Logfile of random's system information tool 1.09 (written by random/random)
Run by Dadka at 2014-01-07 07:36:31
Microsoft Windows 7 Ultimate
System drive C: has 201 GB (66%) free of 305 GB
Total RAM: 3070 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:36:41, on 7.1.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe
C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Dadka\Downloads\RSIT.exe
C:\Program Files\trend micro\Dadka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=77 ... tAodf3QAig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
O2 - BHO: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Dadka\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) - COMPANYVERS_NAME - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe
O23 - Service: vToolbarUpdater17.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
--
End of file - 5844 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.cz"
"avg@toolbar"=C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin]
"Description"=VideoDownloadConverter Plugin
"Path"=C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\searchplugins\
ask-search.xml
ask-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]
Toolbar BHO - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbar.dll [2013-12-01 716360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]
Search Assistant BHO - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll [2013-12-01 62864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233}
{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - VideoDownloadConverter - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2013-12-01 716360]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2013-11-07 4956176]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2013-12-09 2471448]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Olympus ib"=C:\Program Files\Olympus\ib\olycamdetect.exe [2012-02-02 96128]
"MDS_Menu"=C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [2011-08-30 223104]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"ApnTBMon"=C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2013-12-10 1804240]
"VideoDownloadConverter Search Scope Monitor"=C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe [2013-12-01 44784]
"VideoDownloadConverter_4z Browser Plugin Loader"=C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe [2013-12-01 30096]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=C:\Users\Dadka\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-01-07 07:36:31 ----D---- C:\rsit
2014-01-07 07:36:31 ----D---- C:\Program Files\trend micro
2014-01-07 06:56:42 ----D---- C:\Program Files\CCleaner
2014-01-05 21:44:08 ----D---- C:\Users\Dadka\AppData\Roaming\Mediatronic
2014-01-05 21:44:08 ----D---- C:\Program Files\MediaCoder
2014-01-03 18:19:18 ----RASH---- C:\MSDOS.SYS
2014-01-03 18:19:18 ----RASH---- C:\IO.SYS
2013-12-15 21:08:40 ----A---- C:\Windows\system32\D3DX9_42.dll
2013-12-15 21:08:40 ----A---- C:\Windows\system32\d3dx9_31.dll
2013-12-15 21:08:10 ----D---- C:\Program Files\Common Files\PX Storage Engine
2013-12-15 21:08:07 ----D---- C:\Users\Dadka\AppData\Roaming\Winamp
2013-12-15 21:08:07 ----D---- C:\Program Files\Winamp
2013-12-11 16:45:53 ----SHD---- C:\Config.Msi
======List of files/folders modified in the last 1 month======
2014-01-07 07:36:41 ----D---- C:\Windows\Prefetch
2014-01-07 07:36:31 ----RD---- C:\Program Files
2014-01-07 07:30:46 ----D---- C:\Users\Dadka\AppData\Roaming\Seznam.cz
2014-01-07 07:29:48 ----D---- C:\Windows\System32
2014-01-07 07:29:48 ----D---- C:\Windows\inf
2014-01-07 07:29:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-07 07:28:36 ----D---- C:\Windows\Temp
2014-01-07 07:28:36 ----D---- C:\Windows\system32\config
2014-01-07 07:25:37 ----D---- C:\Windows
2014-01-07 06:58:00 ----D---- C:\Windows\Panther
2014-01-07 06:58:00 ----D---- C:\Windows\Logs
2014-01-07 06:58:00 ----D---- C:\Windows\debug
2014-01-07 06:56:43 ----D---- C:\Windows\system32\Tasks
2014-01-07 00:05:27 ----SHD---- C:\System Volume Information
2014-01-06 18:54:22 ----D---- C:\ProgramData\MFAData
2013-12-27 23:32:04 ----D---- C:\Windows\system32\catroot2
2013-12-22 08:50:48 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-12-21 11:54:41 ----D---- C:\Program Files\Mozilla Firefox
2013-12-15 21:08:10 ----D---- C:\Program Files\Common Files
2013-12-11 16:46:05 ----SHD---- C:\Windows\Installer
2013-12-09 12:20:18 ----D---- C:\Program Files\Common Files\AVG Secure Search
2013-12-09 12:20:13 ----D---- C:\ProgramData\AVG Secure Search
2013-12-09 12:20:13 ----D---- C:\Program Files\AVG Secure Search
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2013-10-01 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2013-09-10 27448]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2013-11-05 120600]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-04 209176]
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2013-09-17 22840]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2013-11-11 37664]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 APNMCP;Ask Update Service; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-12-10 166352]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2013-09-24 348008]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 VideoDownloadConverter_4zService;VideoDownloadConverterService; C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2013-12-01 44752]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [2013-12-09 1771544]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-11 116648]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-11 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-21 119408]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu z RSIT. Procesor neustále na cca 5%
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu z RSIT. Procesor neustále na cca
Zdravim 
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu z RSIT. Procesor neustále na cca
Díky, zde je log z OTL.txt:
OTL logfile created on: 9.1.2014 21:40:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dadka\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,70% Memory free
6,00 Gb Paging File | 5,04 Gb Available in Paging File | 83,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 203,36 Gb Free Space | 68,22% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 78,65 Gb Free Space | 80,54% Space Free | Partition Type: NTFS
Drive E: | 135,22 Gb Total Space | 132,07 Gb Free Space | 97,67% Space Free | Partition Type: NTFS
Computer Name: DADKA-PC | User Name: Dadka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.01.09 21:38:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dadka\Desktop\OTL.exe
PRC - [2014.01.08 16:12:32 | 002,486,296 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2014.01.08 16:12:32 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
PRC - [2014.01.08 16:12:32 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
PRC - [2013.12.21 11:54:41 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.12.10 22:52:22 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013.12.10 22:52:13 | 001,804,240 | ---- | M] (APN) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013.12.01 20:51:20 | 000,044,784 | ---- | M] (MindSpark) -- C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe
PRC - [2013.12.01 20:51:20 | 000,044,752 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
PRC - [2013.12.01 20:51:20 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
PRC - [2013.11.18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013.11.11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013.11.07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013.11.07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013.10.28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013.10.28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013.09.24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
PRC - [2012.02.02 15:14:56 | 000,096,128 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\ib\olycamdetect.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2007.09.04 12:51:36 | 001,346,560 | ---- | M] (Daniel Redlich Software) -- D:\DosPrint\DOSPRINT.EXE
========== Modules (No Company Name) ==========
MOD - [2014.01.08 16:12:32 | 002,486,296 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2014.01.08 16:12:32 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
MOD - [2013.12.21 11:54:40 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\7366libfoxloader.dll
MOD - [2013.03.25 15:39:52 | 000,894,968 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
========== Services (SafeList) ==========
SRV - [2014.01.08 16:12:32 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - [2013.12.21 11:54:40 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.10 22:52:22 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013.12.01 20:51:20 | 000,044,752 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe -- (VideoDownloadConverter_4zService)
SRV - [2013.11.11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.09.24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2013.11.11 13:41:24 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013.11.05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013.11.04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013.10.31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013.10.31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013.10.24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013.10.01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013.09.17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013.09.10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013.08.01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.06.10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.tb.ask.com/search/GGmain. ... earchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=77 ... tAodf3QAig
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes,DefaultScope = {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{25851F10-6B33-44D1-BC27-071577CC5E01}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{2D21DD47-0C85-4F31-B704-DBE95091A574}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{2F217AD3-52AA-43E3-ADC3-C2C48A13529D}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{4866858B-14C4-4B95-9866-0AA89EE04214}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{85F585C0-5C18-482A-9EE3-92F99751B666}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{BE31F0F4-1CD9-4B92-A073-A38180D769EC}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.tb.ask.com/search/GGmain. ... earchTerms}
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{E041ACB4-7A4C-434B-8704-55710478CF72}: "URL" = http://www.novinky.cz/hledej?w={searchT ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{EA8CF067-B69F-4EBA-B21C-5A827C9B3762}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{FAB71457-0061-41EA-97D8-0907EFFA6A31}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask Search"
FF - prefs.js..browser.search.defaultenginename: "Ask Search"
FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.selectedEngine: "Ask Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.cz"
FF - prefs.js..extensions.enabledAddons: %7Bea614400-e918-4741-9a97-7a972ff7c30b%7D:2.5.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 [2014.01.08 16:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013.08.04 14:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dadka\AppData\Roaming\Mozilla\Extensions
[2013.12.12 22:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\extensions
[2013.08.04 15:45:07 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2013.12.12 22:51:50 | 000,553,104 | ---- | M] () (No name found) -- C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\extensions\toolbar_ORJ-V7@apn.ask.com.xpi
[2013.09.27 06:48:48 | 000,002,545 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\searchplugins\ask-search.xml
[2013.12.01 20:51:23 | 000,009,624 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\searchplugins\ask-web-search.xml
[2013.11.15 21:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.12.21 11:54:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.seznam.cz/?clid=12454
CHR - Extension: Dokumenty Google = C:\Users\Dadka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Seznam Li\u0161ti\u010Dka - Email = C:\Users\Dadka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0\
CHR - Extension: Seznam Li\u0161ti\u010Dka - Slovn\u00EDk = C:\Users\Dadka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Dadka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Seznam Li\u0161ti\u010Dka - Rychl\u00E1 volba = C:\Users\Dadka\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.5.14_0\
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1244878929-3995975121-869711517-1000..\Run: [cz.seznam.software.autoupdate] C:\Users\Dadka\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKU\S-1-5-21-1244878929-3995975121-869711517-1000..\Run: [cz.seznam.software.szndesktop] C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBC7F6BB-800C-4ABD-AEFB-03D59B9938C2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013.07.29 14:34:52 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.01.09 21:38:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dadka\Desktop\OTL.exe
[2014.01.07 07:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.01.07 07:36:31 | 000,000,000 | ---D | C] -- C:\rsit
[2014.01.07 06:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014.01.07 06:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014.01.05 21:44:09 | 000,000,000 | ---D | C] -- C:\Users\Dadka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder
[2014.01.05 21:44:08 | 000,000,000 | ---D | C] -- C:\Users\Dadka\AppData\Roaming\Mediatronic
[2014.01.05 21:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2014.01.05 19:09:06 | 000,000,000 | ---D | C] -- C:\Users\Dadka\AppData\Local\IAC
[2014.01.05 14:44:38 | 000,000,000 | ---D | C] -- C:\Users\Dadka\Profesionálové
[2014.01.04 18:30:27 | 000,000,000 | ---D | C] -- C:\Users\Dadka\AppData\Local\VideoDownloadConverter_4z
[2014.01.03 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\Dadka\Mrp
[2013.12.29 17:59:46 | 000,000,000 | ---D | C] -- C:\Users\Dadka\Documents\vzpominky-soubory
[2013.12.15 21:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013.12.15 21:08:40 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2013.12.15 21:08:40 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2013.12.15 21:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2013.12.15 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\Dadka\AppData\Roaming\Winamp
[2013.12.15 21:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2013.12.11 16:45:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
========== Files - Modified Within 30 Days ==========
[2014.01.09 21:41:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.01.09 21:38:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dadka\Desktop\OTL.exe
[2014.01.09 20:51:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.09 19:05:28 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.09 06:26:45 | 000,018,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.09 06:26:45 | 000,018,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.09 06:22:55 | 000,622,422 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014.01.09 06:22:55 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.01.09 06:22:55 | 000,118,604 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014.01.09 06:22:55 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.01.09 06:18:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.09 06:18:34 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.08 16:12:54 | 000,003,728 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2014.01.07 06:56:43 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.01.06 18:44:29 | 000,142,757 | ---- | M] () -- C:\Users\Dadka\Documents\vzpominky.pbf
[2014.01.05 21:44:13 | 000,000,989 | ---- | M] () -- C:\Users\Dadka\Desktop\MediaCoder.lnk
[2014.01.03 18:19:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014.01.03 18:19:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013.12.19 21:27:16 | 000,001,095 | ---- | M] () -- C:\Users\Dadka\Desktop\U.BAT.lnk
[2013.12.16 19:11:19 | 000,147,387 | ---- | M] () -- C:\Users\Dadka\Desktop\Bez názvu 1.odp
[2013.12.15 21:08:41 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
========== Files Created - No Company Name ==========
[2014.01.09 21:41:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.01.07 06:56:43 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.01.05 21:44:13 | 000,000,989 | ---- | C] () -- C:\Users\Dadka\Desktop\MediaCoder.lnk
[2014.01.03 18:19:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014.01.03 18:19:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013.12.29 17:59:46 | 000,142,757 | ---- | C] () -- C:\Users\Dadka\Documents\vzpominky.pbf
[2013.12.16 19:11:17 | 000,147,387 | ---- | C] () -- C:\Users\Dadka\Desktop\Bez názvu 1.odp
[2013.12.15 21:08:41 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013.10.14 22:53:35 | 000,007,605 | ---- | C] () -- C:\Users\Dadka\AppData\Local\Resmon.ResmonCfg
[2013.10.11 16:30:13 | 000,216,064 | ---- | C] () -- C:\Windows\System32\gcapi_dll.dll
[2013.10.06 17:16:47 | 000,004,608 | ---- | C] () -- C:\Users\Dadka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.08.06 17:17:10 | 000,003,728 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.08.05 19:50:54 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Ashampoo
[2013.10.15 21:49:14 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\AVG2014
[2013.10.24 09:10:47 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Foxit Software
[2013.08.04 14:26:14 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\GHISLER
[2014.01.05 21:44:08 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Mediatronic
[2013.08.06 06:56:34 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\OpenOffice
[2014.01.09 06:24:03 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Seznam.cz
[2013.08.04 14:20:22 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\TuneUp Software
[2013.08.04 14:35:08 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Zoner
[2013.09.13 08:50:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.09.13 08:50:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 05:53:46 | 000,032,638 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013.10.11 16:30:29 | 000,000,934 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.10.11 16:30:32 | 000,000,938 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< >
< MD5 for: AGP440.SYS >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\avg_a04544\ProgData\*.tmp files -> C:\Windows\Temp\avg_a04544\ProgData\*.tmp -> ]
[1 C:\Windows\Temp\avg_a04544\ProgFiles\AVG Secure Search\*.tmp files -> C:\Windows\Temp\avg_a04544\ProgFiles\AVG Secure Search\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013.08.05 17:07:50 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Adobe
[2013.08.05 19:50:54 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Ashampoo
[2013.10.15 21:49:14 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\AVG2014
[2013.10.24 09:10:47 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Foxit Software
[2013.08.04 14:26:14 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\GHISLER
[2013.08.04 13:41:56 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Identities
[2013.08.05 17:07:50 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Macromedia
[2009.07.14 10:20:06 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Media Center Programs
[2014.01.05 21:44:08 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Mediatronic
[2013.10.01 05:58:22 | 000,000,000 | --SD | M] -- C:\Users\Dadka\AppData\Roaming\Microsoft
[2013.08.04 14:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Mozilla
[2013.08.06 06:56:34 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\OpenOffice
[2014.01.09 06:24:03 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Seznam.cz
[2013.08.04 14:20:22 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\TuneUp Software
[2014.01.07 06:58:09 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Winamp
[2013.08.04 14:40:30 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\WinRAR
[2013.08.04 14:35:08 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2013.05.16 14:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 14:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2013.04.29 11:53:34 | 000,045,560 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013.04.12 09:10:22 | 000,092,664 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014.01.09 06:26:45 | 000,018,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.09 06:26:45 | 000,018,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.09 06:22:55 | 000,118,604 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2014.01.09 06:22:55 | 000,103,370 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014.01.09 06:22:55 | 000,622,422 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2014.01.09 06:22:55 | 000,606,992 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014.01.09 06:22:55 | 001,445,734 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"cz.seznam.software.autoupdate" = "C:\Users\Dadka\AppData\Roaming\Seznam.cz\szninstall.exe" -c -- [2013.05.16 14:25:04 | 001,062,472 | ---- | M] ()
"cz.seznam.software.szndesktop" = "C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -- [2013.04.12 09:10:22 | 000,092,664 | ---- | M] ()
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=1
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.01.09 21:41:58 | 000,000,512 | ---- | M] () MD5=E26741672A9C76F49BC0A52DA6EDEBA0 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2014.01.08 16:12:31 | 000,004,178 | ---- | M] () -- \Program Files\AVG Secure Search\Chrome\content\icons\loader.gif
[2014.01.08 16:12:31 | 000,019,497 | ---- | M] () -- \Program Files\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2013.10.29 09:43:40 | 000,001,668 | ---- | M] () -- \Program Files\HF Designer\Loader.elf
[2013.10.25 09:55:42 | 000,832,064 | ---- | M] () -- \Program Files\HF Designer\Loader.exe
[2008.12.06 17:13:52 | 000,001,070 | ---- | M] () -- \Program Files\MediaCoder\extensions\_include\loader.html
[2012.02.02 15:15:34 | 000,124,200 | ---- | M] () -- \Program Files\Olympus\ib\Koan\pyloader.dll
[2012.02.02 15:15:44 | 000,033,837 | ---- | M] () -- \Program Files\Olympus\ib\subsys\DataCenter\ImageLoader.kc
[2012.02.02 15:15:52 | 000,011,648 | ---- | M] () -- \Program Files\Olympus\ib\subsys\HTMLView\pycom\win32\_win32sysloader.pyd
[2013.07.10 21:08:32 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice 4\program\javaloader.uno.dll
[2013.07.16 14:31:10 | 000,005,813 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.py
[2013.07.10 21:08:34 | 000,020,992 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.dll
[2013.07.16 14:35:46 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.ini
[2013.07.16 14:21:10 | 000,003,868 | ---- | M] () -- \Program Files\OpenOffice 4\program\classes\unoloader.jar
[2013.07.10 14:46:18 | 000,013,420 | ---- | M] () -- \Program Files\OpenOffice 4\program\python-core-2.7.5\lib\unittest\loader.py
[2013.02.19 11:07:28 | 000,030,608 | ---- | M] () -- \Program Files\Seznam.cz\distribution\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2013.08.04 14:19:57 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.1.0.2\modules\skin\ajax-loader.gif
[2013.08.04 14:19:57 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.1.0.2\modules\skin\loader.gif
[2013.08.06 17:17:07 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5\modules\skin\ajax-loader.gif
[2013.08.06 17:17:07 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5\modules\skin\loader.gif
[2013.08.15 12:46:39 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2\modules\skin\ajax-loader.gif
[2013.08.15 12:46:39 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2\modules\skin\loader.gif
[2013.09.28 12:13:40 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.0.0.9\modules\skin\ajax-loader.gif
[2013.09.28 12:13:40 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.0.0.9\modules\skin\loader.gif
[2013.10.02 18:57:40 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12\modules\skin\ajax-loader.gif
[2013.10.02 18:57:40 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12\modules\skin\loader.gif
[2013.11.11 13:41:23 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\skin\ajax-loader.gif
[2013.11.11 13:41:23 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\skin\loader.gif
[2013.12.09 12:20:06 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\skin\ajax-loader.gif
[2013.12.09 12:20:06 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\skin\loader.gif
[2014.01.08 16:12:31 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\ajax-loader.gif
[2014.01.08 16:12:31 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\loader.gif
[2013.08.04 14:19:57 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.1.0.2\modules\skin\ajax-loader.gif
[2013.08.04 14:19:57 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.1.0.2\modules\skin\loader.gif
[2013.08.06 17:17:07 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.4.0.5\modules\skin\ajax-loader.gif
[2013.08.06 17:17:07 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.4.0.5\modules\skin\loader.gif
[2013.08.15 12:46:39 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.5.0.2\modules\skin\ajax-loader.gif
[2013.08.15 12:46:39 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.5.0.2\modules\skin\loader.gif
[2013.09.28 12:13:40 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.0.0.9\modules\skin\ajax-loader.gif
[2013.09.28 12:13:40 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.0.0.9\modules\skin\loader.gif
[2013.10.02 18:57:40 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.0.1.12\modules\skin\ajax-loader.gif
[2013.10.02 18:57:40 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.0.1.12\modules\skin\loader.gif
[2013.11.11 13:41:23 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.1.2.1\modules\skin\ajax-loader.gif
[2013.11.11 13:41:23 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.1.2.1\modules\skin\loader.gif
[2013.12.09 12:20:06 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.2.0.38\modules\skin\ajax-loader.gif
[2013.12.09 12:20:06 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.2.0.38\modules\skin\loader.gif
[2014.01.08 16:12:31 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\ajax-loader.gif
[2014.01.08 16:12:31 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\loader.gif
[2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\bin\7366libfoxloader.dll
[2013.04.15 12:32:10 | 000,060,416 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\bin\7369libfoxloader-x64.dll
[2013.08.04 14:26:35 | 000,000,164 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.02.19 11:07:28 | 000,030,608 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2013.03.25 15:27:20 | 000,000,665 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 15:27:26 | 000,000,117 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
[2014.01.06 18:40:56 | 000,027,608 | ---- | M] () -- \Windows\Prefetch\LOADER.EXE-FE74B447.pf
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2014.01.08 16:12:31 | 000,006,494 | ---- | M] () -- \Windows\Temp\avg_a04544\ProgData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\ajax-loader.gif
[2014.01.08 16:12:31 | 000,000,729 | ---- | M] () -- \Windows\Temp\avg_a04544\ProgData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\loader.gif
[2014.01.08 16:12:31 | 000,004,178 | ---- | M] () -- \Windows\Temp\avg_a04544\ProgFiles\AVG Secure Search\Chrome\content\icons\loader.gif
[2014.01.08 16:12:31 | 000,019,497 | ---- | M] () -- \Windows\Temp\avg_a04544\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2009.07.14 09:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 09:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 09:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2009.07.14 03:17:55 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 03:17:55 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winload.exe_75835076
[2009.07.14 03:17:55 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 09:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2013.11.01 08:57:59 | 000,032,768 | ---- | M] () -- \Users\Dadka\AppData\Local\HF Designer\{C9BD208B-32AB-4CEA-8D67-E5E83797F8BE}\mdbu\Locations!IX_VolumeSerialNumber_Location.ind
[2013.11.01 08:57:59 | 000,008,192 | ---- | M] () -- \Users\Dadka\AppData\Local\HF Designer\{C9BD208B-32AB-4CEA-8D67-E5E83797F8BE}\mdbu\Media!IX_VolumeSerialNumber.ind
[2009.07.14 09:43:23 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009.07.14 05:43:53 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
[2009.07.14 05:43:05 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 09:43:15 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 09:43:17 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009.07.14 09:43:30 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009.07.13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.14 03:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 03:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009.07.14 09:43:55 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 03:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 02:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2009.07.14 09:42:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009.07.14 02:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2009.07.14 02:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 02:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009.07.14 02:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 09:43:23 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2009.07.13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009.07.14 09:43:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c002c1170ca9a88f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 09:43:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2009.07.14 09:43:30 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
< *w7lxe* /s >
< End of report >
a zde Extras.txt:
OTL Extras logfile created on: 9.1.2014 21:40:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dadka\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,70% Memory free
6,00 Gb Paging File | 5,04 Gb Available in Paging File | 83,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 203,36 Gb Free Space | 68,22% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 78,65 Gb Free Space | 80,54% Space Free | Partition Type: NTFS
Drive E: | 135,22 Gb Total Space | 132,07 Gb Free Space | 97,67% Space Free | Partition Type: NTFS
Computer Name: DADKA-PC | User Name: Dadka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1244878929-3995975121-869711517-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11B4C255-9AE1-4FB8-B163-7357B2AA9228}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{293249F4-6F43-48E8-BB1C-9266DF62BC89}" = rport=445 | protocol=6 | dir=out | app=system |
"{2A11A758-ED51-4041-A609-249E6A8B96F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31E5600A-03F4-44E3-9EAE-100401313F3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{432C3584-8EAF-4B15-850D-140937709BD6}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B5B6FA0-E1BE-40FF-AC40-C4F4EB0073D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{7966D8EE-2074-473B-A09A-4E46E1779B0F}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F135A97-DE50-4960-AA45-C3EBFF143CA1}" = rport=138 | protocol=17 | dir=out | app=system |
"{96ABB396-FCE8-48D4-BD47-DF3619B268C9}" = lport=139 | protocol=6 | dir=in | app=system |
"{A42ACC14-963F-450D-99D2-2A5D61C017FB}" = lport=3389 | protocol=6 | dir=in | app=system |
"{B33327B3-0633-4A5E-A22B-469A700CA35B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BFB362E3-FF63-44E1-A468-F90B845E89D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE3F8DAE-35F1-4BBC-BB8A-84DA0ED03786}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0CB55F9-3460-4DAC-8636-51F0AB8BB249}" = lport=445 | protocol=6 | dir=in | app=system |
"{FBDE5931-B4CE-4FFD-8550-B20EAE45127C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A4CE1A-9763-4A5E-8D66-C511150C0FE7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{15DFB58E-ADEF-4559-A3DA-975BD87DA00F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1ADE78C2-9AC9-4BEA-B5B2-EB7A3BACFF9A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{1B690144-0CB7-4D85-9CDC-C4404D447919}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{31B00223-C10F-4508-B4E2-FF658D6395C3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{4DC200AC-3814-403B-BC84-53980594F6D2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6C031188-7B7E-4E57-AA94-BC4A55460D2C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{7AD133D1-5FCC-493D-9DC9-517A3F206253}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"{7C321FCE-25D3-4CDF-8A37-0D51286DEC1C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{8E9E8317-DBCC-455B-8E86-F859B374D43F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CDF348F-E938-4FC4-A889-319D54BD9744}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9D5C1708-C138-4BF8-AA59-C1984BE576A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{A07A73FB-CF2B-44FD-8AD3-5AA5215F8A78}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A91F07DD-76F8-4123-8F28-45A27F915E07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE6F1A1F-ECCE-4BF5-9D0E-9117A5F95863}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"{B8B7C91A-1556-4D67-BD9D-54E0A8419009}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{C8D13137-3CF4-465F-8CCC-7DD58EA13461}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}" = AVG 2014
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F524A2D-5637-006A-76A7-A758B70C0901}" = Ask Toolbar
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A81E275C-C1D1-473D-90D9-7EAE310550C7}" = OpenOffice 4.0.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2014
"AVG Secure Search" = AVG Security Toolbar
"CCleaner" = CCleaner
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Balíček ovladače systému Windows - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HappyFoto-Designer_is1" = HF Designer 4.4
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"MediaCoder" = MediaCoder 0.8.28.5582
"Mozilla Firefox 26.0 (x86 cs)" = Mozilla Firefox 26.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.95
"Totalcmd" = Total Commander (Remove or Repair)
"VideoDownloadConverter_4zbar Uninstall Internet Explorer" = VideoDownloadConverter Internet Explorer Toolbar
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"ZonerPhotoStudio10_CZ_is1" = Zoner Photo Studio 10
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1244878929-3995975121-869711517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SeznamInstall" = Seznam Software
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.12.2013 5:15:20 | Computer Name = Dadka-PC | Source = Application Hang | ID = 1002
Description = Program Zps.exe verze 10.0.1.1 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: cb8 Čas
spuštění: 01cefef62ffb9df1 Čas ukončení: 15 Cesta k aplikaci: C:\Program Files\Zoner\Photo
Studio 10\Program\Zps.exe ID hlášení: 9168b3d0-6ae9-11e3-873b-0016e68d4936
Error - 22.12.2013 5:15:38 | Computer Name = Dadka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Zps.exe, verze: 10.0.1.1, časové razítko:
0x46fe22ba Název chybujícího modulu: MSVCR80.dll, verze: 8.0.50727.4927, časové
razítko: 0x4a2752ff Kód výjimky: 0xc0000006 Posun chyby: 0x000173bd ID chybujícího
procesu: 0x8dc Čas spuštění chybující aplikace: 0x01cefef6591c044d Cesta k chybující
aplikaci: C:\Program Files\Zoner\Photo Studio 10\Program\Zps.exe Cesta k chybujícímu
modulu: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
ID
zprávy: 9eced2ba-6ae9-11e3-873b-0016e68d4936
Error - 22.12.2013 5:15:38 | Computer Name = Dadka-PC | Source = Application Error | ID = 1005
Description = Systém Windows nemůže získat přístup k souboru F:\kostel sv. Antonina\PC301054.JPG
z jednoho z těchto důvodů: došlo k problému s připojením k síti, s diskem, na kterém
je soubor uložen, nebo s ovladači ukládání nainstalovanými v tomto počítači; nebo
disk chybí. Systém Windows kvůli této chybě ukončil program Zoner Photo Studio 10.
Program:
Zoner Photo Studio 10 Soubor: F:\kostel sv. Antonina\PC301054.JPG Hodnota chyby je
uvedena v části Další údaje. Akce uživatele 1. Otevřete soubor znovu. Může se jednat
o dočasný problém, který se při novém spuštění programu nebude opakovat. 2. Pokud
k souboru stále nelze získat přístup a: - Nachází se v síti, měl by správce sítě
ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat. - Je na vyměnitelném
disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen
do počítače. 3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten
lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz
CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte
klávesu ENTER. 4. Pokud potíže potrvají, obnovte soubor ze záložní kopie. 5. Zjistěte,
zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen.
Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového
hardwaru se žádostí o pomoc. Další údaje Hodnota chyby: C000009C Typ disku: 5
Error - 28.12.2013 5:48:26 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 28.12.2013 6:24:03 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 3.1.2014 13:34:32 | Computer Name = Dadka-PC | Source = Application Hang | ID = 1002
Description = Program burningstudio2013.exe verze 11.0.5.38 přestal spolupracovat
se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID
procesu: 948 Čas spuštění: 01cf08a9c111d4fb Čas ukončení: 60000 Cesta k aplikaci:
C:\Program Files\Ashampoo\Ashampoo Burning Studio 2013\burningstudio2013.exe ID hlášení:
223d6d37-749d-11e3-b46b-0016e68d4936
Error - 4.1.2014 8:05:19 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 5.1.2014 21:24:59 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 8.1.2014 3:34:05 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 9.1.2014 2:07:32 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
[ System Events ]
Error - 8.1.2014 14:55:59 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 14:57:00 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:01:00 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:02:00 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:03:00 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:23:01 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:24:01 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:27:01 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:59:01 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 16:17:02 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
< End of report >
Díky. Cecil007
OTL logfile created on: 9.1.2014 21:40:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dadka\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,70% Memory free
6,00 Gb Paging File | 5,04 Gb Available in Paging File | 83,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 203,36 Gb Free Space | 68,22% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 78,65 Gb Free Space | 80,54% Space Free | Partition Type: NTFS
Drive E: | 135,22 Gb Total Space | 132,07 Gb Free Space | 97,67% Space Free | Partition Type: NTFS
Computer Name: DADKA-PC | User Name: Dadka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.01.09 21:38:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dadka\Desktop\OTL.exe
PRC - [2014.01.08 16:12:32 | 002,486,296 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2014.01.08 16:12:32 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
PRC - [2014.01.08 16:12:32 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
PRC - [2013.12.21 11:54:41 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.12.10 22:52:22 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013.12.10 22:52:13 | 001,804,240 | ---- | M] (APN) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013.12.01 20:51:20 | 000,044,784 | ---- | M] (MindSpark) -- C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe
PRC - [2013.12.01 20:51:20 | 000,044,752 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
PRC - [2013.12.01 20:51:20 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
PRC - [2013.11.18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013.11.11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013.11.07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013.11.07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013.10.28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013.10.28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013.09.24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
PRC - [2012.02.02 15:14:56 | 000,096,128 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\ib\olycamdetect.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2007.09.04 12:51:36 | 001,346,560 | ---- | M] (Daniel Redlich Software) -- D:\DosPrint\DOSPRINT.EXE
========== Modules (No Company Name) ==========
MOD - [2014.01.08 16:12:32 | 002,486,296 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2014.01.08 16:12:32 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
MOD - [2013.12.21 11:54:40 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\7366libfoxloader.dll
MOD - [2013.03.25 15:39:52 | 000,894,968 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
========== Services (SafeList) ==========
SRV - [2014.01.08 16:12:32 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - [2013.12.21 11:54:40 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.10 22:52:22 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013.12.01 20:51:20 | 000,044,752 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe -- (VideoDownloadConverter_4zService)
SRV - [2013.11.11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.09.24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2013.11.11 13:41:24 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013.11.05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013.11.04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013.10.31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013.10.31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013.10.24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013.10.01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013.09.17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013.09.10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013.08.01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.06.10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.tb.ask.com/search/GGmain. ... earchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=77 ... tAodf3QAig
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes,DefaultScope = {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{25851F10-6B33-44D1-BC27-071577CC5E01}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{2D21DD47-0C85-4F31-B704-DBE95091A574}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{2F217AD3-52AA-43E3-ADC3-C2C48A13529D}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{4866858B-14C4-4B95-9866-0AA89EE04214}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{85F585C0-5C18-482A-9EE3-92F99751B666}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{BE31F0F4-1CD9-4B92-A073-A38180D769EC}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.tb.ask.com/search/GGmain. ... earchTerms}
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{E041ACB4-7A4C-434B-8704-55710478CF72}: "URL" = http://www.novinky.cz/hledej?w={searchT ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{EA8CF067-B69F-4EBA-B21C-5A827C9B3762}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\SearchScopes\{FAB71457-0061-41EA-97D8-0907EFFA6A31}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_12454
IE - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask Search"
FF - prefs.js..browser.search.defaultenginename: "Ask Search"
FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.selectedEngine: "Ask Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.cz"
FF - prefs.js..extensions.enabledAddons: %7Bea614400-e918-4741-9a97-7a972ff7c30b%7D:2.5.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 [2014.01.08 16:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013.08.04 14:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dadka\AppData\Roaming\Mozilla\Extensions
[2013.12.12 22:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\extensions
[2013.08.04 15:45:07 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2013.12.12 22:51:50 | 000,553,104 | ---- | M] () (No name found) -- C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\extensions\toolbar_ORJ-V7@apn.ask.com.xpi
[2013.09.27 06:48:48 | 000,002,545 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\searchplugins\ask-search.xml
[2013.12.01 20:51:23 | 000,009,624 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Mozilla\Firefox\Profiles\m2g2tkm1.default\searchplugins\ask-web-search.xml
[2013.11.15 21:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.12.21 11:54:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.seznam.cz/?clid=12454
CHR - Extension: Dokumenty Google = C:\Users\Dadka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Seznam Li\u0161ti\u010Dka - Email = C:\Users\Dadka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0\
CHR - Extension: Seznam Li\u0161ti\u010Dka - Slovn\u00EDk = C:\Users\Dadka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Dadka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Seznam Li\u0161ti\u010Dka - Rychl\u00E1 volba = C:\Users\Dadka\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.5.14_0\
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1244878929-3995975121-869711517-1000..\Run: [cz.seznam.software.autoupdate] C:\Users\Dadka\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKU\S-1-5-21-1244878929-3995975121-869711517-1000..\Run: [cz.seznam.software.szndesktop] C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1244878929-3995975121-869711517-1000\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBC7F6BB-800C-4ABD-AEFB-03D59B9938C2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013.07.29 14:34:52 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.01.09 21:38:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dadka\Desktop\OTL.exe
[2014.01.07 07:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.01.07 07:36:31 | 000,000,000 | ---D | C] -- C:\rsit
[2014.01.07 06:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014.01.07 06:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014.01.05 21:44:09 | 000,000,000 | ---D | C] -- C:\Users\Dadka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder
[2014.01.05 21:44:08 | 000,000,000 | ---D | C] -- C:\Users\Dadka\AppData\Roaming\Mediatronic
[2014.01.05 21:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2014.01.05 19:09:06 | 000,000,000 | ---D | C] -- C:\Users\Dadka\AppData\Local\IAC
[2014.01.05 14:44:38 | 000,000,000 | ---D | C] -- C:\Users\Dadka\Profesionálové
[2014.01.04 18:30:27 | 000,000,000 | ---D | C] -- C:\Users\Dadka\AppData\Local\VideoDownloadConverter_4z
[2014.01.03 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\Dadka\Mrp
[2013.12.29 17:59:46 | 000,000,000 | ---D | C] -- C:\Users\Dadka\Documents\vzpominky-soubory
[2013.12.15 21:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013.12.15 21:08:40 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2013.12.15 21:08:40 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2013.12.15 21:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2013.12.15 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\Dadka\AppData\Roaming\Winamp
[2013.12.15 21:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2013.12.11 16:45:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
========== Files - Modified Within 30 Days ==========
[2014.01.09 21:41:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.01.09 21:38:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dadka\Desktop\OTL.exe
[2014.01.09 20:51:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.09 19:05:28 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.09 06:26:45 | 000,018,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.09 06:26:45 | 000,018,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.09 06:22:55 | 000,622,422 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014.01.09 06:22:55 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.01.09 06:22:55 | 000,118,604 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014.01.09 06:22:55 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.01.09 06:18:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.09 06:18:34 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.08 16:12:54 | 000,003,728 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2014.01.07 06:56:43 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.01.06 18:44:29 | 000,142,757 | ---- | M] () -- C:\Users\Dadka\Documents\vzpominky.pbf
[2014.01.05 21:44:13 | 000,000,989 | ---- | M] () -- C:\Users\Dadka\Desktop\MediaCoder.lnk
[2014.01.03 18:19:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014.01.03 18:19:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013.12.19 21:27:16 | 000,001,095 | ---- | M] () -- C:\Users\Dadka\Desktop\U.BAT.lnk
[2013.12.16 19:11:19 | 000,147,387 | ---- | M] () -- C:\Users\Dadka\Desktop\Bez názvu 1.odp
[2013.12.15 21:08:41 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
========== Files Created - No Company Name ==========
[2014.01.09 21:41:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.01.07 06:56:43 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.01.05 21:44:13 | 000,000,989 | ---- | C] () -- C:\Users\Dadka\Desktop\MediaCoder.lnk
[2014.01.03 18:19:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014.01.03 18:19:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013.12.29 17:59:46 | 000,142,757 | ---- | C] () -- C:\Users\Dadka\Documents\vzpominky.pbf
[2013.12.16 19:11:17 | 000,147,387 | ---- | C] () -- C:\Users\Dadka\Desktop\Bez názvu 1.odp
[2013.12.15 21:08:41 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013.10.14 22:53:35 | 000,007,605 | ---- | C] () -- C:\Users\Dadka\AppData\Local\Resmon.ResmonCfg
[2013.10.11 16:30:13 | 000,216,064 | ---- | C] () -- C:\Windows\System32\gcapi_dll.dll
[2013.10.06 17:16:47 | 000,004,608 | ---- | C] () -- C:\Users\Dadka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.08.06 17:17:10 | 000,003,728 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.08.05 19:50:54 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Ashampoo
[2013.10.15 21:49:14 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\AVG2014
[2013.10.24 09:10:47 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Foxit Software
[2013.08.04 14:26:14 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\GHISLER
[2014.01.05 21:44:08 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Mediatronic
[2013.08.06 06:56:34 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\OpenOffice
[2014.01.09 06:24:03 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Seznam.cz
[2013.08.04 14:20:22 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\TuneUp Software
[2013.08.04 14:35:08 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Zoner
[2013.09.13 08:50:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.09.13 08:50:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 05:53:46 | 000,032,638 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013.10.11 16:30:29 | 000,000,934 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.10.11 16:30:32 | 000,000,938 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< >
< MD5 for: AGP440.SYS >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\avg_a04544\ProgData\*.tmp files -> C:\Windows\Temp\avg_a04544\ProgData\*.tmp -> ]
[1 C:\Windows\Temp\avg_a04544\ProgFiles\AVG Secure Search\*.tmp files -> C:\Windows\Temp\avg_a04544\ProgFiles\AVG Secure Search\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013.08.05 17:07:50 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Adobe
[2013.08.05 19:50:54 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Ashampoo
[2013.10.15 21:49:14 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\AVG2014
[2013.10.24 09:10:47 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Foxit Software
[2013.08.04 14:26:14 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\GHISLER
[2013.08.04 13:41:56 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Identities
[2013.08.05 17:07:50 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Macromedia
[2009.07.14 10:20:06 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Media Center Programs
[2014.01.05 21:44:08 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Mediatronic
[2013.10.01 05:58:22 | 000,000,000 | --SD | M] -- C:\Users\Dadka\AppData\Roaming\Microsoft
[2013.08.04 14:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Mozilla
[2013.08.06 06:56:34 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\OpenOffice
[2014.01.09 06:24:03 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Seznam.cz
[2013.08.04 14:20:22 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\TuneUp Software
[2014.01.07 06:58:09 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Winamp
[2013.08.04 14:40:30 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\WinRAR
[2013.08.04 14:35:08 | 000,000,000 | ---D | M] -- C:\Users\Dadka\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2013.05.16 14:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 14:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2013.04.29 11:53:34 | 000,045,560 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013.04.12 09:10:22 | 000,092,664 | ---- | M] () -- C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014.01.09 06:26:45 | 000,018,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.09 06:26:45 | 000,018,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.09 06:22:55 | 000,118,604 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2014.01.09 06:22:55 | 000,103,370 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014.01.09 06:22:55 | 000,622,422 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2014.01.09 06:22:55 | 000,606,992 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014.01.09 06:22:55 | 001,445,734 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"cz.seznam.software.autoupdate" = "C:\Users\Dadka\AppData\Roaming\Seznam.cz\szninstall.exe" -c -- [2013.05.16 14:25:04 | 001,062,472 | ---- | M] ()
"cz.seznam.software.szndesktop" = "C:\Users\Dadka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -- [2013.04.12 09:10:22 | 000,092,664 | ---- | M] ()
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=1
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.01.09 21:41:58 | 000,000,512 | ---- | M] () MD5=E26741672A9C76F49BC0A52DA6EDEBA0 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2014.01.08 16:12:31 | 000,004,178 | ---- | M] () -- \Program Files\AVG Secure Search\Chrome\content\icons\loader.gif
[2014.01.08 16:12:31 | 000,019,497 | ---- | M] () -- \Program Files\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2013.10.29 09:43:40 | 000,001,668 | ---- | M] () -- \Program Files\HF Designer\Loader.elf
[2013.10.25 09:55:42 | 000,832,064 | ---- | M] () -- \Program Files\HF Designer\Loader.exe
[2008.12.06 17:13:52 | 000,001,070 | ---- | M] () -- \Program Files\MediaCoder\extensions\_include\loader.html
[2012.02.02 15:15:34 | 000,124,200 | ---- | M] () -- \Program Files\Olympus\ib\Koan\pyloader.dll
[2012.02.02 15:15:44 | 000,033,837 | ---- | M] () -- \Program Files\Olympus\ib\subsys\DataCenter\ImageLoader.kc
[2012.02.02 15:15:52 | 000,011,648 | ---- | M] () -- \Program Files\Olympus\ib\subsys\HTMLView\pycom\win32\_win32sysloader.pyd
[2013.07.10 21:08:32 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice 4\program\javaloader.uno.dll
[2013.07.16 14:31:10 | 000,005,813 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.py
[2013.07.10 21:08:34 | 000,020,992 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.dll
[2013.07.16 14:35:46 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.ini
[2013.07.16 14:21:10 | 000,003,868 | ---- | M] () -- \Program Files\OpenOffice 4\program\classes\unoloader.jar
[2013.07.10 14:46:18 | 000,013,420 | ---- | M] () -- \Program Files\OpenOffice 4\program\python-core-2.7.5\lib\unittest\loader.py
[2013.02.19 11:07:28 | 000,030,608 | ---- | M] () -- \Program Files\Seznam.cz\distribution\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2013.08.04 14:19:57 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.1.0.2\modules\skin\ajax-loader.gif
[2013.08.04 14:19:57 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.1.0.2\modules\skin\loader.gif
[2013.08.06 17:17:07 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5\modules\skin\ajax-loader.gif
[2013.08.06 17:17:07 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5\modules\skin\loader.gif
[2013.08.15 12:46:39 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2\modules\skin\ajax-loader.gif
[2013.08.15 12:46:39 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2\modules\skin\loader.gif
[2013.09.28 12:13:40 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.0.0.9\modules\skin\ajax-loader.gif
[2013.09.28 12:13:40 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.0.0.9\modules\skin\loader.gif
[2013.10.02 18:57:40 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12\modules\skin\ajax-loader.gif
[2013.10.02 18:57:40 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12\modules\skin\loader.gif
[2013.11.11 13:41:23 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\skin\ajax-loader.gif
[2013.11.11 13:41:23 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\skin\loader.gif
[2013.12.09 12:20:06 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\skin\ajax-loader.gif
[2013.12.09 12:20:06 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\skin\loader.gif
[2014.01.08 16:12:31 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\ajax-loader.gif
[2014.01.08 16:12:31 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\loader.gif
[2013.08.04 14:19:57 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.1.0.2\modules\skin\ajax-loader.gif
[2013.08.04 14:19:57 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.1.0.2\modules\skin\loader.gif
[2013.08.06 17:17:07 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.4.0.5\modules\skin\ajax-loader.gif
[2013.08.06 17:17:07 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.4.0.5\modules\skin\loader.gif
[2013.08.15 12:46:39 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.5.0.2\modules\skin\ajax-loader.gif
[2013.08.15 12:46:39 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\15.5.0.2\modules\skin\loader.gif
[2013.09.28 12:13:40 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.0.0.9\modules\skin\ajax-loader.gif
[2013.09.28 12:13:40 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.0.0.9\modules\skin\loader.gif
[2013.10.02 18:57:40 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.0.1.12\modules\skin\ajax-loader.gif
[2013.10.02 18:57:40 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.0.1.12\modules\skin\loader.gif
[2013.11.11 13:41:23 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.1.2.1\modules\skin\ajax-loader.gif
[2013.11.11 13:41:23 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.1.2.1\modules\skin\loader.gif
[2013.12.09 12:20:06 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.2.0.38\modules\skin\ajax-loader.gif
[2013.12.09 12:20:06 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.2.0.38\modules\skin\loader.gif
[2014.01.08 16:12:31 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\ajax-loader.gif
[2014.01.08 16:12:31 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\loader.gif
[2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\bin\7366libfoxloader.dll
[2013.04.15 12:32:10 | 000,060,416 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\bin\7369libfoxloader-x64.dll
[2013.08.04 14:26:35 | 000,000,164 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.02.19 11:07:28 | 000,030,608 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2013.03.25 15:27:20 | 000,000,665 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 15:27:26 | 000,000,117 | ---- | M] () -- \Users\Dadka\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
[2014.01.06 18:40:56 | 000,027,608 | ---- | M] () -- \Windows\Prefetch\LOADER.EXE-FE74B447.pf
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2014.01.08 16:12:31 | 000,006,494 | ---- | M] () -- \Windows\Temp\avg_a04544\ProgData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\ajax-loader.gif
[2014.01.08 16:12:31 | 000,000,729 | ---- | M] () -- \Windows\Temp\avg_a04544\ProgData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\skin\loader.gif
[2014.01.08 16:12:31 | 000,004,178 | ---- | M] () -- \Windows\Temp\avg_a04544\ProgFiles\AVG Secure Search\Chrome\content\icons\loader.gif
[2014.01.08 16:12:31 | 000,019,497 | ---- | M] () -- \Windows\Temp\avg_a04544\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2009.07.14 09:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 09:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 09:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2009.07.14 03:17:55 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 03:17:55 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winload.exe_75835076
[2009.07.14 03:17:55 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 09:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2013.11.01 08:57:59 | 000,032,768 | ---- | M] () -- \Users\Dadka\AppData\Local\HF Designer\{C9BD208B-32AB-4CEA-8D67-E5E83797F8BE}\mdbu\Locations!IX_VolumeSerialNumber_Location.ind
[2013.11.01 08:57:59 | 000,008,192 | ---- | M] () -- \Users\Dadka\AppData\Local\HF Designer\{C9BD208B-32AB-4CEA-8D67-E5E83797F8BE}\mdbu\Media!IX_VolumeSerialNumber.ind
[2009.07.14 09:43:23 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009.07.14 05:43:53 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
[2009.07.14 05:43:05 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 09:43:15 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 09:43:17 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009.07.14 09:43:30 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009.07.13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.14 03:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 03:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009.07.14 09:43:55 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 03:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 02:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2009.07.14 09:42:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009.07.14 02:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2009.07.14 02:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 02:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009.07.14 02:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 09:43:23 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2009.07.13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009.07.14 09:43:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c002c1170ca9a88f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 09:43:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2009.07.14 09:43:30 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
< *w7lxe* /s >
< End of report >
a zde Extras.txt:
OTL Extras logfile created on: 9.1.2014 21:40:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dadka\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,70% Memory free
6,00 Gb Paging File | 5,04 Gb Available in Paging File | 83,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 203,36 Gb Free Space | 68,22% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 78,65 Gb Free Space | 80,54% Space Free | Partition Type: NTFS
Drive E: | 135,22 Gb Total Space | 132,07 Gb Free Space | 97,67% Space Free | Partition Type: NTFS
Computer Name: DADKA-PC | User Name: Dadka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1244878929-3995975121-869711517-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11B4C255-9AE1-4FB8-B163-7357B2AA9228}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{293249F4-6F43-48E8-BB1C-9266DF62BC89}" = rport=445 | protocol=6 | dir=out | app=system |
"{2A11A758-ED51-4041-A609-249E6A8B96F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31E5600A-03F4-44E3-9EAE-100401313F3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{432C3584-8EAF-4B15-850D-140937709BD6}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B5B6FA0-E1BE-40FF-AC40-C4F4EB0073D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{7966D8EE-2074-473B-A09A-4E46E1779B0F}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F135A97-DE50-4960-AA45-C3EBFF143CA1}" = rport=138 | protocol=17 | dir=out | app=system |
"{96ABB396-FCE8-48D4-BD47-DF3619B268C9}" = lport=139 | protocol=6 | dir=in | app=system |
"{A42ACC14-963F-450D-99D2-2A5D61C017FB}" = lport=3389 | protocol=6 | dir=in | app=system |
"{B33327B3-0633-4A5E-A22B-469A700CA35B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BFB362E3-FF63-44E1-A468-F90B845E89D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE3F8DAE-35F1-4BBC-BB8A-84DA0ED03786}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0CB55F9-3460-4DAC-8636-51F0AB8BB249}" = lport=445 | protocol=6 | dir=in | app=system |
"{FBDE5931-B4CE-4FFD-8550-B20EAE45127C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A4CE1A-9763-4A5E-8D66-C511150C0FE7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{15DFB58E-ADEF-4559-A3DA-975BD87DA00F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1ADE78C2-9AC9-4BEA-B5B2-EB7A3BACFF9A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{1B690144-0CB7-4D85-9CDC-C4404D447919}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{31B00223-C10F-4508-B4E2-FF658D6395C3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{4DC200AC-3814-403B-BC84-53980594F6D2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6C031188-7B7E-4E57-AA94-BC4A55460D2C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{7AD133D1-5FCC-493D-9DC9-517A3F206253}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"{7C321FCE-25D3-4CDF-8A37-0D51286DEC1C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{8E9E8317-DBCC-455B-8E86-F859B374D43F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CDF348F-E938-4FC4-A889-319D54BD9744}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9D5C1708-C138-4BF8-AA59-C1984BE576A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{A07A73FB-CF2B-44FD-8AD3-5AA5215F8A78}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A91F07DD-76F8-4123-8F28-45A27F915E07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE6F1A1F-ECCE-4BF5-9D0E-9117A5F95863}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"{B8B7C91A-1556-4D67-BD9D-54E0A8419009}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{C8D13137-3CF4-465F-8CCC-7DD58EA13461}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}" = AVG 2014
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F524A2D-5637-006A-76A7-A758B70C0901}" = Ask Toolbar
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A81E275C-C1D1-473D-90D9-7EAE310550C7}" = OpenOffice 4.0.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2014
"AVG Secure Search" = AVG Security Toolbar
"CCleaner" = CCleaner
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Balíček ovladače systému Windows - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HappyFoto-Designer_is1" = HF Designer 4.4
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"MediaCoder" = MediaCoder 0.8.28.5582
"Mozilla Firefox 26.0 (x86 cs)" = Mozilla Firefox 26.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.95
"Totalcmd" = Total Commander (Remove or Repair)
"VideoDownloadConverter_4zbar Uninstall Internet Explorer" = VideoDownloadConverter Internet Explorer Toolbar
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"ZonerPhotoStudio10_CZ_is1" = Zoner Photo Studio 10
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1244878929-3995975121-869711517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SeznamInstall" = Seznam Software
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.12.2013 5:15:20 | Computer Name = Dadka-PC | Source = Application Hang | ID = 1002
Description = Program Zps.exe verze 10.0.1.1 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: cb8 Čas
spuštění: 01cefef62ffb9df1 Čas ukončení: 15 Cesta k aplikaci: C:\Program Files\Zoner\Photo
Studio 10\Program\Zps.exe ID hlášení: 9168b3d0-6ae9-11e3-873b-0016e68d4936
Error - 22.12.2013 5:15:38 | Computer Name = Dadka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Zps.exe, verze: 10.0.1.1, časové razítko:
0x46fe22ba Název chybujícího modulu: MSVCR80.dll, verze: 8.0.50727.4927, časové
razítko: 0x4a2752ff Kód výjimky: 0xc0000006 Posun chyby: 0x000173bd ID chybujícího
procesu: 0x8dc Čas spuštění chybující aplikace: 0x01cefef6591c044d Cesta k chybující
aplikaci: C:\Program Files\Zoner\Photo Studio 10\Program\Zps.exe Cesta k chybujícímu
modulu: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
ID
zprávy: 9eced2ba-6ae9-11e3-873b-0016e68d4936
Error - 22.12.2013 5:15:38 | Computer Name = Dadka-PC | Source = Application Error | ID = 1005
Description = Systém Windows nemůže získat přístup k souboru F:\kostel sv. Antonina\PC301054.JPG
z jednoho z těchto důvodů: došlo k problému s připojením k síti, s diskem, na kterém
je soubor uložen, nebo s ovladači ukládání nainstalovanými v tomto počítači; nebo
disk chybí. Systém Windows kvůli této chybě ukončil program Zoner Photo Studio 10.
Program:
Zoner Photo Studio 10 Soubor: F:\kostel sv. Antonina\PC301054.JPG Hodnota chyby je
uvedena v části Další údaje. Akce uživatele 1. Otevřete soubor znovu. Může se jednat
o dočasný problém, který se při novém spuštění programu nebude opakovat. 2. Pokud
k souboru stále nelze získat přístup a: - Nachází se v síti, měl by správce sítě
ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat. - Je na vyměnitelném
disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen
do počítače. 3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten
lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz
CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte
klávesu ENTER. 4. Pokud potíže potrvají, obnovte soubor ze záložní kopie. 5. Zjistěte,
zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen.
Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového
hardwaru se žádostí o pomoc. Další údaje Hodnota chyby: C000009C Typ disku: 5
Error - 28.12.2013 5:48:26 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 28.12.2013 6:24:03 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 3.1.2014 13:34:32 | Computer Name = Dadka-PC | Source = Application Hang | ID = 1002
Description = Program burningstudio2013.exe verze 11.0.5.38 přestal spolupracovat
se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID
procesu: 948 Čas spuštění: 01cf08a9c111d4fb Čas ukončení: 60000 Cesta k aplikaci:
C:\Program Files\Ashampoo\Ashampoo Burning Studio 2013\burningstudio2013.exe ID hlášení:
223d6d37-749d-11e3-b46b-0016e68d4936
Error - 4.1.2014 8:05:19 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 5.1.2014 21:24:59 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 8.1.2014 3:34:05 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 9.1.2014 2:07:32 | Computer Name = Dadka-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\totalcmd\TCUNIN64.EXE se nezdařilo.
Závislé
sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
[ System Events ]
Error - 8.1.2014 14:55:59 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 14:57:00 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:01:00 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:02:00 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:03:00 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:23:01 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:24:01 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:27:01 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 15:59:01 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
Error - 8.1.2014 16:17:02 | Computer Name = Dadka-PC | Source = srv | ID = 2017
Description = Server nemůže vyhradit paměť ze systémového nestránkovaného fondu,
protože bylo dosaženo nastaveného limitu vyhrazení nestránkovaného fondu.
< End of report >
Díky. Cecil007
Re: Prosím o kontrolu logu z RSIT. Procesor neustále na cca
Jen se jeste zeptam, jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze 
Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce8.2. pro neaktivitu
http://forum.viry.cz/viewtopic.php?f=12&t=123975Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?