Dobrý den,
asi před týdnem jsem měl zavirovaný počítač. Problém jsem vyřešil obnovou systému do předchozího stavu. Poté jsem stáhl SUPERAntiSpyware, který našel ještě nějakou havěť.
Prosím, tedy o kontrolu, jestli v PC něco nezůstalo.
Předem děkuji a tady je RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by eliška at 2012-09-19 16:11:15
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 53 GB (34%) free of 153 GB
Total RAM: 3071 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:11:40, on 19.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\eliška\Downloads\RSIT.exe
C:\Program Files\trend micro\eliška.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112059 ... 11d86b8ca8
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\eliška\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 4418 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=112059 ... 86b8ca8&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33]
"Description"=
"Path"=C:\Windows\system32\npdeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\extensions\
cs@dictionaries.addons.mozilla.org
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\searchplugins\
sfd.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-06-17 329480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-06-17 59144]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-19 336384]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Google Update"=C:\Users\eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-09-06 4780928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.FMVC"=fmcodec.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-09-19 16:02:00 ----D---- C:\Program Files\trend micro
2012-09-19 16:01:59 ----D---- C:\rsit
2012-09-18 19:03:24 ----SHD---- C:\Config.Msi
2012-09-14 11:19:36 ----D---- C:\ProgramData\Cone Layout
2012-09-14 11:19:35 ----D---- C:\Program Files\Cone Layout
2012-09-13 20:50:04 ----D---- C:\Program Files\Mozilla Firefox
2012-09-13 18:12:12 ----D---- C:\Users\eliška\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 18:08:50 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-09-13 18:08:50 ----D---- C:\Program Files\SUPERAntiSpyware
2012-09-13 14:08:41 ----A---- C:\Windows\system32\AUDIOGENIE2.DLL
2012-09-13 14:08:11 ----D---- C:\Windows\Replay Media Catcher
2012-09-13 13:57:28 ----D---- C:\ProgramData\Applian
2012-09-12 11:36:26 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 11:36:26 ----A---- C:\Windows\system32\drivers\netio.sys
2012-09-12 11:36:26 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 11:36:24 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 11:36:24 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-09-12 11:35:55 ----A---- C:\Windows\system32\d3d10level9.dll
2012-09-11 17:08:39 ----D---- C:\ProgramData\Babylon
2012-09-11 17:08:38 ----D---- C:\Users\eliška\AppData\Roaming\Babylon
2012-09-10 18:26:40 ----D---- C:\ProgramData\RegRun
2012-09-10 18:26:27 ----RASHOT---- C:\Windows\winstart.bat
2012-08-29 19:40:36 ----D---- C:\Program Files\SimBin
2012-08-23 19:32:37 ----D---- C:\ProgramData\iWin
2012-08-23 19:20:42 ----D---- C:\Users\eliška\AppData\Roaming\Thinstall
2012-08-23 17:48:12 ----A---- C:\Windows\wininit.ini
2012-08-20 10:13:39 ----D---- C:\Windows\cs
2012-08-20 10:12:59 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-08-20 10:11:36 ----D---- C:\Program Files\Windows Live
2012-08-20 10:04:19 ----D---- C:\Program Files\aTube Catcher 2.0
2012-08-20 10:02:57 ----D---- C:\ProgramData\Ask
======List of files/folders modified in the last 1 month======
2012-09-19 16:11:39 ----D---- C:\Windows\Temp
2012-09-19 16:02:00 ----RD---- C:\Program Files
2012-09-19 11:46:00 ----D---- C:\Windows\system32\config
2012-09-18 20:02:34 ----SHD---- C:\System Volume Information
2012-09-18 19:03:35 ----SHD---- C:\Windows\Installer
2012-09-18 11:05:29 ----D---- C:\Windows\inf
2012-09-16 21:05:29 ----D---- C:\Windows\System32
2012-09-16 21:05:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-09-14 11:19:36 ----HD---- C:\ProgramData
2012-09-14 09:36:49 ----D---- C:\Windows
2012-09-14 09:36:38 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-09-13 18:14:58 ----D---- C:\Windows\Tasks
2012-09-13 18:14:58 ----D---- C:\Windows\system32\Tasks
2012-09-13 14:25:38 ----D---- C:\Windows\SoftwareDistribution
2012-09-13 14:24:18 ----D---- C:\Windows\debug
2012-09-13 14:03:53 ----D---- C:\Windows\system32\DriverStore
2012-09-13 14:03:53 ----D---- C:\Windows\system32\catroot
2012-09-13 14:03:39 ----D---- C:\Windows\system32\drivers
2012-09-12 13:35:55 ----D---- C:\Windows\winsxs
2012-09-12 11:39:52 ----D---- C:\ProgramData\Microsoft Help
2012-09-12 11:37:27 ----A---- C:\Windows\system32\MRT.exe
2012-09-12 11:37:09 ----D---- C:\Windows\system32\catroot2
2012-09-10 19:19:31 ----D---- C:\Windows\system32\LogFiles
2012-09-10 19:16:53 ----D---- C:\Windows\system32\wfp
2012-09-10 19:16:52 ----D---- C:\Users\eliška\AppData\Roaming\GHISLER
2012-09-10 19:16:48 ----RSHD---- C:\install
2012-09-10 19:16:47 ----D---- C:\Users\eliška\AppData\Roaming\uTorrent
2012-09-10 19:16:46 ----D---- C:\Windows\registration
2012-09-10 18:42:29 ----D---- C:\Program Files\Hry
2012-09-08 22:17:11 ----HD---- C:\Program Files\InstallShield Installation Information
2012-09-08 11:52:21 ----D---- C:\Ruzne
2012-09-03 20:12:36 ----D---- C:\Windows\Prefetch
2012-09-03 16:35:02 ----D---- C:\Users\eliška\AppData\Roaming\DAEMON Tools Lite
2012-09-03 16:34:29 ----D---- C:\Windows\Logs
2012-08-29 22:10:59 ----RSD---- C:\Windows\assembly
2012-08-23 18:48:33 ----D---- C:\Program Files\RegCleaner
2012-08-23 18:37:18 ----D---- C:\Program Files\CCleaner
2012-08-22 19:35:46 ----D---- C:\Program Files\Google
2012-08-21 11:12:23 ----A---- C:\Windows\system32\aswBoot.exe
2012-08-20 10:12:08 ----SD---- C:\ProgramData\Microsoft
2012-08-20 10:11:19 ----D---- C:\Program Files\Common Files\microsoft shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-02-26 436792]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-08-21 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-08-21 58680]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-05-22 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-05-22 25888]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-17 239168]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
S0 Partizan;Partizan; C:\Windows\system32\drivers\Partizan.sys []
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2006-07-05 59256]
S0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\Windows\System32\drivers\sfsync02.sys [2006-07-10 27032]
S3 a0ixsk2t;a0ixsk2t; C:\Windows\system32\drivers\a0ixsk2t.sys []
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys [2009-11-06 106880]
S3 AF15BDA;AF9015 BDA Device; C:\Windows\system32\DRIVERS\AF15BDA.sys [2009-06-03 483200]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-20 176128]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 1713904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-22 116648]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-22 116648]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu - PC bylo zavirované
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kontrolu - PC bylo zavirované
Zdravím. 
Vydrž minutku, na logu se intenzivně pracuje.
Vydrž minutku, na logu se intenzivně pracuje.
-
-
- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kontrolu - PC bylo zavirované
Teď už je při scanu SUPERAntiSpyware čisto? Dal jsi nálezy odstranit?
Pokud jsi tak neučinil, zruš u SUPERAntiSpyware spouštění po startu systému (to pravděpodobně zrušeno máš) a zruš u něj rezidentní ochranu. Vidím tam zbytky po Babylon Toolbar a Ask.com Toolbar, to pak dočistím. Udělej mi scan programem MBAM podle návodu níže. Při jeho instalaci také zruš (pokud bude nastaveno) spouštění po startu systému a rezidentní ochranu - mohl by se Ti tlouct s antivirem. Takže stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.
- Proveď aktualizaci virové databáze.
- V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
- Předem nic nemaž!!
- MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Prosím o kontrolu - PC bylo zavirované
Ano druhý scan SUPERAntiSpywarem už nic nenašel. Rezidentní kontorlu i spouštění po startu mám zakázanou.
MBAM našel 4 oběkty
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Verze databáze: v2012.09.20.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
eliška :: DOMACIPC [administrátor]
20.9.2012 9:41:17
mbam-log-2012-09-20 (11-08-02).txt
Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 333116
Uplynulý čas: 1 hodin, 15 minut, 57 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 3
C:\System Volume Information\_restore{79EB05FE-041E-42DB-8304-46E0BDD339F9}\RP8\A0000843.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{79EB05FE-041E-42DB-8304-46E0BDD339F9}\RP8\A0000845.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\Users\eliška\Local Settings\TempDIR\BETTERINSTALLER.EXE (PUP.BundleInstaller.Somoto) -> Žádná instrukce nebyla provedena.
(konec)
MBAM našel 4 oběkty
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Verze databáze: v2012.09.20.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
eliška :: DOMACIPC [administrátor]
20.9.2012 9:41:17
mbam-log-2012-09-20 (11-08-02).txt
Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 333116
Uplynulý čas: 1 hodin, 15 minut, 57 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 3
C:\System Volume Information\_restore{79EB05FE-041E-42DB-8304-46E0BDD339F9}\RP8\A0000843.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{79EB05FE-041E-42DB-8304-46E0BDD339F9}\RP8\A0000845.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\Users\eliška\Local Settings\TempDIR\BETTERINSTALLER.EXE (PUP.BundleInstaller.Somoto) -> Žádná instrukce nebyla provedena.
(konec)
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kontrolu - PC bylo zavirované
Super, to je dobře.Tyris píše:Ano druhý scan SUPERAntiSpywarem už nic nenašel. Rezidentní kontorlu i spouštění po startu mám zakázanou.
Všechny nálezy, co MBAM našel dej smazat. Podle tohoto návodu vypni body obnovy pro svůj počítač, dej restart (ony se smáznou) a pak si je zase stejným postupem zapni. V těch starých máš totiž havěť. Potom MBAM zase odinstaluj prosím, v PC už je zbytečný. A až to všechno provedeš, tak stáhni OTL z tohoto odkazu a ulož jej na Plochu.
- Pokud používáš operační systém Windows Vista či Windows 7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
- Zkontroluj, zda-li není zaškrtnutý čtvereček Pro 64 bitové OS. Měl by zůstat nezaškrtnutý.
- Zaškrtni okénko Pro všechny uživatele.
- Zaškrtni okénko Kontrola na havěť "LOP".
- Zaškrtni okénko Kontrola na havěť "Purity".
- Stáři souborů změň z 30 dnů na 7 dnů!!
- Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli!):
Kód: Vybrat vše
CREATERESTOREPOINT
netsvc
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
%userprofile%\Plocha\*.*
%userprofile%\Desktop\*.*
%ALLUSERSPROFILE%\Plocha\*.*
%ALLUSERSPROFILE%\Desktop\*.*
*crack* /s
*keygen* /s
*loader* /s
*RemoveWAT* /s
*minodlogin* /s
*tnod* /s
*TemDono* /s
*AutoKMS* /s
*KMSEmulator* /s
*activator* /s
*serial* /s
*w7lxe* /s
*AutoRearm* /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s
%SystemDrive%\PhysicalMBR.bin /md5- Klikni na tlačítko [Prohledat].
- Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
- Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Prosím o kontrolu - PC bylo zavirované
Tak jsem provedl všechno podle návodu co jste napsal.
OTL logfile created on: 20.9.2012 14:01:04 - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\eliška\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,32% Memory free
5,99 Gb Paging File | 5,05 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 56,16 Gb Free Space | 37,68% Space Free | Partition Type: NTFS
Drive D: | 74,52 Gb Total Space | 47,34 Gb Free Space | 63,52% Space Free | Partition Type: NTFS
Computer Name: DOMACIPC | User Name: eliška | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.09.20 13:57:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\eliška\Desktop\OTL.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.04.20 04:04:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.04.20 04:04:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2012.08.30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Users\eliška\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012.08.30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Users\eliška\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012.08.30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Users\eliška\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012.08.30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Users\eliška\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012.08.30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Users\eliška\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2011.03.02 12:40:52 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2012.09.13 20:50:18 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.04.20 04:04:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.05.22 09:41:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (anygzt6h)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.02.26 14:08:41 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.12.17 19:54:45 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.22 19:42:43 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.05.22 19:42:43 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.04.20 04:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.04.20 03:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.12.18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.11.06 04:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.06.18 20:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
DRV - [2009.06.03 00:57:34 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009.02.24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... earchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112059 ... 11d86b8ca8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTer ... 11d86b8ca8
IE - HKCU\..\SearchScopes\{399a1442-7377-49e7-8d77-6dc9ed5968c1}: "URL" = http://www.zbozi.cz/?q={searchTerms}&so ... earch_6826
IE - HKCU\..\SearchScopes\{5cf5d387-d87c-4408-9a6b-301b0713d62a}: "URL" = http://www.mapy.cz/?query={searchTerms} ... earch_6826
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689: "URL" = http://search.seznam.cz/?q={searchTerms ... earch_6826
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcSe ... -94D4-4689
IE - HKCU\..\SearchScopes\{8172f457-818d-46db-941f-2bbe53e156af}: "URL" =
IE - HKCU\..\SearchScopes\{eb97f7df-1773-4916-aae6-5af74da8c69d}: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... earchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: cs@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112059 ... 86b8ca8&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\eliška\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\eliška\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.13 20:50:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 20:50:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.13 20:50:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 20:50:09 | 000,000,000 | ---D | M]
[2011.05.19 10:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eliška\AppData\Roaming\Mozilla\Extensions
[2012.09.16 20:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\extensions
[2012.09.16 20:12:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.24 09:34:33 | 000,000,000 | ---D | M] (ÄŚeskĂ© slovnĂky pro kontrolu pravopisu) -- C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\extensions\cs@dictionaries.addons.mozilla.org
[2012.07.25 21:51:59 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.09.03 19:32:04 | 000,001,645 | ---- | M] () -- C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\searchplugins\sfd.xml
[2012.09.13 20:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.09.13 20:50:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\ELIšKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVHDUI9K.DEFAULT\EXTENSIONS\CS@DICTIONARIES.ADDONS.MOZILLA.ORG
[2012.09.13 20:50:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.11 17:09:57 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 02:05:40 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.06.15 02:05:40 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.06.15 02:05:40 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.06.15 02:05:41 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.06.15 02:05:41 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
========== Chrome ==========
CHR - homepage: http://www.seznam.cz/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.seznam.cz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\eli\u0161ka\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\eli\u0161ka\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\eli\u0161ka\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\eli\u0161ka\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: FlashBlock = C:\Users\eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.12_0\
CHR - Extension: AdBlock = C:\Users\eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: SearchPreview = C:\Users\eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\2.7_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4F02F10-47A5-444D-85CD-CC97A48B530C}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.26 21:18:27 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1bfb1620-28d8-11e1-857d-d70c50411580}\Shell - "" = AutoRun
O33 - MountPoints2\{1bfb1620-28d8-11e1-857d-d70c50411580}\Shell\AutoRun\command - "" = G:\GTL_Setup_EGFIS.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.09.20 13:57:38 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\eliška\Desktop\OTL.exe
[2012.09.20 09:40:12 | 000,000,000 | ---D | C] -- C:\Users\eliška\AppData\Roaming\Malwarebytes
[2012.09.20 09:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.20 09:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.19 16:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.09.19 16:01:59 | 000,000,000 | ---D | C] -- C:\rsit
[2012.09.18 19:03:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.14 18:27:14 | 000,000,000 | ---D | C] -- C:\Users\eliška\dwhelper
[2012.09.14 11:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cone Layout
[2012.09.14 11:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Cone Layout
[2012.09.13 20:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.13 18:15:35 | 000,000,000 | ---D | C] -- C:\Users\eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.13 18:12:12 | 000,000,000 | ---D | C] -- C:\Users\eliška\AppData\Roaming\SUPERAntiSpyware.com
[2012.09.13 18:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.09.13 18:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.09.13 18:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.09.13 14:10:49 | 000,000,000 | ---D | C] -- C:\Users\eliška\Documents\My Recordings
[2012.09.13 14:08:41 | 000,323,584 | ---- | C] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL
[2012.09.13 14:08:11 | 000,000,000 | ---D | C] -- C:\Windows\Replay Media Catcher
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2012.09.20 14:04:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.09.20 14:02:39 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 14:02:39 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 13:57:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\eliška\Desktop\OTL.exe
[2012.09.20 13:53:28 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.20 13:53:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.20 13:45:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.20 13:41:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job
[2012.09.18 20:31:44 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2012.09.16 21:05:29 | 003,219,322 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.09.16 21:05:29 | 001,534,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.16 21:05:29 | 001,003,582 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.09.16 21:05:29 | 000,959,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.16 09:30:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job
[2012.09.13 23:48:24 | 000,001,373 | ---- | M] () -- C:\Users\eliška\Desktop\Filmy Amina.lnk
[2012.09.13 18:22:20 | 000,007,600 | ---- | M] () -- C:\Users\eliška\AppData\Local\Resmon.ResmonCfg
[2012.09.13 14:15:44 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.20 14:04:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.09.13 18:14:58 | 000,000,966 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job
[2012.09.13 18:14:55 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job
[2012.08.23 17:48:12 | 000,000,065 | ---- | C] () -- C:\Windows\wininit.ini
[2012.08.23 15:12:00 | 000,000,292 | ---- | C] () -- C:\Users\eliška\.JavaPowUpload.properties
[2012.07.14 15:59:06 | 000,000,777 | ---- | C] () -- C:\Windows\CoD.INI
[2012.01.14 20:21:04 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011.07.15 14:55:39 | 000,150,824 | ---- | C] () -- C:\Windows\SETUPDK2.EXE
[2011.06.25 20:46:13 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\06F4E299A7.dll
[2011.06.16 15:53:02 | 000,000,031 | ---- | C] () -- C:\Windows\bluevoda.ini
[2011.06.09 11:54:58 | 000,007,600 | ---- | C] () -- C:\Users\eliška\AppData\Local\Resmon.ResmonCfg
[2011.06.08 21:32:43 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.05.26 19:44:36 | 000,000,265 | ---- | C] () -- C:\Windows\cncscore.ini
[2011.05.23 11:12:28 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.05.22 19:42:43 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.05.22 19:42:43 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.05.20 09:47:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.28 23:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2005.10.18 10:07:39 | 000,011,311 | -H-- | C] () -- C:\Users\eliška\AppData\Roaming\eliškalog.dat
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
========== LOP Check ==========
[2012.09.11 17:08:38 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Babylon
[2012.06.21 13:49:21 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.09.03 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\DAEMON Tools Lite
[2012.09.10 19:16:52 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\GHISLER
[2011.05.20 11:49:46 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Leadertech
[2011.05.25 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2011.06.04 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2012.02.05 18:48:11 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Red Alert 3
[2012.03.25 17:14:12 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Rovio
[2012.08.23 19:20:42 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Thinstall
[2011.05.22 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Ubisoft
[2012.09.10 19:16:47 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< netsvc >
[2009.07.14 06:53:46 | 000,032,562 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.08.22 19:35:16 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.08.22 19:35:17 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.13 18:14:55 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job
[2012.09.13 18:14:58 | 000,000,966 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.09.29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2012.08.22 19:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2012.03.30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011.09.29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011.09.29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011.06.21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2012.08.22 19:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\System32\drivers\tcpip.sys
[2012.08.22 19:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011.06.21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011.06.21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012.03.30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< %systemroot%*.* /U /s >
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.05.20 09:46:05 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Adobe
[2011.05.19 09:28:01 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\ATI
[2012.09.11 17:08:38 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Babylon
[2012.06.21 13:49:21 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.09.03 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\DAEMON Tools Lite
[2011.07.15 16:13:12 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\DivX
[2012.09.10 19:16:52 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\GHISLER
[2011.05.19 09:27:24 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Identities
[2011.05.20 11:49:46 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Leadertech
[2011.05.19 09:40:45 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Macromedia
[2012.09.20 09:40:12 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Malwarebytes
[2009.07.14 11:20:15 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Media Center Programs
[2012.02.17 18:00:29 | 000,000,000 | --SD | M] -- C:\Users\eliška\AppData\Roaming\Microsoft
[2011.05.19 10:32:23 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Mozilla
[2011.05.25 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2011.06.04 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2012.02.05 18:48:11 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Red Alert 3
[2012.03.25 17:14:12 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Rovio
[2012.04.08 13:42:45 | 000,000,000 | RH-D | M] -- C:\Users\eliška\AppData\Roaming\SecuROM
[2012.09.13 18:12:12 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\SUPERAntiSpyware.com
[2012.08.23 19:20:42 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Thinstall
[2011.05.22 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Ubisoft
[2012.09.10 19:16:47 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\uTorrent
[2011.05.20 09:04:06 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2011.10.29 17:15:24 | 000,010,134 | R--- | M] () -- C:\Users\eliška\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.06.08 19:49:30 | 000,077,542 | R--- | M] () -- C:\Users\eliška\AppData\Roaming\Microsoft\Installer\{E4DA3403-9797-2600-2A09-C06429FDE753}\ARPPRODUCTICON.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job >
[2012.09.20 13:53:28 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.09.20 13:45:00 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.16 09:30:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job
[2012.09.20 13:41:00 | 000,000,966 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.02.26 14:08:41 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.09.20 14:09:48 | 000,013,456 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 14:09:48 | 000,013,456 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %userprofile%\Plocha\*.* >
< %userprofile%\Desktop\*.* >
[2011.06.07 09:42:57 | 000,001,096 | ---- | M] () -- C:\Users\eliška\Desktop\Angry Birds.lnk
[2012.07.18 09:23:13 | 000,000,552 | -HS- | M] () -- C:\Users\eliška\Desktop\desktop.ini
[2012.09.13 23:48:24 | 000,001,373 | ---- | M] () -- C:\Users\eliška\Desktop\Filmy Amina.lnk
[2011.05.19 12:22:39 | 000,000,610 | ---- | M] () -- C:\Users\eliška\Desktop\FreeCell.lnk
[2011.05.19 12:22:13 | 000,000,879 | ---- | M] () -- C:\Users\eliška\Desktop\Hudba.lnk
[2011.05.19 12:16:46 | 000,000,376 | ---- | M] () -- C:\Users\eliška\Desktop\Minesweeper.lnk
[2012.09.20 13:57:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\eliška\Desktop\OTL.exe
[2012.02.17 17:07:28 | 000,001,054 | ---- | M] () -- C:\Users\eliška\Desktop\Zuma Deluxe.lnk
[2012.08.23 19:32:08 | 000,002,022 | ---- | M] () -- C:\Users\eliška\Desktop\Zuma's Revenge!.lnk
< %ALLUSERSPROFILE%\Plocha\*.* >
< %ALLUSERSPROFILE%\Desktop\*.* >
< *crack* /s >
[2003.12.05 14:52:40 | 000,000,796 | ---- | M] () -- \Program Files\Hry\GTA SA\GTA San Andreas\data\Decision\Craig\crack1.ped
[2011.09.04 11:34:02 | 000,016,154 | ---- | M] () -- \Users\eliška\AppData\Roaming\uTorrent\3D Instruktor 2.2+crack.torrent
[2012.01.14 19:12:36 | 000,020,721 | ---- | M] () -- \Users\eliška\AppData\Roaming\uTorrent\IL-2 Sturmovik + Expansion + crack.torrent
< *keygen* /s >
[2009.05.16 19:56:01 | 000,008,192 | ---- | M] () -- \Ruzne\sims\Crack - Sims3\keygen-sim3.exe
[2009.06.23 00:53:12 | 000,002,033 | ---- | M] () -- \Ruzne\sims\Crack - Sims3\keygen-sim3.rar
< *loader* /s >
[2011.06.27 16:34:42 | 000,001,849 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\galleria\theme\classic-loader.gif
[2011.06.27 16:34:42 | 000,002,545 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\prettyPhoto\images\dark_rounded\loader.gif
[2011.06.27 16:34:42 | 000,002,545 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\prettyPhoto\images\dark_square\loader.gif
[2011.06.27 16:34:42 | 000,002,545 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\prettyPhoto\images\facebook\loader.gif
[2011.06.27 16:34:42 | 000,002,545 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\prettyPhoto\images\light_rounded\loader.gif
[2011.06.27 16:34:42 | 000,002,545 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\prettyPhoto\images\light_square\loader.gif
[2011.12.20 20:11:41 | 000,000,195 | ---- | M] () -- \Program Files\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2005.09.19 12:30:30 | 000,001,825 | R--- | M] () -- \Program Files\Hry\Age of Empires III\AI\aiLoaderInactive.xs
[2005.09.19 12:30:30 | 000,001,575 | R--- | M] () -- \Program Files\Hry\Age of Empires III\AI\aiLoaderStandard.xs
[2003.12.24 14:26:40 | 000,004,960 | ---- | M] () -- \Program Files\Hry\Zuma Deluxe\images\loaderbar.gif
[2003.12.24 14:26:40 | 000,001,064 | ---- | M] () -- \Program Files\Hry\Zuma Deluxe\images\_loaderbar.gif
[2010.01.29 06:43:52 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012.02.23 14:30:00 | 000,009,051 | ---- | M] () -- \Users\eliška\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\loader.gif
[2012.02.23 14:30:00 | 000,011,274 | ---- | M] () -- \Users\eliška\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.jpg
[2012.02.23 14:30:00 | 000,004,856 | ---- | M] () -- \Users\eliška\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\ImageInfoLoader.js
[2012.08.30 10:29:09 | 1366,841,344 | ---- | M] () -- \Users\eliška\Downloads\Pariz_36_by.Dadunka.of.PowerUploaders.avi
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2011.06.09 10:42:56 | 000,003,528 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 10:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 10:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 10:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2011.05.20 15:51:01 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2011.05.20 15:51:02 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2011.05.20 15:51:02 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 10:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:22:35 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 07:45:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:13:36 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:47:28 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 09:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 08:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
< *RemoveWAT* /s >
< *minodlogin* /s >
< *tnod* /s >
< *TemDono* /s >
< *AutoKMS* /s >
< *KMSEmulator* /s >
< *activator* /s >
< *serial* /s >
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2012.08.20 22:29:44 | 000,000,024 | ---- | M] () -- \Users\eliška\AppData\Local\Google\Picasa2\cache\cacheindex_serial.pmp
[2009.07.14 10:43:23 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 10:43:37 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.05.12 09:20:28 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.12 12:31:04 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
[2012.05.12 12:36:55 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5a4d233916a69d48fa12a9f7f103d893\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.12 12:37:24 | 002,647,040 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
[2012.05.12 14:02:07 | 000,009,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\4b540b784465ca3f0742990e5af444e3\System.Xml.Serialization.ni.dll
[2012.06.18 22:26:10 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.06.18 22:26:08 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.06.18 22:26:17 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.06 16:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2009.07.14 10:43:17 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009.07.14 10:43:30 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009.07.14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009.07.14 10:43:55 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010.11.20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2009.07.14 10:42:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009.07.14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010.11.20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2009.07.14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009.07.14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010.11.20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 10:43:23 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010.11.05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2009.07.14 10:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2009.07.14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009.07.14 10:43:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c002c1170ca9a88f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_c233d4df09982c29\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 10:43:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 10:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2009.07.14 10:43:30 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
< *w7lxe* /s >
< *AutoRearm* /s >
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s >
"StartCCC" = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun -- [2011.04.19 22:11:22 | 000,336,384 | ---- | M] (Advanced Micro Devices, Inc.)
"Adobe ARM" = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -- [2012.07.27 22:51:26 | 000,919,008 | ---- | M] (Adobe Systems Incorporated)
"avast" = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui -- [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software)
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Users\eliška\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2012.09.13 18:14:51 | 000,136,176 | ---- | M] (Google Inc.)
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.09.20 14:04:23 | 000,000,512 | ---- | M] () MD5=99D802D67A845A488F618274CEE7D1A2 -- C:\PhysicalMBR.bin
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:3A036633
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1
< End of report >
OTL logfile created on: 20.9.2012 14:01:04 - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\eliška\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,32% Memory free
5,99 Gb Paging File | 5,05 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 56,16 Gb Free Space | 37,68% Space Free | Partition Type: NTFS
Drive D: | 74,52 Gb Total Space | 47,34 Gb Free Space | 63,52% Space Free | Partition Type: NTFS
Computer Name: DOMACIPC | User Name: eliška | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.09.20 13:57:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\eliška\Desktop\OTL.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.04.20 04:04:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.04.20 04:04:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2012.08.30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Users\eliška\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012.08.30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Users\eliška\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012.08.30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Users\eliška\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012.08.30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Users\eliška\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012.08.30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Users\eliška\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2011.03.02 12:40:52 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2012.09.13 20:50:18 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.04.20 04:04:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.05.22 09:41:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (anygzt6h)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.02.26 14:08:41 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.12.17 19:54:45 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.22 19:42:43 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.05.22 19:42:43 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.04.20 04:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.04.20 03:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.12.18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.11.06 04:20:24 | 000,106,880 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adusbser.sys -- (adusbser)
DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.06.18 20:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
DRV - [2009.06.03 00:57:34 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009.02.24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... earchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112059 ... 11d86b8ca8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTer ... 11d86b8ca8
IE - HKCU\..\SearchScopes\{399a1442-7377-49e7-8d77-6dc9ed5968c1}: "URL" = http://www.zbozi.cz/?q={searchTerms}&so ... earch_6826
IE - HKCU\..\SearchScopes\{5cf5d387-d87c-4408-9a6b-301b0713d62a}: "URL" = http://www.mapy.cz/?query={searchTerms} ... earch_6826
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689: "URL" = http://search.seznam.cz/?q={searchTerms ... earch_6826
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcSe ... -94D4-4689
IE - HKCU\..\SearchScopes\{8172f457-818d-46db-941f-2bbe53e156af}: "URL" =
IE - HKCU\..\SearchScopes\{eb97f7df-1773-4916-aae6-5af74da8c69d}: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... earchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: cs@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112059 ... 86b8ca8&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\eliška\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\eliška\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.13 20:50:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 20:50:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.13 20:50:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 20:50:09 | 000,000,000 | ---D | M]
[2011.05.19 10:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eliška\AppData\Roaming\Mozilla\Extensions
[2012.09.16 20:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\extensions
[2012.09.16 20:12:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.24 09:34:33 | 000,000,000 | ---D | M] (ÄŚeskĂ© slovnĂky pro kontrolu pravopisu) -- C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\extensions\cs@dictionaries.addons.mozilla.org
[2012.07.25 21:51:59 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.09.03 19:32:04 | 000,001,645 | ---- | M] () -- C:\Users\eliška\AppData\Roaming\Mozilla\Firefox\Profiles\ivhdui9k.default\searchplugins\sfd.xml
[2012.09.13 20:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.09.13 20:50:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\ELIšKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVHDUI9K.DEFAULT\EXTENSIONS\CS@DICTIONARIES.ADDONS.MOZILLA.ORG
[2012.09.13 20:50:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.11 17:09:57 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 02:05:40 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.06.15 02:05:40 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.06.15 02:05:40 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.06.15 02:05:41 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.06.15 02:05:41 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
========== Chrome ==========
CHR - homepage: http://www.seznam.cz/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.seznam.cz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\eli\u0161ka\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\eli\u0161ka\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\eli\u0161ka\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\eli\u0161ka\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: FlashBlock = C:\Users\eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.12_0\
CHR - Extension: AdBlock = C:\Users\eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: SearchPreview = C:\Users\eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\2.7_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4F02F10-47A5-444D-85CD-CC97A48B530C}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.26 21:18:27 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1bfb1620-28d8-11e1-857d-d70c50411580}\Shell - "" = AutoRun
O33 - MountPoints2\{1bfb1620-28d8-11e1-857d-d70c50411580}\Shell\AutoRun\command - "" = G:\GTL_Setup_EGFIS.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.09.20 13:57:38 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\eliška\Desktop\OTL.exe
[2012.09.20 09:40:12 | 000,000,000 | ---D | C] -- C:\Users\eliška\AppData\Roaming\Malwarebytes
[2012.09.20 09:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.20 09:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.19 16:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.09.19 16:01:59 | 000,000,000 | ---D | C] -- C:\rsit
[2012.09.18 19:03:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.14 18:27:14 | 000,000,000 | ---D | C] -- C:\Users\eliška\dwhelper
[2012.09.14 11:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cone Layout
[2012.09.14 11:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Cone Layout
[2012.09.13 20:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.13 18:15:35 | 000,000,000 | ---D | C] -- C:\Users\eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.13 18:12:12 | 000,000,000 | ---D | C] -- C:\Users\eliška\AppData\Roaming\SUPERAntiSpyware.com
[2012.09.13 18:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.09.13 18:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.09.13 18:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.09.13 14:10:49 | 000,000,000 | ---D | C] -- C:\Users\eliška\Documents\My Recordings
[2012.09.13 14:08:41 | 000,323,584 | ---- | C] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL
[2012.09.13 14:08:11 | 000,000,000 | ---D | C] -- C:\Windows\Replay Media Catcher
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2012.09.20 14:04:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.09.20 14:02:39 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 14:02:39 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 13:57:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\eliška\Desktop\OTL.exe
[2012.09.20 13:53:28 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.20 13:53:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.20 13:45:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.20 13:41:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job
[2012.09.18 20:31:44 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2012.09.16 21:05:29 | 003,219,322 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.09.16 21:05:29 | 001,534,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.16 21:05:29 | 001,003,582 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.09.16 21:05:29 | 000,959,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.16 09:30:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job
[2012.09.13 23:48:24 | 000,001,373 | ---- | M] () -- C:\Users\eliška\Desktop\Filmy Amina.lnk
[2012.09.13 18:22:20 | 000,007,600 | ---- | M] () -- C:\Users\eliška\AppData\Local\Resmon.ResmonCfg
[2012.09.13 14:15:44 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.20 14:04:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.09.13 18:14:58 | 000,000,966 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job
[2012.09.13 18:14:55 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job
[2012.08.23 17:48:12 | 000,000,065 | ---- | C] () -- C:\Windows\wininit.ini
[2012.08.23 15:12:00 | 000,000,292 | ---- | C] () -- C:\Users\eliška\.JavaPowUpload.properties
[2012.07.14 15:59:06 | 000,000,777 | ---- | C] () -- C:\Windows\CoD.INI
[2012.01.14 20:21:04 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011.07.15 14:55:39 | 000,150,824 | ---- | C] () -- C:\Windows\SETUPDK2.EXE
[2011.06.25 20:46:13 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\06F4E299A7.dll
[2011.06.16 15:53:02 | 000,000,031 | ---- | C] () -- C:\Windows\bluevoda.ini
[2011.06.09 11:54:58 | 000,007,600 | ---- | C] () -- C:\Users\eliška\AppData\Local\Resmon.ResmonCfg
[2011.06.08 21:32:43 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.05.26 19:44:36 | 000,000,265 | ---- | C] () -- C:\Windows\cncscore.ini
[2011.05.23 11:12:28 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.05.22 19:42:43 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.05.22 19:42:43 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.05.20 09:47:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.28 23:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2005.10.18 10:07:39 | 000,011,311 | -H-- | C] () -- C:\Users\eliška\AppData\Roaming\eliškalog.dat
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
========== LOP Check ==========
[2012.09.11 17:08:38 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Babylon
[2012.06.21 13:49:21 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.09.03 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\DAEMON Tools Lite
[2012.09.10 19:16:52 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\GHISLER
[2011.05.20 11:49:46 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Leadertech
[2011.05.25 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2011.06.04 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2012.02.05 18:48:11 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Red Alert 3
[2012.03.25 17:14:12 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Rovio
[2012.08.23 19:20:42 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Thinstall
[2011.05.22 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Ubisoft
[2012.09.10 19:16:47 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< netsvc >
[2009.07.14 06:53:46 | 000,032,562 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.08.22 19:35:16 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.08.22 19:35:17 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.13 18:14:55 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job
[2012.09.13 18:14:58 | 000,000,966 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.09.29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2012.08.22 19:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2012.03.30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011.09.29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011.09.29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011.06.21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2012.08.22 19:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\System32\drivers\tcpip.sys
[2012.08.22 19:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011.06.21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011.06.21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012.03.30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< %systemroot%*.* /U /s >
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.05.20 09:46:05 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Adobe
[2011.05.19 09:28:01 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\ATI
[2012.09.11 17:08:38 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Babylon
[2012.06.21 13:49:21 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.09.03 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\DAEMON Tools Lite
[2011.07.15 16:13:12 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\DivX
[2012.09.10 19:16:52 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\GHISLER
[2011.05.19 09:27:24 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Identities
[2011.05.20 11:49:46 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Leadertech
[2011.05.19 09:40:45 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Macromedia
[2012.09.20 09:40:12 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Malwarebytes
[2009.07.14 11:20:15 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Media Center Programs
[2012.02.17 18:00:29 | 000,000,000 | --SD | M] -- C:\Users\eliška\AppData\Roaming\Microsoft
[2011.05.19 10:32:23 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Mozilla
[2011.05.25 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2011.06.04 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2012.02.05 18:48:11 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Red Alert 3
[2012.03.25 17:14:12 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Rovio
[2012.04.08 13:42:45 | 000,000,000 | RH-D | M] -- C:\Users\eliška\AppData\Roaming\SecuROM
[2012.09.13 18:12:12 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\SUPERAntiSpyware.com
[2012.08.23 19:20:42 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Thinstall
[2011.05.22 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\Ubisoft
[2012.09.10 19:16:47 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\uTorrent
[2011.05.20 09:04:06 | 000,000,000 | ---D | M] -- C:\Users\eliška\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2011.10.29 17:15:24 | 000,010,134 | R--- | M] () -- C:\Users\eliška\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.06.08 19:49:30 | 000,077,542 | R--- | M] () -- C:\Users\eliška\AppData\Roaming\Microsoft\Installer\{E4DA3403-9797-2600-2A09-C06429FDE753}\ARPPRODUCTICON.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job >
[2012.09.20 13:53:28 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.09.20 13:45:00 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.16 09:30:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job
[2012.09.20 13:41:00 | 000,000,966 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.02.26 14:08:41 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.09.20 14:09:48 | 000,013,456 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 14:09:48 | 000,013,456 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %userprofile%\Plocha\*.* >
< %userprofile%\Desktop\*.* >
[2011.06.07 09:42:57 | 000,001,096 | ---- | M] () -- C:\Users\eliška\Desktop\Angry Birds.lnk
[2012.07.18 09:23:13 | 000,000,552 | -HS- | M] () -- C:\Users\eliška\Desktop\desktop.ini
[2012.09.13 23:48:24 | 000,001,373 | ---- | M] () -- C:\Users\eliška\Desktop\Filmy Amina.lnk
[2011.05.19 12:22:39 | 000,000,610 | ---- | M] () -- C:\Users\eliška\Desktop\FreeCell.lnk
[2011.05.19 12:22:13 | 000,000,879 | ---- | M] () -- C:\Users\eliška\Desktop\Hudba.lnk
[2011.05.19 12:16:46 | 000,000,376 | ---- | M] () -- C:\Users\eliška\Desktop\Minesweeper.lnk
[2012.09.20 13:57:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\eliška\Desktop\OTL.exe
[2012.02.17 17:07:28 | 000,001,054 | ---- | M] () -- C:\Users\eliška\Desktop\Zuma Deluxe.lnk
[2012.08.23 19:32:08 | 000,002,022 | ---- | M] () -- C:\Users\eliška\Desktop\Zuma's Revenge!.lnk
< %ALLUSERSPROFILE%\Plocha\*.* >
< %ALLUSERSPROFILE%\Desktop\*.* >
< *crack* /s >
[2003.12.05 14:52:40 | 000,000,796 | ---- | M] () -- \Program Files\Hry\GTA SA\GTA San Andreas\data\Decision\Craig\crack1.ped
[2011.09.04 11:34:02 | 000,016,154 | ---- | M] () -- \Users\eliška\AppData\Roaming\uTorrent\3D Instruktor 2.2+crack.torrent
[2012.01.14 19:12:36 | 000,020,721 | ---- | M] () -- \Users\eliška\AppData\Roaming\uTorrent\IL-2 Sturmovik + Expansion + crack.torrent
< *keygen* /s >
[2009.05.16 19:56:01 | 000,008,192 | ---- | M] () -- \Ruzne\sims\Crack - Sims3\keygen-sim3.exe
[2009.06.23 00:53:12 | 000,002,033 | ---- | M] () -- \Ruzne\sims\Crack - Sims3\keygen-sim3.rar
< *loader* /s >
[2011.06.27 16:34:42 | 000,001,849 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\galleria\theme\classic-loader.gif
[2011.06.27 16:34:42 | 000,002,545 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\prettyPhoto\images\dark_rounded\loader.gif
[2011.06.27 16:34:42 | 000,002,545 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\prettyPhoto\images\dark_square\loader.gif
[2011.06.27 16:34:42 | 000,002,545 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\prettyPhoto\images\facebook\loader.gif
[2011.06.27 16:34:42 | 000,002,545 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\prettyPhoto\images\light_rounded\loader.gif
[2011.06.27 16:34:42 | 000,002,545 | ---- | M] () -- \Program Files\BlueVoda Website Builder\lightbox\prettyPhoto\images\light_square\loader.gif
[2011.12.20 20:11:41 | 000,000,195 | ---- | M] () -- \Program Files\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2005.09.19 12:30:30 | 000,001,825 | R--- | M] () -- \Program Files\Hry\Age of Empires III\AI\aiLoaderInactive.xs
[2005.09.19 12:30:30 | 000,001,575 | R--- | M] () -- \Program Files\Hry\Age of Empires III\AI\aiLoaderStandard.xs
[2003.12.24 14:26:40 | 000,004,960 | ---- | M] () -- \Program Files\Hry\Zuma Deluxe\images\loaderbar.gif
[2003.12.24 14:26:40 | 000,001,064 | ---- | M] () -- \Program Files\Hry\Zuma Deluxe\images\_loaderbar.gif
[2010.01.29 06:43:52 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012.02.23 14:30:00 | 000,009,051 | ---- | M] () -- \Users\eliška\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\loader.gif
[2012.02.23 14:30:00 | 000,011,274 | ---- | M] () -- \Users\eliška\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.jpg
[2012.02.23 14:30:00 | 000,004,856 | ---- | M] () -- \Users\eliška\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\ImageInfoLoader.js
[2012.08.30 10:29:09 | 1366,841,344 | ---- | M] () -- \Users\eliška\Downloads\Pariz_36_by.Dadunka.of.PowerUploaders.avi
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2011.06.09 10:42:56 | 000,003,528 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 10:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 10:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 10:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2011.05.20 15:51:01 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2011.05.20 15:51:02 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2011.05.20 15:51:02 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 10:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:22:35 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 07:45:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:13:36 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:47:28 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 09:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 08:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
< *RemoveWAT* /s >
< *minodlogin* /s >
< *tnod* /s >
< *TemDono* /s >
< *AutoKMS* /s >
< *KMSEmulator* /s >
< *activator* /s >
< *serial* /s >
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2012.08.20 22:29:44 | 000,000,024 | ---- | M] () -- \Users\eliška\AppData\Local\Google\Picasa2\cache\cacheindex_serial.pmp
[2009.07.14 10:43:23 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 10:43:37 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.05.12 09:20:28 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.12 12:31:04 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
[2012.05.12 12:36:55 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5a4d233916a69d48fa12a9f7f103d893\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.12 12:37:24 | 002,647,040 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
[2012.05.12 14:02:07 | 000,009,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\4b540b784465ca3f0742990e5af444e3\System.Xml.Serialization.ni.dll
[2012.06.18 22:26:10 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.06.18 22:26:08 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.06.18 22:26:17 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.06 16:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2009.07.14 10:43:17 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009.07.14 10:43:30 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009.07.14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009.07.14 10:43:55 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010.11.20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2009.07.14 10:42:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009.07.14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010.11.20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2009.07.14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009.07.14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010.11.20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 10:43:23 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010.11.05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2009.07.14 10:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2009.07.14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009.07.14 10:43:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c002c1170ca9a88f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_c233d4df09982c29\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 10:43:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 10:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2009.07.14 10:43:30 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
< *w7lxe* /s >
< *AutoRearm* /s >
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s >
"StartCCC" = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun -- [2011.04.19 22:11:22 | 000,336,384 | ---- | M] (Advanced Micro Devices, Inc.)
"Adobe ARM" = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -- [2012.07.27 22:51:26 | 000,919,008 | ---- | M] (Adobe Systems Incorporated)
"avast" = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui -- [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software)
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Users\eliška\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2012.09.13 18:14:51 | 000,136,176 | ---- | M] (Google Inc.)
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.09.20 14:04:23 | 000,000,512 | ---- | M] () MD5=99D802D67A845A488F618274CEE7D1A2 -- C:\PhysicalMBR.bin
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:3A036633
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1
< End of report >
Re: Prosím o kontrolu - PC bylo zavirované
OTL Extras logfile created on: 20.9.2012 14:01:04 - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\eliška\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,32% Memory free
5,99 Gb Paging File | 5,05 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 56,16 Gb Free Space | 37,68% Space Free | Partition Type: NTFS
Drive D: | 74,52 Gb Total Space | 47,34 Gb Free Space | 63,52% Space Free | Partition Type: NTFS
Computer Name: DOMACIPC | User Name: eliška | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10658799-B24D-449B-985E-E9B4970574C2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{117E4FB9-CC43-4DCB-B2AC-40F7F60A9EFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1CE2BBE3-B8F6-4D50-B3F9-A22ACC84C38C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{203F739A-E3D4-40DF-AC8C-2E6F77B95B1B}" = lport=138 | protocol=17 | dir=in | app=system |
"{286DC73C-BD17-42CC-82AC-B0A88C421875}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DBE90FF-01CA-46BE-BBD1-4BA77E428788}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D929A2E-BE60-4F76-94EB-CE36A5847C8A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B1A6B4F-F0B0-439D-B7E3-23384FD604AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{588F3AF4-8E97-40A1-B5A7-6CE658509343}" = lport=445 | protocol=6 | dir=in | app=system |
"{6270BCCF-82FB-4B62-9286-BB2860DA472D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6AC723D2-2552-47D2-A76E-2B2FD1BE235A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{849398DA-CAB4-4660-BFC7-190B17C983A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{88FC3BA1-EE7A-4458-8155-F6DD32FFD222}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8B11AAA8-8E2E-4483-B4EE-2E13344BA500}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CF9F98D-49EC-4110-813F-07D599986113}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{92E147ED-AF10-4558-9472-44DBA57B4C83}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7C5E7A4-50C0-4A7C-AF1A-CE330511C7B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{C33FEA9D-5566-42CB-B725-E38D51311F2E}" = rport=445 | protocol=6 | dir=out | app=system |
"{C94ED383-FD64-4F0A-BB84-6D6F6D815E75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4294322-A7B6-4124-BA68-3CCE3980C9A0}" = rport=137 | protocol=17 | dir=out | app=system |
"{D66A2B30-7033-4AEE-A40F-90A63D6DC3A1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DF6070AD-161C-46E3-89C2-2E0A47E99D7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E316F5E5-B94E-4DCB-B3F2-6322B4041B6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F384D25D-39C5-4AAD-A4BD-089BF62EC3A6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F8F25EC1-82F2-4D64-B157-2E6401B576E3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031E91CF-5700-4E9D-8151-646ABE569C5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C9DB37D-5C3B-4987-B998-8DF81C5F0D87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12ABDF84-828F-4955-BC60-99CBAB4D93BB}" = protocol=6 | dir=out | app=system |
"{1A53A6C0-4B48-4104-92C8-B7DB31FEC51F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1C9B80B3-468D-4E31-B39D-291A528E40A9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3076B2B5-DD98-48C5-861C-5629CF3D0D96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{38FA24C8-A592-4CC2-9130-D1BC48E23A55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46D89C3C-C8AE-41FB-977B-41F0BA65BC49}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{49CDBDAE-21A8-49E8-90D4-B8D516443D15}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{64B23751-4956-4960-96F3-9BFF6D434EC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67B8CF95-3248-4422-9038-2A730FD82A85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{795472E1-0F41-4D79-9455-B17DAAA5D4A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F7C280B-3BBF-4A62-B799-8DA94B3D3D83}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{819F1DC4-9CF7-4B39-93E9-3AF5B4DAF74B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84AA578E-05A7-4647-91FA-794E155AF617}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8FE3A052-DD8A-4019-A574-35E14AFA812D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99F06E9E-1EC3-480E-8FC1-984A6AAD7CB3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A6727834-637E-42CE-BD1B-4298A47C2CFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9FE1735-25BC-4C06-BDCC-0B8E4EB3F01A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{47E869C5-BB4C-4648-A4E9-AC0DD8920448}C:\program files\hry\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\hry\anno 1404\tools\anno4web.exe |
"TCP Query User{748B7F5D-3690-481B-BFBA-C4EFA1D7E6B4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D138D7D5-550D-4F22-BE39-52811DFD2AD3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D51CE058-8523-4166-B175-20F34DE55182}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"TCP Query User{EDE93D10-31F1-4365-8D70-523D2BA7B2B3}C:\program files\hry\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files\hry\flatout2\flatout2.exe |
"TCP Query User{F07D8907-1DE2-417F-B712-C17C9C239F75}C:\program files\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\atube catcher 2.0\yct.exe |
"UDP Query User{60BDB1BE-DBE3-44C7-9B5B-C776F1D05640}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{627F3A80-D629-4DC4-B095-5296B90427D6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{ADBD3FA8-6395-4384-84C7-5443AF34435F}C:\program files\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\atube catcher 2.0\yct.exe |
"UDP Query User{E90AB22D-EE2B-40B2-8CA2-FCBFA40030EA}C:\program files\hry\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\hry\anno 1404\tools\anno4web.exe |
"UDP Query User{F1C837C5-9EC4-4D35-8A2D-237B647299D1}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"UDP Query User{F839398F-179A-46DD-9288-94B1EC139405}C:\program files\hry\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files\hry\flatout2\flatout2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07EDFDF9-F920-4BCB-B6FD-59DB8FFFFF47}" = Movie Maker
"{097446B4-F17D-F641-F5CC-E662497271FD}" = Catalyst Control Center InstallProxy
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A554D4A-0D5B-DD01-F40F-9772D546D16B}" = Catalyst Control Center Graphics Previews Common
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1AED08A6-6BC5-4927-8FCD-FEE9ED00D2F2}" = Fotogalerie
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2CE6D6EC-B04D-2C9F-156D-8AA2860FD056}" = Catalyst Control Center Localization All
"{34D42BA7-804F-41CB-A7F5-6C1E5169422F}" = Windows Live UX Platform Language Pack
"{37F8C732-02B5-41A2-9F5B-D94EAC2226AB}" = Angry Birds Seasons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{45658CF2-87D4-8060-5C95-78DCF3BA0E74}" = Catalyst Control Center InstallProxy
"{45B21DFA-9B32-1836-0AC6-11DC6C823DB8}" = CCC Help English
"{493C5E08-46B6-B215-8205-35CFF3222D33}" = CCC Help English
"{49AE0543-5D41-8F1B-03FE-E82BEA0BC1E5}" = ccc-utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC4F3B5-3278-8482-F415-FE367AA6E86E}" = ccc-core-static
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{518A54AE-002F-406F-BB48-620676AB9960}" = Anno 1404
"{5BD54B96-C51E-4CE0-A507-1B606EE4364E}" = Photo Common
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746FFA79-CCAF-F214-88BC-3ABF4656ACE2}" = ATI Catalyst Install Manager
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8D9AF84C-487B-0AE1-CB50-C6E7004083BC}" = Catalyst Control Center Graphics Previews Vista
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISER_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISER_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISER_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A885DB00-746C-5E21-9E42-C2FDF7CA5E84}" = Catalyst Control Center Localization All
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABE889EA-764B-6B60-B08A-34811B35E899}" = ccc-utility
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C14892B6-83E5-5B1A-2A69-13252BC00E52}" = Catalyst Control Center
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1" = FlatOut2
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1B7239A-120F-4676-9B19-D2B028BEBDD1}" = Windows Live Essentials
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4DA3403-9797-2600-2A09-C06429FDE753}" = Application Profiles
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{EDF74F22-4431-AD59-9758-7A77955F8393}" = Catalyst Control Center Graphics Previews Common
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aTube Catcher" = aTube Catcher
"avast" = avast! Free Antivirus
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder 12.2
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 1530] [2007-10-14]
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"LIMBO" = LIMBO
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 15.0 (x86 cs)" = Mozilla Firefox 15.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.93
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Zuma Deluxe RA" = Zuma Deluxe RA
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Mozilla Firefox 15.0.1 (x86 cs)" = Mozilla Firefox 15.0.1 (x86 cs)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.3.2012 16:42:40 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 19.3.2012 12:11:39 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 19.3.2012 14:23:15 | Computer Name = DomaciPC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 19.3.2012 14:23:15 | Computer Name = DomaciPC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 19.3.2012 14:23:15 | Computer Name = DomaciPC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
Error - 20.3.2012 2:14:53 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 20.3.2012 5:08:26 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 20.3.2012 7:52:46 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 20.3.2012 16:22:59 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 21.3.2012 13:08:55 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
[ Media Center Events ]
Error - 26.8.2012 15:54:17 | Computer Name = DomaciPC | Source = ehRecvr | ID = 3
Error - 4.9.2012 9:06:17 | Computer Name = DomaciPC | Source = ehRecvr | ID = 3
Description = Televizní karta zjistila chybu. (0x80070001) AF9015 BDA Filter
Error encountered while reading event logs.
< End of report >
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\eliška\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,32% Memory free
5,99 Gb Paging File | 5,05 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 56,16 Gb Free Space | 37,68% Space Free | Partition Type: NTFS
Drive D: | 74,52 Gb Total Space | 47,34 Gb Free Space | 63,52% Space Free | Partition Type: NTFS
Computer Name: DOMACIPC | User Name: eliška | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10658799-B24D-449B-985E-E9B4970574C2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{117E4FB9-CC43-4DCB-B2AC-40F7F60A9EFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1CE2BBE3-B8F6-4D50-B3F9-A22ACC84C38C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{203F739A-E3D4-40DF-AC8C-2E6F77B95B1B}" = lport=138 | protocol=17 | dir=in | app=system |
"{286DC73C-BD17-42CC-82AC-B0A88C421875}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DBE90FF-01CA-46BE-BBD1-4BA77E428788}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D929A2E-BE60-4F76-94EB-CE36A5847C8A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B1A6B4F-F0B0-439D-B7E3-23384FD604AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{588F3AF4-8E97-40A1-B5A7-6CE658509343}" = lport=445 | protocol=6 | dir=in | app=system |
"{6270BCCF-82FB-4B62-9286-BB2860DA472D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6AC723D2-2552-47D2-A76E-2B2FD1BE235A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{849398DA-CAB4-4660-BFC7-190B17C983A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{88FC3BA1-EE7A-4458-8155-F6DD32FFD222}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8B11AAA8-8E2E-4483-B4EE-2E13344BA500}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CF9F98D-49EC-4110-813F-07D599986113}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{92E147ED-AF10-4558-9472-44DBA57B4C83}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7C5E7A4-50C0-4A7C-AF1A-CE330511C7B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{C33FEA9D-5566-42CB-B725-E38D51311F2E}" = rport=445 | protocol=6 | dir=out | app=system |
"{C94ED383-FD64-4F0A-BB84-6D6F6D815E75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4294322-A7B6-4124-BA68-3CCE3980C9A0}" = rport=137 | protocol=17 | dir=out | app=system |
"{D66A2B30-7033-4AEE-A40F-90A63D6DC3A1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DF6070AD-161C-46E3-89C2-2E0A47E99D7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E316F5E5-B94E-4DCB-B3F2-6322B4041B6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F384D25D-39C5-4AAD-A4BD-089BF62EC3A6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F8F25EC1-82F2-4D64-B157-2E6401B576E3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031E91CF-5700-4E9D-8151-646ABE569C5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C9DB37D-5C3B-4987-B998-8DF81C5F0D87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12ABDF84-828F-4955-BC60-99CBAB4D93BB}" = protocol=6 | dir=out | app=system |
"{1A53A6C0-4B48-4104-92C8-B7DB31FEC51F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1C9B80B3-468D-4E31-B39D-291A528E40A9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3076B2B5-DD98-48C5-861C-5629CF3D0D96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{38FA24C8-A592-4CC2-9130-D1BC48E23A55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46D89C3C-C8AE-41FB-977B-41F0BA65BC49}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{49CDBDAE-21A8-49E8-90D4-B8D516443D15}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{64B23751-4956-4960-96F3-9BFF6D434EC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67B8CF95-3248-4422-9038-2A730FD82A85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{795472E1-0F41-4D79-9455-B17DAAA5D4A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F7C280B-3BBF-4A62-B799-8DA94B3D3D83}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{819F1DC4-9CF7-4B39-93E9-3AF5B4DAF74B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84AA578E-05A7-4647-91FA-794E155AF617}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8FE3A052-DD8A-4019-A574-35E14AFA812D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99F06E9E-1EC3-480E-8FC1-984A6AAD7CB3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A6727834-637E-42CE-BD1B-4298A47C2CFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9FE1735-25BC-4C06-BDCC-0B8E4EB3F01A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{47E869C5-BB4C-4648-A4E9-AC0DD8920448}C:\program files\hry\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\hry\anno 1404\tools\anno4web.exe |
"TCP Query User{748B7F5D-3690-481B-BFBA-C4EFA1D7E6B4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D138D7D5-550D-4F22-BE39-52811DFD2AD3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D51CE058-8523-4166-B175-20F34DE55182}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"TCP Query User{EDE93D10-31F1-4365-8D70-523D2BA7B2B3}C:\program files\hry\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files\hry\flatout2\flatout2.exe |
"TCP Query User{F07D8907-1DE2-417F-B712-C17C9C239F75}C:\program files\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\atube catcher 2.0\yct.exe |
"UDP Query User{60BDB1BE-DBE3-44C7-9B5B-C776F1D05640}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{627F3A80-D629-4DC4-B095-5296B90427D6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{ADBD3FA8-6395-4384-84C7-5443AF34435F}C:\program files\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\atube catcher 2.0\yct.exe |
"UDP Query User{E90AB22D-EE2B-40B2-8CA2-FCBFA40030EA}C:\program files\hry\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\hry\anno 1404\tools\anno4web.exe |
"UDP Query User{F1C837C5-9EC4-4D35-8A2D-237B647299D1}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"UDP Query User{F839398F-179A-46DD-9288-94B1EC139405}C:\program files\hry\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files\hry\flatout2\flatout2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07EDFDF9-F920-4BCB-B6FD-59DB8FFFFF47}" = Movie Maker
"{097446B4-F17D-F641-F5CC-E662497271FD}" = Catalyst Control Center InstallProxy
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A554D4A-0D5B-DD01-F40F-9772D546D16B}" = Catalyst Control Center Graphics Previews Common
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1AED08A6-6BC5-4927-8FCD-FEE9ED00D2F2}" = Fotogalerie
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2CE6D6EC-B04D-2C9F-156D-8AA2860FD056}" = Catalyst Control Center Localization All
"{34D42BA7-804F-41CB-A7F5-6C1E5169422F}" = Windows Live UX Platform Language Pack
"{37F8C732-02B5-41A2-9F5B-D94EAC2226AB}" = Angry Birds Seasons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{45658CF2-87D4-8060-5C95-78DCF3BA0E74}" = Catalyst Control Center InstallProxy
"{45B21DFA-9B32-1836-0AC6-11DC6C823DB8}" = CCC Help English
"{493C5E08-46B6-B215-8205-35CFF3222D33}" = CCC Help English
"{49AE0543-5D41-8F1B-03FE-E82BEA0BC1E5}" = ccc-utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC4F3B5-3278-8482-F415-FE367AA6E86E}" = ccc-core-static
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{518A54AE-002F-406F-BB48-620676AB9960}" = Anno 1404
"{5BD54B96-C51E-4CE0-A507-1B606EE4364E}" = Photo Common
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746FFA79-CCAF-F214-88BC-3ABF4656ACE2}" = ATI Catalyst Install Manager
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8D9AF84C-487B-0AE1-CB50-C6E7004083BC}" = Catalyst Control Center Graphics Previews Vista
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISER_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISER_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISER_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A885DB00-746C-5E21-9E42-C2FDF7CA5E84}" = Catalyst Control Center Localization All
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABE889EA-764B-6B60-B08A-34811B35E899}" = ccc-utility
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C14892B6-83E5-5B1A-2A69-13252BC00E52}" = Catalyst Control Center
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1" = FlatOut2
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1B7239A-120F-4676-9B19-D2B028BEBDD1}" = Windows Live Essentials
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4DA3403-9797-2600-2A09-C06429FDE753}" = Application Profiles
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{EDF74F22-4431-AD59-9758-7A77955F8393}" = Catalyst Control Center Graphics Previews Common
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aTube Catcher" = aTube Catcher
"avast" = avast! Free Antivirus
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder 12.2
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 1530] [2007-10-14]
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"LIMBO" = LIMBO
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 15.0 (x86 cs)" = Mozilla Firefox 15.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.93
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Zuma Deluxe RA" = Zuma Deluxe RA
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Mozilla Firefox 15.0.1 (x86 cs)" = Mozilla Firefox 15.0.1 (x86 cs)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.3.2012 16:42:40 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 19.3.2012 12:11:39 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 19.3.2012 14:23:15 | Computer Name = DomaciPC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 19.3.2012 14:23:15 | Computer Name = DomaciPC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 19.3.2012 14:23:15 | Computer Name = DomaciPC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
Error - 20.3.2012 2:14:53 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 20.3.2012 5:08:26 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 20.3.2012 7:52:46 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 20.3.2012 16:22:59 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 21.3.2012 13:08:55 | Computer Name = DomaciPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
[ Media Center Events ]
Error - 26.8.2012 15:54:17 | Computer Name = DomaciPC | Source = ehRecvr | ID = 3
Error - 4.9.2012 9:06:17 | Computer Name = DomaciPC | Source = ehRecvr | ID = 3
Description = Televizní karta zjistila chybu. (0x80070001) AF9015 BDA Filter
Error encountered while reading event logs.
< End of report >
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kontrolu - PC bylo zavirované
Znovu spusť OTL.
- Pokud používáš operační systém Windows Vista či Windows 7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
- Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
- Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli, včetně té dvojtečky před Commands!):
Kód: Vybrat vše
:Commands
[clearallrestorepoints]
[resethosts]
[purity]
[emptytemp]
[emptyflash]
:Services
AdobeARMservice
!SASCORE
SASDIFSV
SASKUTIL
gupdate
gupdatem
gusvc
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (anygzt6h)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112059 ... 11d86b8ca8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112059&tt=3712_7&babsrc=SP_ss&mntrId=8414b19c0000000000000011d86b8ca8
IE - HKCU\..\SearchScopes\{8172f457-818d-46db-941f-2bbe53e156af}: "URL" =
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112059&tt=3712_7&babsrc=KW_ss&mntrId=8414b19c0000000000000011d86b8ca8&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - user.js - File not found
[2012.09.11 17:09:57 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O13 - gopher Prefix: missing
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012.09.16 21:05:29 | 003,219,322 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.09.16 21:05:29 | 001,534,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.16 21:05:29 | 001,003,582 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.09.16 21:05:29 | 000,959,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:3A036633
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1
:Files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\Ruzne\sims\Crack - Sims3 /d
C:\Users\eliška\AppData\Roaming\uTorrent\*crack*.* /d
C:\Users\eliška\AppData\Roaming\Malwarebytes
C:\ProgramData\Malwarebytes
C:\Program Files\Malwarebytes' Anti-Malware
C:\ProgramData\Ask
C:\ProgramData\Babylon
C:\Users\eliška\AppData\Roaming\Babylon
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=-
"Adobe ARM"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]- Klikni na tlačítko [Opravit].
- Po dokončení skenu se objeví log, ten mi sem vlož.
- Pokud se log nevejde do jednoho příspěvku, rozděl jej na více částí.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Prosím o kontrolu - PC bylo zavirované
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: eliška
->Temp folder emptied: 54944583 bytes
->Temporary Internet Files folder emptied: 1123751 bytes
->Java cache emptied: 8368140 bytes
->FireFox cache emptied: 289597065 bytes
->Google Chrome cache emptied: 400570779 bytes
->Flash cache emptied: 1017 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9312 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 100273506 bytes
Total Files Cleaned = 817,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: eliška
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service !SASCORE stopped successfully!
Service !SASCORE deleted successfully!
Service SASDIFSV stopped successfully!
Service SASDIFSV deleted successfully!
Service SASKUTIL stopped successfully!
Service SASKUTIL deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== OTL ==========
Service pccsmcfd stopped successfully!
Service pccsmcfd deleted successfully!
File system32\DRIVERS\pccsmcfd.sys not found.
Error: No service named Partizan was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Partizan deleted successfully.
File system32\drivers\Partizan.sys not found.
Error: No service named anygzt6h was found to stop!
Service\Driver key anygzt6h not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8172f457-818d-46db-941f-2bbe53e156af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8172f457-818d-46db-941f-2bbe53e156af}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "http://search.babylon.com/?affID=112059 ... 86b8ca8&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\System32\perfh005.dat moved successfully.
C:\Windows\System32\perfh009.dat moved successfully.
C:\Windows\System32\perfc005.dat moved successfully.
C:\Windows\System32\perfc009.dat moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5D44.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP65ED.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7126.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA877.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFE67.tmp folder deleted successfully.
C:\Windows\Installer\MSI5630.tmp deleted successfully.
ADS C:\ProgramData\TEMP:3A036633 deleted successfully.
ADS C:\ProgramData\TEMP:ADF211B1 deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Ruzne\sims\Crack - Sims3\keygen-sim3.exe deleted successfully.
C:\Ruzne\sims\Crack - Sims3\keygen-sim3.rar deleted successfully.
C:\Ruzne\sims\Crack - Sims3\TS3.exe deleted successfully.
C:\Ruzne\sims\Crack - Sims3 folder deleted successfully.
C:\Users\eliška\AppData\Roaming\uTorrent\3D Instruktor 2.2+crack.torrent deleted successfully.
C:\Users\eliška\AppData\Roaming\uTorrent\IL-2 Sturmovik + Expansion + crack.torrent deleted successfully.
C:\Users\eliška\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Users\eliška\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Users\eliška\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Users\eliška\AppData\Roaming\Malwarebytes folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes folder moved successfully.
File\Folder C:\Program Files\Malwarebytes' Anti-Malware not found.
C:\ProgramData\Ask\APN-Stub\ATU2 folder moved successfully.
C:\ProgramData\Ask\APN-Stub folder moved successfully.
C:\ProgramData\Ask folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\eliška\AppData\Roaming\Babylon folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job moved successfully.
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware\ deleted successfully.
OTL by OldTimer - Version 3.2.64.0 log created on 09202012_195643
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: eliška
->Temp folder emptied: 54944583 bytes
->Temporary Internet Files folder emptied: 1123751 bytes
->Java cache emptied: 8368140 bytes
->FireFox cache emptied: 289597065 bytes
->Google Chrome cache emptied: 400570779 bytes
->Flash cache emptied: 1017 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9312 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 100273506 bytes
Total Files Cleaned = 817,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: eliška
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service !SASCORE stopped successfully!
Service !SASCORE deleted successfully!
Service SASDIFSV stopped successfully!
Service SASDIFSV deleted successfully!
Service SASKUTIL stopped successfully!
Service SASKUTIL deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== OTL ==========
Service pccsmcfd stopped successfully!
Service pccsmcfd deleted successfully!
File system32\DRIVERS\pccsmcfd.sys not found.
Error: No service named Partizan was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Partizan deleted successfully.
File system32\drivers\Partizan.sys not found.
Error: No service named anygzt6h was found to stop!
Service\Driver key anygzt6h not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8172f457-818d-46db-941f-2bbe53e156af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8172f457-818d-46db-941f-2bbe53e156af}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "http://search.babylon.com/?affID=112059 ... 86b8ca8&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\System32\perfh005.dat moved successfully.
C:\Windows\System32\perfh009.dat moved successfully.
C:\Windows\System32\perfc005.dat moved successfully.
C:\Windows\System32\perfc009.dat moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5D44.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP65ED.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7126.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA877.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFE67.tmp folder deleted successfully.
C:\Windows\Installer\MSI5630.tmp deleted successfully.
ADS C:\ProgramData\TEMP:3A036633 deleted successfully.
ADS C:\ProgramData\TEMP:ADF211B1 deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Ruzne\sims\Crack - Sims3\keygen-sim3.exe deleted successfully.
C:\Ruzne\sims\Crack - Sims3\keygen-sim3.rar deleted successfully.
C:\Ruzne\sims\Crack - Sims3\TS3.exe deleted successfully.
C:\Ruzne\sims\Crack - Sims3 folder deleted successfully.
C:\Users\eliška\AppData\Roaming\uTorrent\3D Instruktor 2.2+crack.torrent deleted successfully.
C:\Users\eliška\AppData\Roaming\uTorrent\IL-2 Sturmovik + Expansion + crack.torrent deleted successfully.
C:\Users\eliška\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Users\eliška\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Users\eliška\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Users\eliška\AppData\Roaming\Malwarebytes folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes folder moved successfully.
File\Folder C:\Program Files\Malwarebytes' Anti-Malware not found.
C:\ProgramData\Ask\APN-Stub\ATU2 folder moved successfully.
C:\ProgramData\Ask\APN-Stub folder moved successfully.
C:\ProgramData\Ask folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\eliška\AppData\Roaming\Babylon folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1913346112-3019125117-3261692771-1004UA.job moved successfully.
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware\ deleted successfully.
OTL by OldTimer - Version 3.2.64.0 log created on 09202012_195643
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kontrolu - PC bylo zavirované
Super, OTL provedlo, co mělo.
Jak je na tom počítač teď?
Jak je na tom počítač teď?--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Prosím o kontrolu - PC bylo zavirované
Počítač běží jak má, bezproblémů 
Mockrát děkuji za váš čas. Klobouk dolů že se vyznáte v těch lozích.
Mockrát děkuji za váš čas. Klobouk dolů že se vyznáte v těch lozích.
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kontrolu - PC bylo zavirované
To je jenom pár písmenek a čísílek. 
Tak ještě dočistíme a máme hotovo.
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Pokud nemáš, stáhni CCleaner z tohoto odkazu.
CCleaner doporučuji používat cca jednou za týden.
... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.
Tak ještě dočistíme a máme hotovo.
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stáhni a spusť.
- Klikni na CleanUp a potvrď YES.
- Program uklidí a může (nemusí) restartovat PC.
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stáhni a spusť.
- Klikni na Start a potvrď OK.
- Program uklidí a může (nemusí) restartovat PC.
- Po použití utilitu smaž.
Pokud nemáš, stáhni CCleaner z tohoto odkazu.
- Panel čistič
- Vše nech jak je, jen dej Analyzovat a poté Spustit CCleaner.
- Panel registry
- Klikni na Hledej problémy.
- Následně na Opravit problémy - zálohu registrů doporučuji udělat, oprav všechny problémy.
- Postup opakuj, dokud nebude bez problémů - většinou cca 3x.
- Panel nástroje
- Zde můžeš odinstalovat nepotřebné programy.
CCleaner doporučuji používat cca jednou za týden.... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Prosím o kontrolu - PC bylo zavirované
Úklid těmi dvěma programy jsem provedl. CCleaner používám již léta.
Měl bych ještě jeden dotaz. Všiml jsem si že OTL smazalo mimo jiné service gupdate. Myslel jsem si že je to proces pro automatickou aktualizaci programů od Googlu (chrome, picasa...) bude bez něj probíhat aktualizace stále stejně?
Jinak ještě jednou moc díky...
Měl bych ještě jeden dotaz. Všiml jsem si že OTL smazalo mimo jiné service gupdate. Myslel jsem si že je to proces pro automatickou aktualizaci programů od Googlu (chrome, picasa...) bude bez něj probíhat aktualizace stále stejně?
Jinak ještě jednou moc díky...
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Prosím o kontrolu - PC bylo zavirované
S CCleanerem dobrá volba.
Co se tyče aktualizací Google, mělo by vše probíhat normálně. Pokud nebude, spustíš aktualizaci ručně, případně znovu nastavíš v nastaveních, aby se stahovala nadále automaticky. Já to takhle vypínám u všech návštěvníků, přijde mi to zbytečné a zdržující.
Není tedy vůbec zač a rádo se stalo.
Přeji dobrou noc. 
Co se tyče aktualizací Google, mělo by vše probíhat normálně. Pokud nebude, spustíš aktualizaci ručně, případně znovu nastavíš v nastaveních, aby se stahovala nadále automaticky. Já to takhle vypínám u všech návštěvníků, přijde mi to zbytečné a zdržující.
Není tedy vůbec zač a rádo se stalo.
Přeji dobrou noc. --- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Přispějete na provoz fóra?