Prosím o kontrolu logu-funmoods

[Warden75]

Zdravím,
poprosil bych o kontrolu logu, páč jsem si spolu s JDownloaderem stáhl i nějaké svinstvo Funmoods.odstranil jsem to co mi síly stačily, ale i tak bych poprosil o kontrolu jestli tam někde něco nezůstalo...
Díky moc


Logfile of random's system information tool 1.09 (written by random/random)
Run by Hans at 2013-06-12 11:13:36
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 265 GB (66%) free of 400 GB
Total RAM: 2044 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:13:38, on 12.6.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Hans\Desktop\RSIT.exe
C:\Program Files\trend micro\Hans.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.novinky.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: CyberLink Live Monitor Service - CyberLink - C:\Program Files\CyberLink\CyberLink Live\CLSomaMonitorService.exe
O23 - Service: CyberLink Live Push Update Service - CyberLink - C:\Program Files\CyberLink\CyberLink Live\CLPushUpdateService.exe
O23 - Service: CyberLink Live Service - CyberLink Corp. - C:\Program Files\CyberLink\CyberLink Live\CLSomaService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_991d5ea79febb417\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6349 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.novinky.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Nero.com/KM]
"Description"=
"Path"=C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
npwachk.dll

C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\extensions\
{1018e4d6-728f-4b20-ad56-37578a4de76b}

C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\searchplugins\
encyclopaedia-metallum-bands.xml
funmoods.xml
masearch.xml
vyhledvn-vide-ve-slub-youtube.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23 72336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-15 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-15 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NSU_agent"=C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2012-02-28 190768]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2219184]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"Google Update"=C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-15 116648]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [2013-02-18 774168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLPushUpdate]
C:\Program Files\CyberLink\CyberLink Live\CLPushUpdate.exe [2008-04-25 60448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2013-03-15 223008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray.exe [2008-06-20 442433]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2012-06-28 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [2013-02-18 774168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.l3codecp"=l3codecp.acm
"MSVideo8"=VfWWDM32.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-06-12 10:43:03 ----D---- C:\rsit
2013-06-12 06:34:26 ----A---- C:\Windows\system32\urlmon.dll
2013-06-12 06:34:26 ----A---- C:\Windows\system32\ieui.dll
2013-06-12 06:34:23 ----A---- C:\Windows\system32\ieframe.dll
2013-06-12 06:34:20 ----A---- C:\Windows\system32\mshtml.dll
2013-06-12 06:34:20 ----A---- C:\Windows\system32\iertutil.dll
2013-06-12 06:31:34 ----A---- C:\Windows\system32\jscript.dll
2013-06-12 06:31:33 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-12 06:31:33 ----A---- C:\Windows\system32\jscript9.dll
2013-06-12 06:31:32 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-12 06:31:32 ----A---- C:\Windows\system32\iesetup.dll
2013-06-12 06:31:31 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-12 06:31:31 ----A---- C:\Windows\system32\iesysprep.dll
2013-06-12 06:31:31 ----A---- C:\Windows\system32\iernonce.dll
2013-06-12 06:31:31 ----A---- C:\Windows\system32\ie4uinit.exe
2013-06-12 06:31:29 ----A---- C:\Windows\system32\wininet.dll
2013-06-12 06:30:58 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-06-12 06:26:23 ----A---- C:\Windows\system32\cryptdlg.dll
2013-06-12 06:26:21 ----A---- C:\Windows\system32\win32spl.dll
2013-06-12 06:26:21 ----A---- C:\Windows\system32\d3d11.dll
2013-06-12 06:26:17 ----A---- C:\Windows\system32\crypt32.dll
2013-06-12 06:26:17 ----A---- C:\Windows\system32\certutil.exe
2013-06-12 06:26:16 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-12 06:26:16 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-12 06:26:16 ----A---- C:\Windows\system32\certenc.dll
2013-06-12 06:26:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-06-12 06:26:12 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-06-12 06:25:56 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-06-11 21:44:26 ----A---- C:\user.js
2013-06-10 06:32:16 ----D---- C:\ProgramData\ESET
2013-06-10 06:32:16 ----D---- C:\Program Files\ESET
2013-06-04 08:24:27 ----D---- C:\ProgramData\Samsung
2013-06-04 08:24:27 ----D---- C:\Program Files\SamsungPrinterLiveUpdateInstaller
2013-06-04 08:24:27 ----D---- C:\Program Files\SamsungPrinterLiveUpdate
2013-06-02 13:20:06 ----D---- C:\ProgramData\RELOADED
2013-06-02 12:58:51 ----D---- C:\Program Files\Call of Juarez Gunslinger
2013-05-23 11:52:22 ----D---- C:\Program Files\Mozilla Firefox
2013-05-20 12:42:50 ----D---- C:\Users\Hans\AppData\Roaming\dvdcss
2013-05-15 08:28:58 ----A---- C:\Windows\system32\win32k.sys
2013-05-15 08:28:57 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-15 08:28:57 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-15 08:28:35 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-15 08:28:35 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-15 08:28:26 ----A---- C:\Windows\system32\shell32.dll
2013-05-15 08:28:25 ----A---- C:\Windows\system32\consent.exe
2013-05-15 08:28:24 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-15 08:28:24 ----A---- C:\Windows\system32\authui.dll
2013-05-15 08:28:24 ----A---- C:\Windows\system32\appinfo.dll
2013-05-15 07:09:20 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-05-15 07:09:19 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2013-05-15 07:09:18 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-05-15 07:09:18 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-05-15 07:09:17 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2013-05-15 07:09:16 ----A---- C:\Windows\system32\wksprtPS.dll
2013-05-15 07:09:16 ----A---- C:\Windows\system32\wksprt.exe
2013-05-15 07:09:16 ----A---- C:\Windows\system32\TSWbPrxy.exe
2013-05-15 07:09:16 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-05-15 07:09:16 ----A---- C:\Windows\system32\tsgqec.dll
2013-05-15 07:09:16 ----A---- C:\Windows\system32\rdpudd.dll
2013-05-15 07:09:16 ----A---- C:\Windows\system32\rdpendp_winip.dll
2013-05-15 07:09:16 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2013-05-15 07:09:16 ----A---- C:\Windows\system32\aaclient.dll
2013-05-15 07:09:15 ----A---- C:\Windows\system32\rdpcorets.dll
2013-05-15 07:09:15 ----A---- C:\Windows\system32\mstscax.dll
2013-05-15 07:09:15 ----A---- C:\Windows\system32\mstsc.exe
2013-05-15 07:08:47 ----A---- C:\Windows\system32\qdvd.dll
2013-05-15 07:08:45 ----A---- C:\Windows\system32\schannel.dll
2013-05-15 07:08:45 ----A---- C:\Windows\system32\lsasrv.dll
2013-05-15 07:08:45 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-05-15 07:08:45 ----A---- C:\Windows\system32\drivers\cng.sys

======List of files/folders modified in the last 1 month======

2013-06-12 11:13:37 ----D---- C:\Windows\Temp
2013-06-12 11:13:37 ----D---- C:\Program Files\trend micro
2013-06-12 11:07:30 ----D---- C:\Windows\Prefetch
2013-06-12 11:02:03 ----SD---- C:\Users\Hans\AppData\Roaming\Microsoft
2013-06-12 10:58:39 ----D---- C:\Windows\system32\config
2013-06-12 10:51:10 ----D---- C:\Windows\System32
2013-06-12 10:51:10 ----D---- C:\Windows\inf
2013-06-12 10:51:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-12 10:45:06 ----D---- C:\Windows
2013-06-12 10:14:14 ----D---- C:\Windows\SoftwareDistribution
2013-06-12 10:11:02 ----RSD---- C:\Windows\assembly
2013-06-12 10:11:01 ----D---- C:\Windows\system32\drivers
2013-06-12 10:09:39 ----RD---- C:\Program Files
2013-06-12 08:55:54 ----D---- C:\Users\Hans\AppData\Roaming\Winamp
2013-06-12 08:55:48 ----D---- C:\Windows\Panther
2013-06-12 08:55:48 ----D---- C:\Windows\debug
2013-06-12 06:46:24 ----D---- C:\Program Files\War Thunder
2013-06-12 06:44:04 ----D---- C:\Windows\winsxs
2013-06-12 06:42:45 ----D---- C:\Windows\system32\cs-CZ
2013-06-12 06:42:45 ----D---- C:\Program Files\Internet Explorer
2013-06-12 06:35:30 ----SHD---- C:\Windows\Installer
2013-06-12 06:35:28 ----D---- C:\Config.Msi
2013-06-12 06:35:26 ----D---- C:\ProgramData\Microsoft Help
2013-06-12 06:34:31 ----D---- C:\Windows\system32\catroot
2013-06-12 06:32:04 ----A---- C:\Windows\system32\MRT.exe
2013-06-12 06:31:44 ----D---- C:\Windows\system32\catroot2
2013-06-12 06:31:08 ----SHD---- C:\System Volume Information
2013-06-11 23:55:23 ----D---- C:\Users\Hans\AppData\Roaming\uTorrent
2013-06-11 23:51:24 ----D---- C:\Program Files\JDownloader
2013-06-11 23:13:58 ----D---- C:\Users\Hans\AppData\Roaming\vlc
2013-06-10 06:32:30 ----D---- C:\Windows\system32\DriverStore
2013-06-10 06:32:16 ----HD---- C:\ProgramData
2013-06-05 06:31:14 ----SD---- C:\ProgramData\Microsoft
2013-06-03 20:40:26 ----D---- C:\Users\Hans\AppData\Roaming\Skype
2013-05-31 11:36:32 ----D---- C:\Users\Hans\AppData\Roaming\Media Player Classic
2013-05-31 07:02:04 ----D---- C:\Program Files\CCleaner
2013-05-24 05:51:09 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-05-15 16:50:30 ----D---- C:\Windows\rescache
2013-05-15 14:48:39 ----D---- C:\Windows\Microsoft.NET
2013-05-15 10:33:06 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-05-15 10:12:25 ----D---- C:\Windows\AppPatch
2013-05-15 07:10:17 ----D---- C:\Windows\system32\wbem
2013-05-15 07:10:17 ----D---- C:\Windows\system32\en-US
2013-05-15 07:10:17 ----D---- C:\Windows\system32\drivers\en-US
2013-05-15 07:10:17 ----D---- C:\Windows\PolicyDefinitions
2013-05-13 14:10:56 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2012-11-15 442048]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-06 242240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 EIO_XP;EIO_XP; \??\C:\Windows\system32\drivers\EIO_XP.sys [2006-06-14 12288]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2010-01-07 233136]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\Windows\system32\drivers\PCTAppEvent.sys [2009-11-23 88040]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2012-11-15 43424]
R3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R); C:\Windows\system32\DRIVERS\e1y6032.sys [2009-07-14 214016]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 pctNDIS;PC Tools Driver; C:\Windows\system32\DRIVERS\pctNdis.sys [2010-01-07 58816]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-06-20 380928]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-12-17 685816]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [2008-09-08 15232]
S3 atkdisplf;ASUS Kernel Mode Enhanced Driver; C:\Windows\system32\drivers\ATKDispLowFilter.sys [2008-09-08 30976]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter.sys [2010-01-12 70664]
S3 pctplfw;pctplfw; \??\C:\Windows\System32\drivers\pctplfw.sys [2010-01-13 115216]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 49664]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 CyberLink Live Monitor Service;CyberLink Live Monitor Service; C:\Program Files\CyberLink\CyberLink Live\CLSomaMonitorService.exe [2008-04-25 171040]
R2 CyberLink Live Push Update Service;CyberLink Live Push Update Service; C:\Program Files\CyberLink\CyberLink Live\CLPushUpdateService.exe [2008-04-25 113696]
R2 CyberLink Live Service;CyberLink Live Service; C:\Program Files\CyberLink\CyberLink Live\CLSomaService.exe [2008-04-25 322592]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2012-07-13 769432]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 634144]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-12-17 76888]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_991d5ea79febb417\STacSV.exe [2008-06-20 221239]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-15 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 33584]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-23 117144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-12-22 541760]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-11-15 1343400]

-----------------EOF-----------------

[vyosek]

Zdravim

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Predpokladam, ze ten ESET jak ma byt = zakoupena licence

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Prohledat
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

[Warden75]

info.txt logfile of random's system information tool 1.09 2013-06-12 11:07:55

======Uninstall list======

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 9.22beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Activision(R)-->MsiExec.exe /X{3FAD68D9-1FA1-4871-9ADF-9151D969E943}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -maintain plugin
Adobe Reader XI (11.0.03) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Agatha Christie - Deset malých černoušků-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9D661EF-69AB-4017-82BB-6FD10AB089B6}\setup.exe" -l0x5 -uninst
Aktualizace NVIDIA 1.12.12-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{2094D249-D6FC-4CCF-834E-8838C5BD95E6}\NVI2.DLL",UninstallPackage Display.Update
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_x86_neutral_73c28da64803cefc\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_x86_neutral_13826104cd8e800f\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_52F0DFAA648E25523CF0EE10FEDF6AC712ED34DB\pccsmcfd.inf
calibre-->MsiExec.exe /I{581AF03B-4008-41AE-846C-21CACF9B48A9}
Call of Juarez Gunslinger (c) Ubisoft version 1-->"C:\Program Files\Call of Juarez Gunslinger\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CyberLink Live-->"C:\Program Files\InstallShield Installation Information\{131B84C2-5435-4993-9888-6C62D9AC755E}\Setup.exe" /z-uninstall
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Dolby Home Theater-->MsiExec.exe /I{F97209C2-8616-4056-87F9-BF3E3B188C52}
Hamster Free EbookConverter-->"C:\Program Files\Hamster Soft\Hamster Free EbookConverter\unins000.exe"
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x5 -remove -removeonly
Intel(R) Desktop Control Center-->MsiExec.exe /I{748D0E38-EEF0-441B-9546-7969B590118A}
Intel(R) Integrator Assistant-->MsiExec.exe /I{E4280946-3773-490C-9A7B-1FCD0E6CB0CF}
Java 7 Update 9-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217009FF}
K-Lite Mega Codec Pack 9.4.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes Anti-Malware verze 1.75.0.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {0B7A4B67-2A38-42B1-9857-662FAB361E08}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {FDF9A959-241A-4662-A8DE-7DED9C22D160}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Mobipocket Creator 4.2-->MsiExec.exe /I{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}
Mozilla Firefox 21.0 (x86 cs)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 4.0 SP3 Parser (KB2758694)-->MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Nero 12-->MsiExec.exe /I{560FC78C-A4B2-461D-9B47-820C1EEF87B8}
Nero Audio Pack 1-->MsiExec.exe /X{A7A0BF2E-31CC-49E3-9913-52C503EB969D}
Nero BackItUp Help (CHM)-->MsiExec.exe /X{EF0D1292-8FC1-41BE-9740-DBC134F66415}
Nero BackItUp-->MsiExec.exe /X{0071820F-09B0-4998-8320-F89629DCBC99}
Nero Blu-ray Player Help (CHM)-->MsiExec.exe /X{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}
Nero Blu-ray Player-->MsiExec.exe /X{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}
Nero Burning ROM Help (CHM)-->MsiExec.exe /X{2890E324-6F3B-4975-8B95-E7D6D80E0226}
Nero Burning ROM-->MsiExec.exe /X{5963F4B4-D138-47CD-ADEF-470E87E185BD}
Nero ControlCenter Help (CHM)-->MsiExec.exe /X{C994C746-C6D0-4EBA-B09E-DF7B18381B69}
Nero ControlCenter-->MsiExec.exe /X{ABC88553-8770-4B97-B43E-5A90647A5B63}
Nero Core Components-->MsiExec.exe /X{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}
Nero Disc Menus Basic-->MsiExec.exe /X{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}
Nero Effects Basic-->MsiExec.exe /X{29F67D84-3A70-456E-806A-52301B02070B}
Nero Express Help (CHM)-->MsiExec.exe /X{0708FF30-78C0-47B0-81F0-C84604DC769C}
Nero Express-->MsiExec.exe /X{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}
Nero Kwik Media Help (CHM)-->MsiExec.exe /X{1F16820E-D0E7-4636-939E-45CBFEFB06E1}
Nero Kwik Media-->MsiExec.exe /X{052A1E34-A54B-458C-A4E3-24C3E054754A}
Nero Kwik Themes Basic-->MsiExec.exe /X{1B6F5E51-575E-4693-BCA2-7543570D076D}
Nero PiP Effects Basic-->MsiExec.exe /X{ACE49D50-19CD-44A6-B192-46F985283B26}
Nero Recode Help (CHM)-->MsiExec.exe /X{86847081-B387-4F49-AED1-C9B0A090D66C}
Nero Recode-->MsiExec.exe /X{1943C3BD-4462-4612-92C3-D36DD917C447}
Nero RescueAgent Help (CHM)-->MsiExec.exe /X{0B311221-05A5-4766-8D03-7A6446794156}
Nero RescueAgent-->MsiExec.exe /X{B953732D-B623-4E84-B369-CFFF7B1AE06F}
Nero SharedVideoCodecs-->MsiExec.exe /X{2432E589-6256-4513-B0BF-EFA8E325D5F0}
Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
Nero Video Help (CHM)-->MsiExec.exe /X{B128179D-A5E1-43AC-9422-12A109ECD2A0}
Nero Video-->MsiExec.exe /X{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{A57025CC-5F2E-4D01-B387-06DB10500D43}
Nokia PC Suite-->C:\ProgramData\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Nokia_PC_Suite_ALL(1).exe
Nokia PC Suite-->MsiExec.exe /I{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}
Nokia Software Updater-->MsiExec.exe /X{7130468A-F53F-4698-8C09-A339EA3B05E6}
NVIDIA Ovladač řídící jednotky 3D Vision 314.07-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{2094D249-D6FC-4CCF-834E-8838C5BD95E6}\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Ovladače grafiky 314.22-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{F3F5B438-7604-4F44-B775-0DD6E00C1311}\NVI2.DLL",UninstallPackage Display.Driver
PC Connectivity Solution-->MsiExec.exe /I{644F4910-E812-49AD-93EC-86828CB81A0D}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
rajče průvodce verze 1.59.45.260-->"C:\Program Files\rajce\unins000.exe"
Samsung Printer Live Update-->C:\Program Files\SamsungPrinterLiveUpdateInstaller\uninstall.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B7C20E16-9A3A-3F05-A6B5-E15AA09200E0} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CF581973-77E0-3093-A1AC-A03130DE990F} /parameterfolder Client
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {43171CAD-DC60-4E7B-9703-B2EC18001B9F}
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3579CE34-B225-4B19-A3AF-DE5F562A212F}
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {020B65AD-B2ED-4B35-92CA-DB56EFB864A5}
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CAB47CC0-A98C-47DD-9FA1-C0416EC96ED5}
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {488F0918-97F9-4CD0-8AD5-8986A46AC962}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9D689455-5858-4AE4-A3CA-6E4149FE3F70}
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {718E87EC-6590-485A-B12D-C01D290EDB12}
Singularity(TM) 1.1 Patch-->"C:\Program Files\InstallShield Installation Information\{89CB9F02-F392-45AD-B429-B9373E6B7BE0}\setup.exe" -runfromtemp -l0x0409 -removeonly
Singularity(TM)-->"C:\Program Files\InstallShield Installation Information\{3FAD68D9-1FA1-4871-9ADF-9151D969E943}\setup.exe" -runfromtemp -l0x0409 -removeonly
Skype™ 6.0-->MsiExec.exe /X{EA17F4FC-FDBF-4CF8-A529-2D983132D053}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
The Saboteur™-->MsiExec.exe /X{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Unlocker 1.9.1-->C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {620E77C0-CDFE-4C14-AAEB-830ABB65864C}
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {525A4A44-8940-40AD-ABA0-14501199D2F0}
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8153EC80-C988-4336-8DAF-6D99C0D26E0C}
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {A030537D-0034-46AD-A730-B1119786F607}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2343F7D1-9E41-4CD7-AC67-264E8E9968BD}
VLC media player 2.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
War Thunder Launcher 1.0.1.199-->"C:\Program Files\War Thunder\unins000.exe"
Welcome App (Start-up experience)-->MsiExec.exe /X{828175FA-7307-4DBF-95AD-9CEE086B6F45}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinDjView 2.0.2-->C:\Program Files\WinDjView\uninstall.exe
WinRAR 4.20 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
Wolfenstein-->C:\Program Files\InstallShield Installation Information\{F9B37992-968C-4264-8449-489032FC28DE}\setup.exe -runfromtemp -l0x0409
Zoner Photo Studio 15-->"C:\Program Files\Zoner\Photo Studio 15\unins000.exe"

======Hosts File======

::1 localhost

======System event log======

Computer Name: HansvonMalish
Event Code: 7036
Message: Stav služby Klient DHCP byl změněn na: Zastaveno
Record Number: 32356
Source Name: Service Control Manager
Time Written: 20130119040936.972362-000
Event Type: Informace
User:

Computer Name: HansvonMalish
Event Code: 50037
Message: Služba klienta DHCPv4 je zastavena. Hodnota příznaku vypnutí: 1
Record Number: 32355
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20130119040936.972362-000
Event Type: Informace
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: HansvonMalish
Event Code: 51047
Message: Služba klienta DHCPv6 je zastavena. Hodnota příznaku vypnutí: 1
Record Number: 32354
Source Name: Microsoft-Windows-DHCPv6-Client
Time Written: 20130119040936.972362-000
Event Type: Informace
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: HansvonMalish
Event Code: 7036
Message: Stav služby CyberLink Live Service byl změněn na: Zastaveno
Record Number: 32353
Source Name: Service Control Manager
Time Written: 20130119040936.932362-000
Event Type: Informace
User:

Computer Name: HansvonMalish
Event Code: 7036
Message: Stav služby CyberLink Live Monitor Service byl změněn na: Zastaveno
Record Number: 32352
Source Name: Service Control Manager
Time Written: 20130119040936.722361-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: HansvonMalish
Event Code: 7042
Message: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Record Number: 6457
Source Name: Microsoft-Windows-Search
Time Written: 20121202053600.000000-000
Event Type: Chyba
User:

Computer Name: HansvonMalish
Event Code: 7040
Message: Vyhledávací služby zjistila, že index {id=4700} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Record Number: 6456
Source Name: Microsoft-Windows-Search
Time Written: 20121202053600.000000-000
Event Type: Chyba
User:

Computer Name: HansvonMalish
Event Code: 9000
Message:
Record Number: 6455
Source Name: Microsoft-Windows-Search
Time Written: 20121202053600.000000-000
Event Type: Chyba
User:

Computer Name: HansvonMalish
Event Code: 902
Message: Služba Ochrana softwaru byla spuštěna.
6.1.7601.17514
Record Number: 6454
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20121202053600.000000-000
Event Type: Informace
User:

Computer Name: HansvonMalish
Event Code: 1003
Message: Služba Ochrana softwaru dokončila kontrolu stavu licencování.
ID aplikace=55c92734-d682-4d71-983e-d6ec3f16059f
Stav licencování=
1: 4de78642-0f7f-4b61-9392-8add86d70ae8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 50e329f7-a5fa-46b2-85fd-f224e5da7764, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
3: 5a79ecd8-d33f-406c-a619-7785899b5d59, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: 770bc271-8dc1-467d-b574-73cbacbeccd1, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: 90a61a0d-0b76-4bf1-a8b8-89061855a4c9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 92f9d22a-65f5-49a7-90fe-06491b4fc379, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
8: 9ccffaf9-86a2-414e-b031-b2f777720e90, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
9: b92e9980-b9d5-4821-9c94-140f632f6312, 1, 1 [(0 [0x00000000, 1, 0], [( 2 0xC004F005)(?)( 1 0x00000000 30 0 msft:rm/algorithm/volume/1.0 0x4004F040 248280)(?)(?)(?)])(1 )(2 )]
10: c1027486-8ae8-4633-9cf9-9658ed80504d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
11: c1e88de3-96c4-4563-ad7d-775f65b1e670, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
12: c33001fc-5e9c-4f27-8c05-e0154adb0db4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
13: cf3c5b35-35ff-4c95-9bbd-a188e47ad14c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
14: cff07cac-7534-4cc3-b3f3-99e1a0aa3c20, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
15: d188820a-cb63-4bad-a9a2-40b843ee23b7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
16: d8e04254-f9a5-4729-ae86-886de6aa907c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
17: da22eadd-46dc-4056-a287-f5041c852470, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
18: e120e868-3df2-464a-95a0-b52fa5ada4bf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
19: e838d943-63ed-4a0b-9fb1-47152908acc9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
20: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
21: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]


Record Number: 6453
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20121202053600.000000-000
Event Type: Informace
User:

[Warden75]

# AdwCleaner v2.303 - Log vytvooen 12/06/2013 v 12:00:49
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Professional Service Pack 1 (32 bits)
# Uživatel : Hans - HANSVONMALISH
# Spuštin systém : Normální
# Spuštino z : C:\Users\Hans\Desktop\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Nalezeno : C:\Users\Hans\AppData\Local\PackageAware
Soubor Nalezeno : C:\user.js
Soubor Nalezeno : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\searchplugins\funmoods.xml

***** [Registry] *****

Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\InstallCore
Klíe Nalezeno : HKCU\Software\PIP
Klíe Nalezeno : HKCU\Software\Softonic
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Klíe Nalezeno : HKLM\Software\Funmoods
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Klíe Nalezeno : HKLM\Software\PIP

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16611

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=ddrnw

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\prefs.js

Nalezeno : user_pref("extensions.funmoods_i.aflt", "ddrnw");
Nalezeno : user_pref("extensions.funmoods_i.dfltLng", "");
Nalezeno : user_pref("extensions.funmoods_i.dfltSrch", true);
Nalezeno : user_pref("extensions.funmoods_i.dnsErr", true);
Nalezeno : user_pref("extensions.funmoods_i.excTlbr", false);
Nalezeno : user_pref("extensions.funmoods_i.hmpg", true);
Nalezeno : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ddrnw");
Nalezeno : user_pref("extensions.funmoods_i.id", "e00f61f100000000000000270e003616");
Nalezeno : user_pref("extensions.funmoods_i.instlDay", "15867");
Nalezeno : user_pref("extensions.funmoods_i.instlRef", "");
Nalezeno : user_pref("extensions.funmoods_i.newTab", true);
Nalezeno : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ddrnw");
Nalezeno : user_pref("extensions.funmoods_i.prdct", "funmoods");
Nalezeno : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Nalezeno : user_pref("extensions.funmoods_i.smplGrp", "none");
Nalezeno : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Nalezeno : user_pref("extensions.funmoods_i.tlbrId", "base");
Nalezeno : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=[...]
Nalezeno : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Nalezeno : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1621:44:24");
Nalezeno : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");

-\\ Google Chrome v27.0.1453.110

Soubor : C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.2127] : homepage = "hxxp://start.funmoods.com/?f=1&a=ddrnw",

*************************

AdwCleaner[R1].txt - [5518 octets] - [17/11/2012 09:49:06]
AdwCleaner[R2].txt - [3957 octets] - [12/06/2013 12:00:49]
AdwCleaner[S1].txt - [5855 octets] - [17/11/2012 10:05:32]

########## EOF - C:\AdwCleaner[R2].txt - [4077 octets] ##########

[vyosek]

Predpokladam, ze ten ESET jak ma byt = zakoupena licence

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Smazat
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

[Warden75]

Eset mám v té zkušební měsíční době,jinak mívám Aviru

[Warden75]

# AdwCleaner v2.303 - Log vytvooen 12/06/2013 v 12:12:02
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Professional Service Pack 1 (32 bits)
# Uživatel : Hans - HANSVONMALISH
# Spuštin systém : Normální
# Spuštino z : C:\Users\Hans\Desktop\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Vymazáno : C:\Users\Hans\AppData\Local\PackageAware
Soubor Vymazáno : C:\user.js
Soubor Vymazáno : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\searchplugins\funmoods.xml

***** [Registry] *****

Klíe Vymazáno : HKCU\Software\APN PIP
Klíe Vymazáno : HKCU\Software\InstallCore
Klíe Vymazáno : HKCU\Software\PIP
Klíe Vymazáno : HKCU\Software\Softonic
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Klíe Vymazáno : HKLM\Software\Funmoods
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Klíe Vymazáno : HKLM\Software\PIP

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16611

Zaminino : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=ddrnw --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\prefs.js

C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\user.js ... Vymazáno !

Vymazáno : user_pref("extensions.funmoods_i.aflt", "ddrnw");
Vymazáno : user_pref("extensions.funmoods_i.dfltLng", "");
Vymazáno : user_pref("extensions.funmoods_i.dfltSrch", true);
Vymazáno : user_pref("extensions.funmoods_i.dnsErr", true);
Vymazáno : user_pref("extensions.funmoods_i.excTlbr", false);
Vymazáno : user_pref("extensions.funmoods_i.hmpg", true);
Vymazáno : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ddrnw");
Vymazáno : user_pref("extensions.funmoods_i.id", "e00f61f100000000000000270e003616");
Vymazáno : user_pref("extensions.funmoods_i.instlDay", "15867");
Vymazáno : user_pref("extensions.funmoods_i.instlRef", "");
Vymazáno : user_pref("extensions.funmoods_i.newTab", true);
Vymazáno : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ddrnw");
Vymazáno : user_pref("extensions.funmoods_i.prdct", "funmoods");
Vymazáno : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Vymazáno : user_pref("extensions.funmoods_i.smplGrp", "none");
Vymazáno : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Vymazáno : user_pref("extensions.funmoods_i.tlbrId", "base");
Vymazáno : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=[...]
Vymazáno : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Vymazáno : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1621:44:24");
Vymazáno : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");

-\\ Google Chrome v27.0.1453.110

Soubor : C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Preferences

Vymazáno [l.2127] : homepage = "hxxp://start.funmoods.com/?f=1&a=ddrnw",

*************************

AdwCleaner[R1].txt - [5518 octets] - [17/11/2012 09:49:06]
AdwCleaner[R2].txt - [4146 octets] - [12/06/2013 12:00:49]
AdwCleaner[S1].txt - [5855 octets] - [17/11/2012 10:05:32]
AdwCleaner[S2].txt - [4210 octets] - [12/06/2013 12:12:02]

########## EOF - C:\AdwCleaner[S2].txt - [4270 octets] ##########

[vyosek]

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

[Warden75]

OTL logfile created on: 12.6.2013 21:00:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,49% Memory free
3,99 Gb Paging File | 2,05 Gb Available in Paging File | 51,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 390,63 Gb Total Space | 255,40 Gb Free Space | 65,38% Space Free | Partition Type: NTFS
Drive D: | 308,00 Gb Total Space | 90,29 Gb Free Space | 29,31% Space Free | Partition Type: NTFS

Computer Name: HANSVONMALISH | User Name: Hans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.06.12 20:56:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe
PRC - [2013.06.12 16:33:06 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013.05.23 11:52:28 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.15 04:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.03.15 04:59:30 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.02.18 13:50:18 | 000,774,168 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2012.06.26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.06.11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.06.11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010.11.20 05:16:56 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009.09.17 02:50:54 | 006,364,160 | ---- | M] (Pandora.TV) -- C:\Program Files\The KMPlayer\KMPlayer.exe
PRC - [2008.06.20 02:40:42 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_991d5ea79febb417\stacsv.exe
PRC - [2008.04.25 11:38:16 | 000,113,696 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\CyberLink Live\CLPushUpdateService.exe
PRC - [2008.04.25 11:37:58 | 000,171,040 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\CyberLink Live\CLSomaMonitorService.exe
PRC - [2008.04.25 11:37:54 | 000,322,592 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\CyberLink Live\CLSomaService.exe


========== Modules (No Company Name) ==========

MOD - [2013.06.12 16:33:05 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013.05.23 11:52:28 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.10.24 20:00:00 | 003,501,056 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax
MOD - [2012.06.26 13:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012.06.26 13:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012.06.26 13:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012.06.26 13:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012.06.26 13:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012.06.26 13:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009.06.29 10:32:02 | 006,026,259 | ---- | M] () -- C:\Program Files\The KMPlayer\libcodec.dll
MOD - [2008.12.05 09:42:20 | 000,178,174 | ---- | M] () -- C:\Program Files\The KMPlayer\libdts.dll
MOD - [2008.12.05 09:37:06 | 000,335,155 | ---- | M] () -- C:\Program Files\The KMPlayer\libfaad2.dll


========== Services (SafeList) ==========

SRV - [2013.06.12 16:33:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.23 11:52:28 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.22 11:45:21 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.11.15 19:15:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.06.20 02:40:42 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_991d5ea79febb417\stacsv.exe -- (STacSV)
SRV - [2008.04.25 11:38:16 | 000,113,696 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\CyberLink Live\CLPushUpdateService.exe -- (CyberLink Live Push Update Service)
SRV - [2008.04.25 11:37:58 | 000,171,040 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\CyberLink Live\CLSomaMonitorService.exe -- (CyberLink Live Monitor Service)
SRV - [2008.04.25 11:37:54 | 000,322,592 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files\CyberLink\CyberLink Live\CLSomaService.exe -- (CyberLink Live Service)


========== Driver Services (SafeList) ==========

DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.03.15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.03.06 12:31:13 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.12.17 11:01:31 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012.11.15 11:03:52 | 000,442,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012.11.15 11:03:52 | 000,043,424 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.06.11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.12.21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.12.21 13:47:38 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010.11.20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.01.13 09:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010.01.12 10:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010.01.07 13:40:26 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010.01.07 12:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009.11.23 14:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009.07.14 00:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)
DRV - [2008.09.08 18:08:54 | 000,030,976 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV - [2008.09.08 18:08:54 | 000,015,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.06.20 02:40:45 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006.06.14 14:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO_XP.sys -- (EIO_XP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1300762496-2828329149-1192743700-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.novinky.cz/
IE - HKU\S-1-5-21-1300762496-2828329149-1192743700-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1300762496-2828329149-1192743700-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1300762496-2828329149-1192743700-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1300762496-2828329149-1192743700-1001\..\SearchScopes\{F8F259F9-B7C1-4C85-9A5A-BA300958A885}: "URL" = http://www.google.com/search?q={searchT ... utEncoding?}
IE - HKU\S-1-5-21-1300762496-2828329149-1192743700-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.novinky.cz/"
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7B6BFD307A-C040-11DA-9749-FB1C850B47DF%7D:2.6.1
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.9
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3.2
FF - prefs.js..extensions.enabledAddons: %7Bcbbbbcd0-3cf7-11dd-ae16-0800200c9a66%7D:3.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hans\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hans\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.11 06:22:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013.06.10 06:32:16 | 000,000,000 | ---D | M]

[2012.11.15 11:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\Mozilla\Extensions
[2013.06.12 10:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\extensions
[2013.05.21 06:28:41 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.04.13 19:12:35 | 000,581,999 | ---- | M] () (No name found) -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\extensions\uriloader@pdf.js.xpi
[2012.11.15 13:23:36 | 000,067,812 | ---- | M] () (No name found) -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2013.06.05 06:30:41 | 000,216,628 | ---- | M] () (No name found) -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2012.11.15 13:52:08 | 000,059,201 | ---- | M] () (No name found) -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}.xpi
[2012.11.22 11:17:57 | 002,285,222 | ---- | M] () (No name found) -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}.xpi
[2013.05.09 12:42:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.06 18:55:59 | 000,002,270 | ---- | M] () -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\searchplugins\encyclopaedia-metallum-bands.xml
[2012.11.16 18:13:32 | 000,002,366 | ---- | M] () -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\searchplugins\masearch.xml
[2013.02.20 20:55:42 | 000,002,091 | ---- | M] () -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml
[2013.05.23 11:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.23 11:52:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hans\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Hans\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hans\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Hans\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Adblock Plus = C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Linkification = C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflchafndefoljnhhholeekfpgmbphaf\1.51_0\
CHR - Extension: AdBlock = C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\

O1 HOSTS File: ([2012.11.20 19:39:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKU\S-1-5-21-1300762496-2828329149-1192743700-1001..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1300762496-2828329149-1192743700-1001..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe (ZONER software)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.74.192.252 94.74.192.244
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49975416-1421-4B68-B327-C442D5980BC4}: DhcpNameServer = 94.74.192.252 94.74.192.244
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7f677b69-4828-11e2-bee3-00270e003616}\Shell - "" = AutoRun
O33 - MountPoints2\{7f677b69-4828-11e2-bee3-00270e003616}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{bb3e0016-8623-11e2-bde8-00270e003616}\Shell - "" = AutoRun
O33 - MountPoints2\{bb3e0016-8623-11e2-bde8-00270e003616}\Shell\AutoRun\command - "" = F:\Autorun\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( )
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.06.12 20:57:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe
[2013.06.12 10:43:03 | 000,000,000 | ---D | C] -- C:\rsit
[2013.06.12 06:34:27 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.12 06:34:26 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.12 06:31:33 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.12 06:31:33 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.12 06:31:32 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.12 06:31:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.06.12 06:31:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.06.12 06:31:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.06.12 06:31:31 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.06.12 06:31:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.06.12 06:26:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.06.12 06:26:21 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.06.12 06:26:17 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.12 06:26:16 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.12 06:26:13 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.12 06:26:12 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.10 06:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.06.10 06:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.06.10 06:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.06.12 21:03:08 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.06.12 20:56:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe
[2013.06.12 20:49:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001UA.job
[2013.06.12 20:33:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.12 16:33:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.12 16:33:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.12 12:18:52 | 000,031,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 12:18:52 | 000,031,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 12:17:53 | 000,631,054 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.06.12 12:17:53 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.12 12:17:53 | 000,121,708 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.06.12 12:17:53 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.12 12:13:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.12 12:13:22 | 1607,122,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.12 11:57:44 | 000,648,201 | ---- | M] () -- C:\Users\Hans\Desktop\adwcleaner.exe
[2013.06.12 11:06:46 | 000,781,383 | ---- | M] () -- C:\Users\Hans\Desktop\RSIT.exe
[2013.06.12 10:49:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001Core.job
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.06 08:21:47 | 000,000,110 | -H-- | M] () -- C:\Users\Hans\Desktop\p.jpg.uid-zps
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.06.12 12:00:21 | 000,648,201 | ---- | C] () -- C:\Users\Hans\Desktop\adwcleaner.exe
[2013.06.12 11:06:44 | 000,781,383 | ---- | C] () -- C:\Users\Hans\Desktop\RSIT.exe
[2013.06.06 08:21:47 | 000,000,110 | -H-- | C] () -- C:\Users\Hans\Desktop\p.jpg.uid-zps
[2013.03.26 14:19:23 | 000,488,448 | ---- | C] () -- C:\Windows\System32\apdfprintmon.dll
[2013.03.26 12:05:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2013.03.21 06:39:45 | 000,000,292 | ---- | C] () -- C:\Users\Hans\AppData\Local\HamsterBookConverter.cfg
[2013.01.10 08:33:19 | 000,007,605 | ---- | C] () -- C:\Users\Hans\AppData\Local\Resmon.ResmonCfg
[2012.11.17 12:51:38 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.11.17 12:51:38 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.11.17 12:51:38 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2012.11.17 12:51:36 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.11.17 12:51:31 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.11.15 20:17:05 | 000,139,152 | ---- | C] () -- C:\Users\Hans\AppData\Roaming\PnkBstrK.sys
[2012.11.15 20:17:05 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.11.15 20:16:32 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.11.15 20:16:31 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.11.15 20:16:30 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.11.15 14:55:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.04.10 09:14:18 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssb6mlm.dll

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.11.16 11:36:27 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Ashampoo
[2012.12.22 10:17:30 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Audacity
[2013.03.16 15:47:53 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\calibre
[2012.11.16 13:30:18 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Canneverbe Limited
[2013.05.11 14:57:52 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\DAEMON Tools Lite
[2013.03.17 08:22:12 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\GHISLER
[2012.11.15 11:00:54 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\InterTrust
[2013.04.26 06:55:31 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\mp3DirectCut
[2013.04.26 07:40:55 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Nokia
[2013.03.06 13:34:17 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Origin
[2013.04.26 07:40:55 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\PC Suite
[2013.01.15 08:17:19 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\PCToolsFirewallPlus
[2013.03.26 14:01:24 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\UDC Profiles
[2013.06.12 15:36:47 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\uTorrent
[2013.02.03 20:44:33 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\VitySoft
[2012.11.15 13:16:59 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Zoner

========== Purity Check ==========

[Warden75]

========== Custom Scans ==========

< >
[2009.07.14 06:53:46 | 000,032,612 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.12.12 09:01:26 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.02.06 20:39:35 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001Core.job
[2013.02.06 20:39:36 | 000,000,958 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001UA.job

< >

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\$NtServicePackUninstall$\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2008.04.14 09:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\Windows.old\Windows\ServicePackFiles\i386\autochk.exe
[2008.04.14 09:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\Windows.old\Windows\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\Windows.old\Windows\$NtServicePackUninstall$\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\autochk.exe
[2010.11.20 05:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 05:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Windows.old\Windows\ServicePackFiles\i386\cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Windows.old\Windows\system32\drivers\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\Windows.old\Windows\$NtServicePackUninstall$\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 01:38:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 01:38:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 01:38:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\Windows.old\Windows\explorer.exe
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\Windows.old\Windows\ServicePackFiles\i386\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\Windows.old\Windows\$NtServicePackUninstall$\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:hal.dll
[2010.11.20 05:29:54 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 05:29:54 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2008.04.14 01:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Windows.old\Windows\system32\HAL.DLL
[2008.04.14 01:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\Windows.old\Windows\ServicePackFiles\i386\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
[2004.08.03 23:59:20 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\Windows.old\Windows\$NtServicePackUninstall$\hal.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\Windows.old\Windows\$NtServicePackUninstall$\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\Windows.old\Windows\ServicePackFiles\i386\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\Windows.old\Windows\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 13:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\Windows.old\Windows\$hf_mig$\KB956572\SP3QFE\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2004.08.17 15:49:28 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\Windows.old\Windows\$NtServicePackUninstall$\services.exe
[2004.08.17 15:49:28 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\Windows.old\Windows\system32\dllcache\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\Windows.old\Windows\system32\services.exe
[2008.04.14 09:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\Windows.old\Windows\$NtUninstallKB956572$\services.exe
[2008.04.14 09:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\Windows.old\Windows\ServicePackFiles\i386\services.exe

< MD5 for: SVCHOST.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Windows.old\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\Windows.old\Windows\ServicePackFiles\i386\svchost.exe
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\Windows.old\Windows\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\Windows.old\Windows\$NtServicePackUninstall$\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2012.08.22 19:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013.01.03 07:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010.11.20 05:30:14 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013.01.04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=4AFB3B0919649F95C1964AA1FAD27D73 -- C:\Windows.old\Windows\$NtUninstallKB2509553$\tcpip.sys
[2012.03.30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2013.05.08 08:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\Windows.old\Windows\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\Windows.old\Windows\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\Windows.old\Windows\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\Windows.old\Windows\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\Windows.old\Windows\$NtServicePackUninstall$\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\tcpip.sys
[2012.08.22 19:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\Windows.old\Windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\Windows.old\Windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2013.01.04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2013.05.08 07:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\System32\drivers\tcpip.sys
[2013.05.08 07:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2012.10.03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2012.10.03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012.03.30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\Windows.old\Windows\ServicePackFiles\i386\userinit.exe
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\Windows.old\Windows\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\Windows.old\Windows\$NtServicePackUninstall$\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Windows.old\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\Windows.old\Windows\$NtServicePackUninstall$\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 05:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 05:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\Windows.old\Windows\ServicePackFiles\i386\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\Windows.old\Windows\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\fd41c04f4bf34f49ed89d11d013f35b3\*.tmp files -> C:\Windows\SoftwareDistribution\Download\fd41c04f4bf34f49ed89d11d013f35b3\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.11.24 13:49:41 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Adobe
[2012.11.16 11:36:27 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Ashampoo
[2012.12.22 10:17:30 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Audacity
[2013.03.16 15:47:53 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\calibre
[2012.11.16 13:30:18 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Canneverbe Limited
[2013.05.11 14:57:52 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\DAEMON Tools Lite
[2013.05.20 12:42:50 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\dvdcss
[2013.03.17 08:22:12 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\GHISLER
[2012.11.15 10:41:32 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Identities
[2012.11.15 11:00:54 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\InterTrust
[2012.11.15 11:35:04 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Macromedia
[2012.11.15 13:04:05 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Malwarebytes
[2009.07.14 11:20:15 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Media Center Programs
[2013.06.12 16:35:38 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Media Player Classic
[2013.06.12 11:02:03 | 000,000,000 | --SD | M] -- C:\Users\Hans\AppData\Roaming\Microsoft
[2012.11.15 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Mozilla
[2013.04.26 06:55:31 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\mp3DirectCut
[2012.11.28 10:45:55 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Nero
[2013.04.26 07:40:55 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Nokia
[2013.01.04 23:09:04 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\NVIDIA
[2013.03.06 13:34:17 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Origin
[2013.04.26 07:40:55 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\PC Suite
[2013.01.15 08:17:19 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\PCToolsFirewallPlus
[2013.06.03 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Skype
[2013.03.26 14:01:24 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\UDC Profiles
[2013.06.12 15:36:47 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\uTorrent
[2013.02.03 20:44:33 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\VitySoft
[2013.06.11 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\vlc
[2013.06.12 11:57:07 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Winamp
[2012.11.17 11:16:08 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\WinRAR
[2012.11.15 13:16:59 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2013.04.26 08:19:51 | 000,053,248 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
[2013.04.26 08:19:51 | 000,049,152 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
[2013.04.26 08:19:51 | 000,073,728 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
[2013.04.26 08:19:51 | 000,073,728 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
[2013.04.26 08:19:51 | 000,049,152 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013.06.12 20:33:01 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.06.12 10:49:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001Core.job
[2013.06.12 20:49:00 | 000,000,958 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001UA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.06.12 12:18:52 | 000,031,008 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 12:18:52 | 000,031,008 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 16:33:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2013.06.12 16:33:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2013.06.12 06:32:04 | 073,381,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MRT.exe
[2013.06.12 12:17:53 | 000,121,708 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2013.06.12 12:17:53 | 000,106,190 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2013.06.12 12:17:53 | 000,631,054 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2013.06.12 12:17:53 | 000,615,810 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2013.06.12 12:17:53 | 001,470,062 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"PC Suite Tray" = "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2012.06.26 13:10:30 | 001,516,632 | ---- | M] (Nokia)
"Google Update" = "C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2012.11.15 11:18:56 | 000,116,648 | ---- | M] (Google Inc.)
"Zoner Photo Studio Autoupdate" = C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE -- [2013.02.18 13:50:18 | 000,774,168 | ---- | M] (ZONER software)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.05.23 11:52:28 | 000,920,472 | ---- | M] (Mozilla Corporation) MD5=95110A1C5A1D228AC1DDF6AB67D00BEB -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.06.12 21:03:08 | 000,000,512 | ---- | M] () MD5=4F3B4D28F036129111F04BDEE25B9ABC -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2013.03.24 20:05:53 | 000,012,261 | ---- | M] () -- \Users\Hans\AppData\Roaming\uTorrent\Black Cock 4 White Crack.torrent
[2013.03.07 09:08:27 | 000,005,369 | ---- | M] () -- \Users\Hans\AppData\Roaming\VitySoft\FRD\plugins\crackle.frp
[2012.11.15 08:23:31 | 000,000,596 | ---- | M] () -- \Windows.old\Documents and Settings\Hans\Recent\Call.of.Duty.Black.Ops.II.Crackfix-SKIDROW.lnk
[2012.07.08 18:34:56 | 000,004,412 | ---- | M] () -- \Windows.old\Program Files\JDownloader\jd\plugins\hoster\CrackedCom.class

< *keygen* /s >

< *loader* /s >
[2010.05.28 13:43:06 | 011,042,816 | ---- | M] () -- \Program Files\Activision\Singularity(TM)\RvGame\CookedPC\RvGameMPLoader_SF.xxx
[2010.05.28 13:43:00 | 000,950,272 | ---- | M] () -- \Program Files\Activision\Singularity(TM)\RvGame\CookedPC\RvGameMPLoader_SF_LOC_ESN.xxx
[2010.05.28 13:42:58 | 000,950,272 | ---- | M] () -- \Program Files\Activision\Singularity(TM)\RvGame\CookedPC\RvGameMPLoader_SF_LOC_FRA.xxx
[2010.05.28 13:42:54 | 000,851,968 | ---- | M] () -- \Program Files\Activision\Singularity(TM)\RvGame\CookedPC\RvGameMPLoader_SF_LOC_INT.xxx
[2010.05.28 13:43:02 | 000,983,040 | ---- | M] () -- \Program Files\Activision\Singularity(TM)\RvGame\CookedPC\RvGameMPLoader_SF_LOC_ITA.xxx
[2013.05.04 04:03:38 | 000,044,032 | R--- | M] () -- \Program Files\Calibre2\DLLs\PyISAPI_loader.dll
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2012.02.03 04:32:08 | 000,112,128 | ---- | M] () -- \Program Files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2011.09.15 11:09:22 | 000,044,032 | ---- | M] () -- \Program Files\Hamster Soft\Hamster Free EbookConverter\Calibre\DLLs\PyISAPI_loader.dll
[2013.06.11 23:45:57 | 000,011,071 | ---- | M] () -- \Program Files\JDownloader\update\jd\plugins\hoster\MyDownloaderNet.class
[2013.06.11 23:43:54 | 000,004,584 | ---- | M] () -- \Program Files\JDownloader\update\jd\plugins\hoster\OmpLoaderOrg.class
[2013.06.11 23:00:42 | 000,003,880 | ---- | M] () -- \Program Files\JDownloader\update\jd\plugins\hoster\UploaderJp.class
[2013.06.11 23:08:55 | 000,007,073 | ---- | M] () -- \Program Files\JDownloader\update\jd\plugins\hoster\UploaderPl.class
[2012.06.26 12:36:20 | 000,002,560 | ---- | M] () -- \Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2011.09.14 16:53:54 | 000,063,256 | ---- | M] () -- \Program Files\Tripwire Interactive\Red Orchestra 2 Heroes of Stalingrad\Binaries\Win32\PhysXLocal\PhysXLoader.dll
[2013.02.06 17:42:00 | 000,432,128 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSPluginLoader.exe
[2012.10.18 17:47:30 | 000,442,368 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 15:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSPluginLoader.exe
[2013.02.06 17:20:12 | 000,192,512 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPluginLoader.exe
[2013.02.18 13:50:00 | 000,103,960 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\8bfLoader.exe
[2013.02.18 13:50:08 | 000,017,944 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\WICLoader.exe
[2012.07.26 23:47:04 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.11.08 16:16:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.11.08 16:16:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.11.08 16:16:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2012.07.26 23:47:04 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.11.08 16:16:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.11.08 16:16:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.11.08 16:16:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2013.06.11 15:18:14 | 000,003,208 | ---- | M] () -- \Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\skin\ajax-loader.gif
[2013.04.13 19:12:35 | 000,581,999 | ---- | M] () -- \Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\extensions\uriloader@pdf.js.xpi
[2012.02.29 08:49:32 | 000,072,638 | ---- | M] () -- \Windows.old\Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.02.29 08:49:32 | 000,003,032 | ---- | M] () -- \Windows.old\Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2010.12.07 07:52:09 | 000,000,334 | ---- | M] () -- \Windows.old\Documents and Settings\All Users\Nabídka Start\Programy\JDownloader\JDownloader Support.lnk
[2010.12.07 07:52:09 | 000,000,814 | ---- | M] () -- \Windows.old\Documents and Settings\All Users\Nabídka Start\Programy\JDownloader\JDownloader.lnk
[2010.12.07 07:52:11 | 000,000,804 | ---- | M] () -- \Windows.old\Documents and Settings\All Users\Nabídka Start\Programy\JDownloader\Uninstall JDownloader.lnk
[2010.12.07 07:52:09 | 000,000,746 | ---- | M] () -- \Windows.old\Documents and Settings\All Users\Plocha\JDownloader.lnk
[2010.03.06 07:30:38 | 000,847,040 | ---- | M] () -- \Windows.old\Documents and Settings\Hans\Data aplikací\Facebook\axfbootloader.dll
[2012.03.05 19:22:07 | 000,099,095 | ---- | M] () -- \Windows.old\Documents and Settings\Hans\Local Settings\Data aplikací\SRDownloader.err
[2012.03.05 19:40:27 | 000,001,072 | ---- | M] () -- \Windows.old\Documents and Settings\Hans\Local Settings\Data aplikací\SRDownloader.nast
[2009.04.28 10:05:14 | 000,710,144 | ---- | M] () -- \Windows.old\Program Files\Agnitum\Outpost Firewall\plugins_acs\downloader.ofp
[2010.07.14 09:28:02 | 000,214,528 | ---- | M] () -- \Windows.old\Program Files\JDownloader\JDownloader.exe
[2011.01.24 20:38:46 | 000,593,293 | ---- | M] () -- \Windows.old\Program Files\JDownloader\JDownloader.jar
[2010.12.07 07:53:10 | 000,000,105 | ---- | M] () -- \Windows.old\Program Files\JDownloader\jd\img\hosterlogos\uploader.pl.png
[2012.10.11 19:38:15 | 000,011,071 | ---- | M] () -- \Windows.old\Program Files\JDownloader\jd\plugins\hoster\MyDownloaderNet.class
[2012.11.05 19:39:12 | 000,004,468 | ---- | M] () -- \Windows.old\Program Files\JDownloader\jd\plugins\hoster\OmpLoaderOrg.class
[2012.10.11 19:38:08 | 000,007,073 | ---- | M] () -- \Windows.old\Program Files\JDownloader\jd\plugins\hoster\UploaderPl.class
[2010.12.07 07:56:29 | 000,032,222 | ---- | M] () -- \Windows.old\Program Files\JDownloader\licenses\jdownloader.license
[2012.05.03 19:38:36 | 000,071,528 | ---- | M] () -- \Windows.old\Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012.05.21 05:03:06 | 000,083,816 | ---- | M] () -- \Windows.old\Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \Windows.old\Program Files\The KMPlayer\ImLoader.dll
[2010.04.29 15:12:38 | 000,673,160 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 12\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 12\Plugins\Facebook\ZPSPluginLoader.exe
[2010.04.29 15:12:42 | 000,686,984 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 12\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 15:12:42 | 000,053,640 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 12\Plugins\Flickr\ZPSPluginLoader.exe
[2011.03.08 18:09:04 | 000,194,048 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 13\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 13\Plugins\Picasa\ZPSPluginLoader.exe
[2012.10.18 17:48:18 | 000,430,080 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSPluginLoader.exe
[2012.10.18 17:47:30 | 000,442,368 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 15:12:42 | 000,053,640 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSPluginLoader.exe
[2012.10.18 17:48:44 | 000,194,560 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPluginLoader.exe
[2012.10.18 17:56:18 | 000,103,520 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 15\Program32\8bfLoader.exe
[2012.10.18 17:56:32 | 000,017,504 | ---- | M] () -- \Windows.old\Program Files\Zoner\Photo Studio 15\Program32\WICLoader.exe
[2004.08.17 15:49:06 | 000,035,840 | ---- | M] () -- \Windows.old\Windows\$NtServicePackUninstall$\dmloader.dll
[2012.11.15 07:08:26 | 000,009,578 | ---- | M] () -- \Windows.old\Windows\Prefetch\JDOWNLOADER.EXE-126B24BC.pf
[2002.12.12 00:14:32 | 000,033,280 | ---- | M] () -- \Windows.old\Windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmloader.dll
[2008.04.14 09:51:40 | 000,035,840 | ---- | M] () -- \Windows.old\Windows\ServicePackFiles\i386\dmloader.dll
[2008.04.14 01:01:48 | 000,230,912 | ---- | M] () -- \Windows.old\Windows\ServicePackFiles\i386\osloader.exe
[2008.04.14 01:01:50 | 000,278,528 | ---- | M] () -- \Windows.old\Windows\ServicePackFiles\i386\osloader.ntd
[2004.08.17 15:49:06 | 000,035,840 | ---- | M] () -- \Windows.old\Windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\backup\dmloader.dll
[2008.04.14 09:51:40 | 000,035,840 | ---- | M] () -- \Windows.old\Windows\system32\dmloader.dll
[2012.07.05 09:21:22 | 000,012,532 | ---- | M] () -- \Windows.old\Windows\system32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2002.12.12 00:14:32 | 000,033,280 | ---- | M] () -- \Windows.old\Windows\system32\dllcache\dmloader.dll
[2012.11.16 10:34:14 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2013.06.11 21:44:41 | 000,014,980 | ---- | M] () -- \Windows\Prefetch\JDOWNLOADERPORTABLE.EXE-45EFB050.pf
[2013.06.11 21:42:52 | 000,282,260 | ---- | M] () -- \Windows\Prefetch\JDOWNLOADERSETUP.EXE-35FDDE95.pf
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 10:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 10:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 10:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2012.11.15 15:15:14 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2012.11.15 15:15:14 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2012.11.15 15:15:14 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 10:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 06:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.18 13:09:17 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT

< End of report >

[Warden75]

OTL Extras logfile created on: 12.6.2013 21:00:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,49% Memory free
3,99 Gb Paging File | 2,05 Gb Available in Paging File | 51,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 390,63 Gb Total Space | 255,40 Gb Free Space | 65,38% Space Free | Partition Type: NTFS
Drive D: | 308,00 Gb Total Space | 90,29 Gb Free Space | 29,31% Space Free | Partition Type: NTFS

Computer Name: HANSVONMALISH | User Name: Hans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1300762496-2828329149-1192743700-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01483B01-4743-44AE-8EEC-7198C660903C}" = lport=138 | protocol=17 | dir=in | app=system |
"{06E105BF-DC82-4657-9889-2F72ED878B08}" = rport=445 | protocol=6 | dir=out | app=system |
"{0C7F83DC-EA39-4F13-976E-3B28FEBB7264}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10747ADD-40CB-4D1A-8E3F-DA03E028C345}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39E71C51-7331-46F3-8A65-F05C275256BF}" = rport=138 | protocol=17 | dir=out | app=system |
"{40F08BAB-349E-4766-BCAF-D5F88CF57DBC}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{4B405069-9949-4BD8-A9EB-5AC77F08AD0A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E6C32F3-743D-4A6B-94E4-F90A772F79E5}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{67BDE3CA-C12E-46B1-A287-6C61BEF21846}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6A6F382E-6FBE-4380-AAF3-22BD9160BE53}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6AA31273-E1DE-4EBE-9824-6054E449ACC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{73BD973B-7E2C-4498-8507-2E4EF98334BB}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{74C5368F-41F7-4151-832D-BCD8A4841CAF}" = lport=139 | protocol=6 | dir=in | app=system |
"{84549A84-C5E5-424A-B821-BBF903DDD53E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8AA2E5C3-8BBF-495B-8F01-D2CD2ECEE7AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93628202-6181-44EA-8168-1EF2F3578A81}" = lport=445 | protocol=6 | dir=in | app=system |
"{957157E2-ACFB-4320-89BC-3593D48A328A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A06F06D6-1D50-426A-A3D8-226B0D5D6637}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9A90BCC-60A0-43F0-B6E5-85AA997FD864}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{ACC46B29-44D5-463B-8DE8-BD2F3D8B9C48}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BC3D6FA2-FF71-4771-B45D-B461ACAD6BB7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C0ACBA6C-D1E9-4274-88AB-65516FC3ACD3}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{C50FF3B5-C257-4EDD-ACC1-E7B3D5A6C6DF}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{C8E487F9-E626-4E0B-8B8F-4F1FD84ADAF7}" = rport=139 | protocol=6 | dir=out | app=system |
"{CCC799E5-C72D-4C4F-AB36-AF83340C0BD7}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{CD31A2DC-BC59-4AA3-B0B3-25233817BBA7}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{D667DCE8-3A72-4FDF-9C8B-31A7FE0084E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA8820B1-7CA4-459D-9AD5-97A4404C8747}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E732AE90-6D4D-45B8-8900-C65F8602F00B}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0EF8340-4A68-4578-8A04-E7C2E37EA475}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{F497E35E-7948-4646-8991-E42CFF6ED81F}" = lport=137 | protocol=17 | dir=in | app=system |
"{F6642BA3-75BF-4C01-8F97-77A67EBDEC83}" = lport=7850 | protocol=6 | dir=in | name=war thunder |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FED421-5A3E-476C-B066-D2D45B158D84}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0BC4B373-F075-4C1F-A000-FCD8FC6E5CA0}" = protocol=6 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mp.exe |
"{1AFA39E1-E257-4896-B3A5-75FB7AFEF9D6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1FC63862-69B1-424A-9812-630F5DDBC269}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2C68D5E9-15DC-4ADB-BB10-573DCE35D801}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2D5E57F8-B822-4829-A4D4-13DEB540BED9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3BB88348-FBB1-4A59-B3B5-7D8FD54BF578}" = protocol=17 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mp.exe |
"{3BB8FE66-E5A6-4C7D-8D3B-4CC73793CFAC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4650AE8C-7432-4898-8778-9F445D59AE98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{486AE3EE-F95F-4DA9-8968-11757DABF3A5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4CF7783A-D944-4B46-A4BB-4EAF6CA5BDA3}" = protocol=6 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mplite.exe |
"{4E7EA3DD-10F3-42D4-8BE2-6E1BAA66DC8B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{55E99120-2D8D-49FB-BE33-A3EC4DB8B8DC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5AA7BD29-D123-4EFA-8580-D44FF3E81F49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65EF5AF4-9EAD-4FC2-8BE7-1F59766351E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72B6950F-C696-4C57-8016-289AF3506FAF}" = protocol=58 | dir=in | app=system |
"{7372784B-019F-4507-8551-C59073C422D5}" = dir=in | app=c:\program files\cyberlink\cyberlink live\clsomaservice.exe |
"{73A48399-8630-4349-973D-31803585BBCF}" = dir=in | app=c:\program files\cyberlink\cyberlink live\clsomamonitorservice.exe |
"{74D69F7C-140A-4E9C-AE01-D47FEBF0D292}" = protocol=6 | dir=in | app=c:\program files\war thunder\launcher.exe |
"{7AF6519A-DE65-42F5-9AB9-3A912B50611D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{82BFF78E-6C04-4597-9EF7-576AD93A9A2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FE63B06-79CF-4E56-B95E-CE19DCC9F43F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{95C3F2BD-FE5D-400C-8FCD-56BEEA0E0F1D}" = dir=in | app=c:\program files\cyberlink\cyberlink live\clpushupdateservice.exe |
"{A3869B84-5AE4-4B55-8634-B6973DB08264}" = protocol=6 | dir=in | app=c:\program files\activision\singularity(tm)\binaries\singularity.exe |
"{A7EC7836-063C-402A-BD78-BF8770417582}" = protocol=6 | dir=out | app=system |
"{AA5FAB57-5863-4488-B9B1-D660C7B345C0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ADAF96F9-28E3-4F0A-B6EE-156F4B7097D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B163A00B-4199-453A-B1A6-2B36F5483B03}" = protocol=17 | dir=in | app=c:\program files\activision\singularity(tm)\binaries\singularity.exe |
"{B1EF9180-0B15-4591-B0BB-E3430FDE11DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B8F34BEE-7509-44E3-9DC4-F5571AD6D30B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C40B1AE2-4584-42CC-96F3-9B968573A223}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7A5D2D8-AA35-447F-B914-1717BDE19C09}" = dir=in | app=c:\program files\cyberlink\cyberlink live\clhomemediaserver.exe |
"{CAF578CC-2343-41B1-974E-E2C24779F6F6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D37F093F-D417-4CF4-9244-18E7585906D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC4F9E7C-E2D9-41EC-8E60-272C97335FAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DE2FF3DB-73B1-425B-A482-B9EEDB1AB0EC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DFE44C50-120D-4842-AF66-308F73E3BD64}" = protocol=17 | dir=in | app=c:\program files\war thunder\launcher.exe |
"{E1072446-FCDF-499A-ADFA-0153D5C5A7C9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E17326CC-B50E-4936-A754-B296842CEBC4}" = protocol=17 | dir=in | app=c:\program files\nero\km\kwikmedia.exe |
"{E3E443EC-225F-4F30-B6C9-242F294FD9B3}" = protocol=17 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mplite.exe |
"{E52E20DD-E5CD-45EC-9AA6-6F3DCBF89707}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E959C62D-5E54-41F3-B6C8-B1ECF3235470}" = protocol=6 | dir=in | app=c:\program files\nero\km\kwikmedia.exe |
"{EE2B5F0E-5BFD-4209-B86F-C096F16439EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F15DFBEB-635D-4F70-A66B-3E4567CF035D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FDFF192C-3725-4E72-92B8-3EBBFB557218}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{00B2096D-725A-481C-9156-FDEAB959C1F3}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{091790E7-C2FD-40DA-A61A-5985EFEB39DC}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{1C1F1A4D-0A91-40BA-B1D7-B15E1635A091}C:\program files\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files\war thunder\aces.exe |
"TCP Query User{3505EA46-D9BC-4EC8-BDD5-29D21BE622FB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F998B760-D0C4-4F10-BE23-C346D7A82128}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{3AE99BC8-9C1F-4839-BC30-4DB9C2330E44}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{3FDE588A-857B-44BA-8749-3D3C7E10A469}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{6C0C0218-08E0-4DF3-858E-BC64A79EC4A6}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{6E1D334C-3D63-4C21-B177-8AC0A2F795DF}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{A460359F-2044-437F-96D7-B5DD4A0C0FC9}C:\program files\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files\war thunder\aces.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0071820F-09B0-4998-8320-F89629DCBC99}" = Nero BackItUp
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{131B84C2-5435-4993-9888-6C62D9AC755E}" = CyberLink Live
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{204BB4EF-68AC-454B-857E-431336B4188A}" = ESET NOD32 Antivirus
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R)
"{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560FC78C-A4B2-461D-9B47-820C1EEF87B8}" = Nero 12
"{581AF03B-4008-41AE-846C-21CACF9B48A9}" = calibre
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748D0E38-EEF0-441B-9546-7969B590118A}" = Intel(R) Desktop Control Center
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{89CB9F02-F392-45AD-B429-B9373E6B7BE0}" = Activision
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE80D58-2E74-4FF4-A2D2-5E714E470F36}" = ASUS nVidia Driver
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Czech
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4280946-3773-490C-9A7B-1FCD0E6CB0CF}" = Intel(R) Integrator Assistant
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.199
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F97209C2-8616-4056-87F9-BF3E3B188C52}" = Dolby Home Theater
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{F9D661EF-69AB-4017-82BB-6FD10AB089B6}" = Agatha Christie - Deset malých černoušků
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Balíček ovladače systému Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9)
"7-Zip" = 7-Zip 9.22beta
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{131B84C2-5435-4993-9888-6C62D9AC755E}" = CyberLink Live
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM)
"InstallShield_{89CB9F02-F392-45AD-B429-B9373E6B7BE0}" = Singularity(TM) 1.1 Patch
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox 21.0 (x86 cs)" = Mozilla Firefox 21.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"PunkBusterSvc" = PunkBuster Services
"Q2FsbG9mSnVhcmV6R3Vuc2xpbmdlcg==_is1" = Call of Juarez Gunslinger (c) Ubisoft version 1
"rajče.net_is1" = rajče průvodce verze 1.59.45.260
"Samsung Printer Live Update" = Samsung Printer Live Update
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinDjView" = WinDjView 2.0.2
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"ZonerPhotoStudio15_CZ_is1" = Zoner Photo Studio 15

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1300762496-2828329149-1192743700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.4.2013 0:53:39 | Computer Name = HansvonMalish | Source = Windows Search Service | ID = 9002
Description =

Error - 21.4.2013 0:53:39 | Computer Name = HansvonMalish | Source = Windows Search Service | ID = 3029
Description =

Error - 21.4.2013 0:53:40 | Computer Name = HansvonMalish | Source = Windows Search Service | ID = 3029
Description =

Error - 21.4.2013 0:53:40 | Computer Name = HansvonMalish | Source = Windows Search Service | ID = 3028
Description =

Error - 21.4.2013 0:53:40 | Computer Name = HansvonMalish | Source = Windows Search Service | ID = 3058
Description =

Error - 21.4.2013 0:53:40 | Computer Name = HansvonMalish | Source = Windows Search Service | ID = 7010
Description =

Error - 21.4.2013 7:34:31 | Computer Name = HansvonMalish | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 21.4.2013 7:35:04 | Computer Name = HansvonMalish | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\Nero\Nero 12\nero
backitup\NBVSSTool_x64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 21.4.2013 7:35:10 | Computer Name = HansvonMalish | Source = SideBySide | ID = 16842787
Description = Generování kontextu aktivace pro c:\program files\Nero\Nero 12\nero
burning rom\NeroCmd.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady
c:\program files\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST na řádku 3. Identita
komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty. Odkaz
je SMC,processorArchitecture="x86",type="win32",version="8.2.0.0". Definice je SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
Podrobnější
diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 21.4.2013 7:35:16 | Computer Name = HansvonMalish | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\Nero\Nero 12\nero
recode\NeroBRServer.exe.Manifest se nezdařilo. Závislé sestavení ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

[ OSession Events ]
Error - 9.1.2013 3:44:53 | Computer Name = HansvonMalish | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 50 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 21.3.2013 0:12:12 | Computer Name = HansvonMalish | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 21.3.2013 0:23:46 | Computer Name = HansvonMalish | Source = bowser | ID = 8003
Description =

Error - 21.3.2013 0:35:46 | Computer Name = HansvonMalish | Source = bowser | ID = 8003
Description =

Error - 21.3.2013 0:47:47 | Computer Name = HansvonMalish | Source = bowser | ID = 8003
Description =

Error - 21.3.2013 0:59:47 | Computer Name = HansvonMalish | Source = bowser | ID = 8003
Description =

Error - 21.3.2013 1:11:47 | Computer Name = HansvonMalish | Source = bowser | ID = 8003
Description =

Error - 21.3.2013 1:23:44 | Computer Name = HansvonMalish | Source = bowser | ID = 8003
Description =

Error - 22.3.2013 1:23:09 | Computer Name = HansvonMalish | Source = sptd | ID = 262148
Description = Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error - 22.3.2013 1:23:35 | Computer Name = HansvonMalish | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 22.3.2013 7:13:31 | Computer Name = HansvonMalish | Source = bowser | ID = 8003
Description =


< End of report >

[vyosek]

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  IE - HKU\S-1-5-21-1300762496-2828329149-1192743700-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  IE - HKU\S-1-5-21-1300762496-2828329149-1192743700-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  IE - HKU\S-1-5-21-1300762496-2828329149-1192743700-1001\..\SearchScopes\{F8F259F9-B7C1-4C85-9A5A-BA300958A885}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
  [2012.11.16 18:13:32 | 000,002,366 | ---- | M] () -- C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\searchplugins\masearch.xml
  O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
  O13 - gopher Prefix: missing
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  O33 - MountPoints2\{7f677b69-4828-11e2-bee3-00270e003616}\Shell - "" = AutoRun
  O33 - MountPoints2\{bb3e0016-8623-11e2-bde8-00270e003616}\Shell - "" = AutoRun
  [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  [1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
  [1 C:\Windows\SoftwareDistribution\Download\fd41c04f4bf34f49ed89d11d013f35b3\*.tmp files -> C:\Windows\SoftwareDistribution\Download\fd41c04f4bf34f49ed89d11d013f35b3\*.tmp -> ]
  [2013.06.12 20:33:01 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
  [2013.06.12 10:49:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001Core.job
  [2013.06.12 20:49:00 | 000,000,958 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001UA.job
  @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C31F31E6
  
  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "NSU_agent"=-
  "Adobe ARM"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "PC Suite Tray"=-
  "Google Update"=-
  "Zoner Photo Studio Autoupdate"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLPushUpdate]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
  
  :files
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[Warden75]

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1300762496-2828329149-1192743700-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1300762496-2828329149-1192743700-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1300762496-2828329149-1192743700-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F8F259F9-B7C1-4C85-9A5A-BA300958A885}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F259F9-B7C1-4C85-9A5A-BA300958A885}\ not found.
C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\7nm9qbik.default\searchplugins\masearch.xml moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Od&eslat do aplikace OneNote\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f677b69-4828-11e2-bee3-00270e003616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f677b69-4828-11e2-bee3-00270e003616}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb3e0016-8623-11e2-bde8-00270e003616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb3e0016-8623-11e2-bde8-00270e003616}\ not found.
C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28F4.tmp\System.Data.Services.Client.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28F4.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\fd41c04f4bf34f49ed89d11d013f35b3\BIT338D.tmp deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001Core.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300762496-2828329149-1192743700-1001UA.job moved successfully.
ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NSU_agent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PC Suite Tray deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLPushUpdate\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate\ deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hans
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6870932 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 446022412 bytes
->Google Chrome cache emptied: 23605520 bytes
->Flash cache emptied: 1584 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 689557 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 670024 bytes

Total Files Cleaned = 456,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Hans
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Hans
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06122013_214951

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\Cyberlink\CyberLink Live\CLSOMA_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Cyberlink\CyberLink Live\CLSOMA_MONITOR_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Cyberlink\CyberLink Live\live.web.log.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[vyosek]

OTL nam udelalo co melo, jak se chova PC

[Warden75]

v pohodě