kasper. :)

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

And AdwCleaner:

  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

Right-click the Recycle Bin and please select Empty Recycle Bin.

=====

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.