Reklamy v prohlížeči + další nepořádek v ntb

Zpráva

gledy · #1 Příspěvek od **gledy** » 05 dub 2015 10:47

Zdravím,

určitě nejsem sám, ale natáhnul se mi do prohlížeče malware a všude mi vyskakují reklamy (Ad by Block The Ads) a občas nějaké okno. Plus tedy určitě v ntb bude ještě něco navíc.

Prosím o kontrolu logu a pomoc.. Děkuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2015-04-05 11:25:43
Microsoft Windows 7 Ultimate
System drive C: has 120 GB (25%) free of 473 GB
Total RAM: 3531 MB (36% free)

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
c:\windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservice
atieclxx
c:\windows\system32\svchost.exe -k networkservice
C:\Windows\system32\WLANExt.exe 28327248
\??\C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemContinue\SystemContinue.dll",serv
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemContinue\SystemContinue.dll",serv
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"
C:\Windows\SysWOW64\nlssrv32.exe
c:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"taskhost.exe"
taskeng.exe {6EBE2C15-1421-4FEF-BA96-5414C503E979}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 2260
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe"
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"C:\ProgramData\{d0682af7-4e18-7087-d068-82af74e1abdd}\gotham-black_copyfonts.com.exe" --startup=1
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe" -itrayautostart
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
"C:\Users\Petr\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
c:\windows\system32\svchost.exe -k localservicepeernet
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
c:\windows\system32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3052.0.706018730\538035792" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,39 --gpu-vendor-id=0x1002 --gpu-device-id=0x9832 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=12.102.1.1000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPAllowMatchInTLDAndSchemeR2_PostPeriod/PasswordGeneration/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-SupportVP9/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3052.4.751548374\1359337129" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPAllowMatchInTLDAndSchemeR2_PostPeriod/PasswordGeneration/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-SupportVP9/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3052.5.1674788207\1915305402" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPAllowMatchInTLDAndSchemeR2_PostPeriod/PasswordGeneration/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-SupportVP9/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3052.6.1337823328\1558676432" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPAllowMatchInTLDAndSchemeR2_PostPeriod/PasswordGeneration/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-SupportVP9/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3052.7.130910037\514552749" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPAllowMatchInTLDAndSchemeR2_PostPeriod/PasswordGeneration/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-SupportVP9/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3052.10.637028297\192993592" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3052.11.1314163679\1487453851" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPAllowMatchInTLDAndSchemeR2_PostPeriod/PasswordGeneration/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-SupportVP9/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3052.13.1611466141\346850752" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPAllowMatchInTLDAndSchemeR2_PostPeriod/PasswordGeneration/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJune2016/Warning/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-SupportVP9/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3052.40.1136177642\519143972" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPAllowMatchInTLDAndSchemeR2_PostPeriod/PasswordGeneration/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJune2016/Warning/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-SupportVP9/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3052.42.738484055\2008385243" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPAllowMatchInTLDAndSchemeR2_PostPeriod/PasswordGeneration/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJune2016/Warning/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-SupportVP9/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3052.50.556570728\1830597295" /prefetch:673131151
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\trend micro\Petr.exe" /silentautolog
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPAllowMatchInTLDAndSchemeR2_PostPeriod/PasswordGeneration/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJune2016/Warning/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-SupportVP9/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3052.60.1374299930\829378545" /prefetch:673131151
"C:\Users\Petr\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\4gzmd2mp.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.67.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [2012-12-27 1023104]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-03-18 13427784]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2013-04-10 2890640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"Spotify"=C:\Users\Petr\AppData\Roaming\Spotify\spotify.exe [2015-04-04 7112248]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2014-10-17 43816]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2014-11-21 43816]
"iCloudDrive"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [2014-10-20 43816]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-01-20 7404312]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-10-11 60712]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"mncrugoSrv"=C:\Windows\inf\mncrugo.vbe [2014-01-19 1342]
"mncstcnSrv"=C:\Windows\inf\mncstcn.vbe [2014-01-19 1342]
"mncjdhwxmSrv"=C:\Windows\system32\mncjdhwxm.vbe []
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-10-15 157480]

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
gotham-black_copyfonts.com.lnk - C:\ProgramData\{d0682af7-4e18-7087-d068-82af74e1abdd}\gotham-black_copyfonts.com.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave7"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\Windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 month======

2015-04-05 11:02:33 ----D---- C:\Program Files\trend micro
2015-04-05 11:02:32 ----D---- C:\rsit
2015-04-02 20:41:59 ----D---- C:\Users\Petr\AppData\Roaming\Mozilla
2015-04-02 20:41:37 ----D---- C:\ProgramData\Mozilla
2015-04-02 20:41:37 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-02 19:55:17 ----D---- C:\Users\Petr\AppData\Roaming\ViberPC
2015-03-17 12:12:47 ----D---- C:\ProgramData\Adobe

======List of files/folders modified in the last 1 month======

2015-04-05 11:25:41 ----D---- C:\Windows\Temp
2015-04-05 11:02:33 ----RD---- C:\Program Files
2015-04-05 10:55:06 ----D---- C:\Windows\system32\config
2015-04-04 21:15:49 ----D---- C:\Users\Petr\AppData\Roaming\Spotify
2015-04-04 21:15:05 ----D---- C:\Windows\Prefetch
2015-04-04 12:54:56 ----D---- C:\Windows\System32
2015-04-04 12:54:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-04 12:54:55 ----D---- C:\Windows\inf
2015-04-04 12:53:12 ----D---- C:\Windows\system32\NDF
2015-04-02 20:41:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-04-02 20:41:37 ----RD---- C:\Program Files (x86)
2015-04-02 20:41:37 ----HD---- C:\ProgramData
2015-04-02 20:32:09 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2015-04-02 10:49:40 ----RSD---- C:\Windows\Fonts
2015-04-01 18:03:20 ----D---- C:\Windows\Minidump
2015-04-01 17:52:13 ----AD---- C:\Windows
2015-03-30 21:04:16 ----D---- C:\Users\Petr\AppData\Roaming\FileZilla
2015-03-30 20:32:38 ----D---- C:\Program Files (x86)\FileZilla FTP Client
2015-03-29 20:38:24 ----SHD---- C:\System Volume Information
2015-03-22 14:43:08 ----D---- C:\The KMPlayer
2015-03-17 12:53:59 ----D---- C:\Users\Petr\AppData\Roaming\Adobe
2015-03-17 11:00:53 ----D---- C:\Program Files (x86)\TeamViewer
2015-03-17 11:00:50 ----D---- C:\Windows\system32\Tasks
2015-03-10 19:32:24 ----D---- C:\Users\Petr\AppData\Roaming\TeamViewer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 iSafeKrnl;YAC Mini-Filter Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [2015-01-19 249000]
R1 iSafeKrnlKit;YAC Kit Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [2015-01-19 99496]
R1 iSafeKrnlMon;YAC Monitor Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [2015-01-19 42152]
R1 iSafeKrnlR3;YAC Ring3 Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [2015-01-19 93352]
R1 iSafeNetFilter;YAC NDIS Driver; C:\Windows\system32\DRIVERS\iSafeNetFilter.sys [2015-01-03 52392]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\amdhub30.sys [2012-11-28 107688]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-03-19 11644416]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-03-19 581120]
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\amdxhc.sys [2012-11-28 228008]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2013-01-22 3851776]
R3 AthrSdSrv;AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [2012-12-01 48760]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-02-14 96768]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2012-12-27 30848]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2013-04-10 364944]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-03-19 3363016]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-12-19 118504]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2012-08-28 58536]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2012-12-27 36480]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2012-12-27 341120]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2012-12-27 111232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2012-12-27 168064]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2012-12-27 68736]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2012-12-27 281728]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2012-12-27 551552]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 iSafeKrnlBoot;YAC Boot Driver; C:\Windows\system32\DRIVERS\iSafeKrnlBoot.sys []
S3 ks4avs;Kontrol S4 WDM Audio; C:\Windows\System32\Drivers\ks4avs.sys [2012-12-18 359784]
S3 ks4usb_svc;Traktor Kontrol S4; C:\Windows\System32\Drivers\ks4usb.sys [2012-12-18 101736]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2013-07-25 23040]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TTM57SLUsb;TTM 57SL USB driver; C:\Windows\System32\Drivers\TTM57SLUsb.sys [2013-07-09 49144]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-08-16 54784]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-03-19 241152]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-07 60744]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2012-12-27 204928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 iSafeService;YAC Service; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [2015-01-19 120128]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2014-01-23 11936560]
R2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.; C:\Windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-02-17 5436176]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 643880]
S2 9617fb41;SystemContinue; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-21 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-21 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-27 148080]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-09-23 833728]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 05 dub 2015 10:53

Zdravim

Nedavejte prosim logy do code, spatne se to lusti

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence (v hodnote nejake tisic) Ultimate zrovna neni bezna domaci verze

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

gledy · #3 Příspěvek od **gledy** » 05 dub 2015 12:05

OTL logfile created on: 5.4.2015 11:58:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petr\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,45 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 34,88% Memory free
6,89 Gb Paging File | 4,01 Gb Available in Paging File | 58,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 461,76 Gb Total Space | 118,85 Gb Free Space | 25,74% Space Free | Partition Type: NTFS

Computer Name: PETR-PC | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2015.04.05 11:56:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
PRC - [2015.04.04 21:15:25 | 002,018,360 | ---- | M] (Spotify Ltd) -- C:\Users\Petr\AppData\Roaming\Spotify\SpotifyWebHelper.exe
PRC - [2015.02.17 11:05:26 | 005,436,176 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2015.01.25 08:08:45 | 000,843,592 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015.01.19 13:05:19 | 000,684,840 | ---- | M] () -- C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe
PRC - [2015.01.19 13:04:45 | 000,354,088 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
PRC - [2015.01.19 13:00:23 | 000,120,128 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
PRC - [2015.01.19 13:00:23 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
PRC - [2014.11.21 14:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
PRC - [2014.11.21 14:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014.10.20 18:52:12 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
PRC - [2014.10.17 16:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014.10.11 14:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014.02.03 19:10:16 | 001,177,088 | ---- | M] () -- C:\ProgramData\{d0682af7-4e18-7087-d068-82af74e1abdd}\gotham-black_copyfonts.com.exe
PRC - [2011.09.22 18:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

========== Modules (No Company Name) ==========

MOD - [2015.03.29 12:25:26 | 000,039,384 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2015.02.03 13:22:16 | 014,964,912 | ---- | M] () -- C:\Users\Petr\AppData\Local\Google\Chrome\User Data\PepperFlash\16.0.0.305\pepflashplayer.dll
MOD - [2015.01.25 08:08:41 | 009,170,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
MOD - [2015.01.25 08:08:37 | 001,117,512 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
MOD - [2015.01.25 08:08:35 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
MOD - [2015.01.19 13:05:22 | 000,208,680 | ---- | M] () -- C:\Program Files (x86)\Elex-tech\YAC\iddmgr.dll
MOD - [2015.01.19 13:05:19 | 000,684,840 | ---- | M] () -- C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe
MOD - [2015.01.19 13:00:23 | 000,185,656 | ---- | M] () -- C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
MOD - [2015.01.19 13:00:23 | 000,065,696 | ---- | M] () -- C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
MOD - [2014.10.11 14:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014.02.12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014.02.03 19:10:16 | 001,177,088 | ---- | M] () -- C:\ProgramData\{d0682af7-4e18-7087-d068-82af74e1abdd}\gotham-black_copyfonts.com.exe

========== Services (SafeList) ==========

SRV:64bit: - [2014.01.23 12:41:17 | 011,936,560 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2013.03.19 18:01:16 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (9617fb41)
SRV - [2015.03.27 07:00:16 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.02.17 11:05:26 | 005,436,176 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2015.02.06 21:05:00 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.01.19 13:00:23 | 000,120,128 | ---- | M] (Elex do Brasil Participações Ltda) [Auto | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe -- (iSafeService)
SRV - [2014.09.23 06:32:08 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.27 19:39:52 | 000,204,928 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011.09.22 18:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2015.01.03 10:57:03 | 000,052,392 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\iSafeNetFilter.sys -- (iSafeNetFilter)
DRV:64bit: - [2014.08.16 00:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013.07.25 17:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013.07.09 13:28:38 | 000,049,144 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TTM57SLUsb.sys -- (TTM57SLUsb)
DRV:64bit: - [2013.04.10 15:36:56 | 000,364,944 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2013.03.19 18:55:48 | 011,644,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.19 17:34:02 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.01.22 20:19:10 | 003,851,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.12.27 19:40:22 | 000,551,552 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012.12.27 19:40:20 | 000,281,728 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.12.27 19:40:20 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.12.27 19:40:20 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.12.27 19:40:14 | 000,341,120 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.12.27 19:40:14 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.12.27 19:40:14 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.12.27 19:40:14 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.12.19 00:40:58 | 000,118,504 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012.12.18 08:46:50 | 000,359,784 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ks4avs.sys -- (ks4avs)
DRV:64bit: - [2012.12.18 08:46:50 | 000,101,736 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ks4usb.sys -- (ks4usb_svc)
DRV:64bit: - [2012.12.01 01:40:16 | 000,048,760 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrsd.sys -- (AthrSdSrv)
DRV:64bit: - [2012.11.28 17:29:08 | 000,228,008 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2012.11.28 17:29:06 | 000,107,688 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2012.08.28 14:27:24 | 000,058,536 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015.01.19 13:04:12 | 000,249,000 | ---- | M] (Elex do Brasil Participações Ltda) [File_System | System | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys -- (iSafeKrnl)
DRV - [2015.01.19 13:04:12 | 000,099,496 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys -- (iSafeKrnlKit)
DRV - [2015.01.19 13:04:12 | 000,042,152 | ---- | M] (Elex do Brasil Participações Ltda) [File_System | System | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys -- (iSafeKrnlMon)
DRV - [2015.01.19 13:03:55 | 000,093,352 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys -- (iSafeKrnlR3)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Petr\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.01.26 16:25:15 | 000,000,000 | ---D | M]

[2015.04.02 20:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petr\AppData\Roaming\Mozilla\Extensions
[2015.04.02 20:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015.04.02 20:41:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.10.01 21:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\eambnehgniboinbhhcncaggoedccddnp\1.2.12_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fojfflomljfbdfdcfmiihnijjfnnakdn\4.1_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj\1.3.9_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld\204\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\llihccomjnidgdibbpciaajkednnglpm\2.1_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.6.6_0\
CHR - Extension: No name found = C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2015.02.12 11:41:17 | 000,000,840 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\btvstack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mncjdhwxmSrv] C:\Windows\SysWOW64\mncjdhwxm.vbe ()
O4 - HKLM..\Run: [mncrugoSrv] C:\Windows\inf\mncrugo.vbe ()
O4 - HKLM..\Run: [mncstcnSrv] C:\Windows\inf\mncstcn.vbe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000..\Run: [Spotify] C:\Users\Petr\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gotham-black_copyfonts.com.lnk = C:\ProgramData\{d0682af7-4e18-7087-d068-82af74e1abdd}\gotham-black_copyfonts.com.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2450193332-3798230347-1995828948-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXc ... atgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84E8698E-9EDF-48A1-8EE0-BC47BB4E084C}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D50A171F-D093-4F42-9945-10BF922209CB}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.02.08 13:58:56 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2015.04.05 11:56:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
[2015.04.05 11:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.04.05 11:02:32 | 000,000,000 | ---D | C] -- C:\rsit
[2015.04.04 22:05:22 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\oc_hana_velikonocni_sobota
[2015.04.02 20:41:59 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\Mozilla
[2015.04.02 20:41:59 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Mozilla
[2015.04.02 20:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015.04.02 20:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2015.04.02 20:30:54 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\9DF7B665-4177-4FB9-A0B1-E1A562145E79.aplzod
[2015.04.02 19:56:00 | 000,000,000 | ---D | C] -- C:\Users\Petr\Documents\ViberDownloads
[2015.04.02 19:55:17 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Roaming\ViberPC
[2015.04.02 19:54:02 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\Viber
[1 C:\Users\Petr\Documents\*.tmp files -> C:\Users\Petr\Documents\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2015.04.05 12:03:14 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.04.05 12:02:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.04.05 11:56:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
[2015.04.05 11:37:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.04.05 10:33:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.04.05 04:35:42 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2015.04.04 22:17:21 | 108,566,660 | ---- | M] () -- C:\Users\Petr\Desktop\oc_hana_velikonoce.rar
[2015.04.04 22:16:25 | 001,927,901 | ---- | M] () -- C:\Users\Petr\Desktop\oc_hana_velikonoce.png
[2015.04.04 21:37:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.04.04 21:22:09 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.04.04 21:22:09 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.04.04 21:20:16 | 000,000,020 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\appdataFr3.bin
[2015.04.04 21:17:21 | 000,000,003 | ---- | M] () -- C:\Users\Petr\stut
[2015.04.04 21:13:55 | 005,564,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015.04.04 21:12:19 | 2776,977,408 | -HS- | M] () -- C:\hiberfil.sys
[2015.04.04 12:59:03 | 000,000,132 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2015.04.04 12:54:56 | 001,575,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015.04.04 12:54:56 | 000,665,944 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2015.04.04 12:54:56 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015.04.04 12:54:56 | 000,139,608 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2015.04.04 12:54:56 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015.04.02 10:33:04 | 177,714,407 | ---- | M] () -- C:\Users\Petr\Desktop\fotobouda_ramecek.psd
[2015.04.01 18:16:47 | 000,001,456 | ---- | M] () -- C:\Users\Petr\AppData\Local\Adobe Save for Web 13.0 Prefs
[2015.04.01 17:52:13 | 608,634,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Users\Petr\Documents\*.tmp files -> C:\Users\Petr\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015.04.05 12:03:14 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.04.04 22:16:52 | 108,566,660 | ---- | C] () -- C:\Users\Petr\Desktop\oc_hana_velikonoce.rar
[2015.04.04 22:16:20 | 001,927,901 | ---- | C] () -- C:\Users\Petr\Desktop\oc_hana_velikonoce.png
[2015.04.02 20:41:43 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015.04.02 19:54:47 | 000,000,998 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
[2015.04.02 10:32:11 | 177,714,407 | ---- | C] () -- C:\Users\Petr\Desktop\fotobouda_ramecek.psd
[2015.04.01 17:52:13 | 608,634,328 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015.02.08 14:31:43 | 000,000,020 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\appdataFr3.bin
[2014.11.13 21:52:05 | 000,000,071 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\ASIO4TYPHOON.ini
[2014.10.01 19:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Petr\AppData\Local\{F1615A0D-DF7B-4F40-AB11-7ECFA6C49117}
[2014.08.30 18:02:17 | 000,000,003 | ---- | C] () -- C:\Users\Petr\stut
[2014.08.30 18:00:12 | 000,001,259 | ---- | C] () -- C:\Users\Petr\rgut
[2014.08.30 15:31:34 | 000,000,000 | ---- | C] () -- C:\Users\Petr\regbcm
[2014.08.30 15:30:29 | 000,538,126 | --S- | C] () -- C:\Windows\SysWow64\libcurl-4.dll
[2014.08.30 15:30:29 | 000,192,512 | --S- | C] () -- C:\Windows\SysWow64\libidn-11.dll
[2014.08.30 15:30:29 | 000,133,632 | --S- | C] () -- C:\Windows\SysWow64\librtmp.dll
[2014.08.30 15:30:29 | 000,100,864 | --S- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2014.06.23 19:04:22 | 000,000,000 | ---- | C] () -- C:\Users\Petr\AppData\Local\{0668DAFB-BB53-4CB7-97C8-E55433CB0A50}
[2014.04.13 21:30:56 | 000,001,456 | ---- | C] () -- C:\Users\Petr\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014.02.18 23:03:44 | 000,000,240 | ---- | C] () -- C:\Users\Petr\AppData\Local\SRDownloader.err
[2014.01.30 17:46:18 | 000,001,088 | ---- | C] () -- C:\Users\Petr\AppData\Local\SRDownloader.nast
[2014.01.27 12:24:49 | 000,001,259 | ---- | C] () -- C:\Users\Petr\rgmnr
[2014.01.25 23:33:54 | 000,000,132 | ---- | C] () -- C:\Users\Petr\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014.01.21 06:52:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014.01.21 06:37:00 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014.01.21 06:37:00 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014.01.21 06:37:00 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014.01.21 06:37:00 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014.01.21 06:37:00 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2014.01.21 06:35:57 | 001,554,580 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015.02.12 12:32:58 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Elex-tech
[2014.02.10 20:09:22 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\.minecraft
[2014.05.11 13:12:51 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\.mono
[2014.03.05 18:12:45 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2015.02.12 11:56:21 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\eCyber
[2015.02.12 11:29:28 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Elex-tech
[2015.03.30 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\FileZilla
[2014.01.25 23:47:30 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\GHISLER
[2014.04.09 20:01:46 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Jpeg Resampler
[2014.01.27 13:17:37 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\LolClient
[2014.01.27 00:53:27 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Riot Games
[2015.04.04 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Spotify
[2014.09.04 15:23:20 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2015.03.10 19:32:24 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\TeamViewer
[2015.02.11 21:41:25 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\TS3Client
[2014.05.11 14:04:38 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Unity
[2014.06.09 21:43:55 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Uschovna
[2015.04.02 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\ViberPC
[2015.02.10 19:17:54 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\webex

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,013,480 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2014.01.21 17:39:39 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.01.21 17:39:40 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014.07.02 21:07:38 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\SysNative\drivers\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.02.10 20:09:22 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\.minecraft
[2014.05.11 13:12:51 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\.mono
[2015.03.17 12:53:59 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Adobe
[2014.12.04 18:16:46 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Apple Computer
[2014.01.21 06:43:27 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Atheros
[2014.03.05 18:12:45 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2015.02.12 11:56:21 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\eCyber
[2015.02.12 11:29:28 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Elex-tech
[2014.04.21 10:28:06 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\FastStone
[2015.03.30 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\FileZilla
[2014.01.25 23:47:30 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\GHISLER
[2014.01.21 06:22:36 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Identities
[2014.04.09 20:01:46 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Jpeg Resampler
[2014.01.27 13:17:37 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\LolClient
[2014.01.24 12:38:04 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Macromedia
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Media Center Programs
[2015.04.02 20:32:09 | 000,000,000 | --SD | M] -- C:\Users\Petr\AppData\Roaming\Microsoft
[2015.04.02 20:42:18 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Mozilla
[2014.01.27 00:53:27 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Riot Games
[2014.01.29 20:40:23 | 000,000,000 | RH-D | M] -- C:\Users\Petr\AppData\Roaming\SecuROM
[2015.01.14 23:13:54 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Skype
[2015.04.04 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Spotify
[2014.09.04 15:23:20 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2015.03.10 19:32:24 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\TeamViewer
[2015.02.11 21:41:25 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\TS3Client
[2014.05.11 14:04:38 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Unity
[2014.06.09 21:43:55 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Uschovna
[2015.04.02 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\ViberPC
[2015.02.10 18:16:37 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\vlc
[2015.02.10 19:17:54 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\webex
[2014.01.24 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2015.02.07 04:45:46 | 000,054,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Petr\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2014.01.21 06:38:42 | 000,010,134 | R--- | M] () -- C:\Users\Petr\AppData\Roaming\Microsoft\Installer\{408DD513-C71C-EF6C-1456-247DD8403E18}\ARPPRODUCTICON.exe
[2014.01.21 06:38:38 | 000,010,134 | R--- | M] () -- C:\Users\Petr\AppData\Roaming\Microsoft\Installer\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}\ARPPRODUCTICON.exe
[2014.01.31 21:00:35 | 000,122,880 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Petr\AppData\Roaming\Microsoft\Installer\{EA21EB55-073F-4CF5-A964-0412E755955A}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
[2014.01.31 21:00:35 | 000,122,880 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Petr\AppData\Roaming\Microsoft\Installer\{EA21EB55-073F-4CF5-A964-0412E755955A}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
[2015.04.04 21:15:25 | 007,112,248 | ---- | M] (Spotify Ltd) -- C:\Users\Petr\AppData\Roaming\Spotify\Spotify.exe
[2015.04.04 21:15:25 | 000,762,424 | ---- | M] (Spotify Ltd) -- C:\Users\Petr\AppData\Roaming\Spotify\SpotifyCrashService.exe
[2015.04.04 21:15:25 | 000,124,472 | ---- | M] (Spotify Ltd) -- C:\Users\Petr\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2015.04.04 21:15:25 | 002,018,360 | ---- | M] (Spotify Ltd) -- C:\Users\Petr\AppData\Roaming\Spotify\SpotifyWebHelper.exe
[2015.04.01 18:06:35 | 039,771,536 | ---- | M] (Spotify Ltd) -- C:\Users\Petr\AppData\Roaming\Spotify\Spotify_new.exe
[2015.04.04 21:15:26 | 000,073,272 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Spotify\wow_helper.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2015.04.05 12:02:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2015.04.04 21:37:00 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.04.05 11:37:00 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AdobeBridge" =
"Spotify" = "C:\Users\Petr\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart -- [2015.04.04 21:15:25 | 007,112,248 | ---- | M] (Spotify Ltd)
"iCloudServices" = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe -- [2014.10.17 16:24:20 | 000,043,816 | ---- | M] (Apple Inc.)
"ApplePhotoStreams" = C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe -- [2014.11.21 14:20:38 | 000,043,816 | ---- | M] (Apple Inc.)
"iCloudDrive" = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe -- [2014.10.20 18:52:12 | 000,043,816 | ---- | M] (Apple Inc.)
"CCleaner Monitoring" = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR -- [2015.01.20 23:02:00 | 007,404,312 | ---- | M] (Piriform Ltd)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2015.03.27 07:00:03 | 000,376,944 | ---- | M] (Mozilla Corporation) MD5=F1DA948D11666E7F0464BB22F971169A -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2015.01.25 08:08:45 | 000,843,592 | ---- | M] (Google Inc.) MD5=6F442AB16C346018AC5A67727A3633E5 -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.04.05 12:03:14 | 000,000,512 | ---- | M] () MD5=6381BCE35C0F9C8D8251FF83C301B55B -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012.03.02 06:24:04 | 001,159,409 | ---- | M] () -- \Program Files\Adobe\Adobe After Effects CS6\Support Files\Presets\Image - Special Effects\Cracked Tiles.ffx
[2013.11.02 23:02:52 | 010,905,186 | ---- | M] () -- \Users\DJ\Music\Garden House 2\Bassjackers_vs._Icona_Pop_-_I_Don't_Care_vs._Crackin'_(Hardwell_Summer_2013_Mashup)_FREE_DOWNLOAD[1].mp3
[2014.06.02 11:15:45 | 004,043,974 | ---- | M] () -- \Users\Petr\Downloads\cracksandwalls_abr.zip
[2014.08.30 16:07:12 | 170,460,389 | ---- | M] () -- \Users\Petr\Downloads\Traktor-PRO-2-v-2.6.8+crack.rar
[2013.11.02 23:02:52 | 010,905,186 | ---- | M] () -- \Users\Petr\Music\Garden House 2\Bassjackers_vs._Icona_Pop_-_I_Don't_Care_vs._Crackin'_(Hardwell_Summer_2013_Mashup)_FREE_DOWNLOAD[1].mp3

< *keygen* /s >

< *loader* /s >
[2014.07.17 11:01:08 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Petr\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\loader.gif.vir
[2014.07.17 11:01:09 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Petr\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\loader.gif.vir
[2014.07.17 11:01:10 | 000,006,331 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Petr\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\loader.gif.vir
[2014.07.17 11:01:12 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Petr\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\loader.gif.vir
[2014.07.17 11:01:13 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Petr\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded\loader.gif.vir
[2014.07.17 11:01:13 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Petr\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square\loader.gif.vir
[2015.02.12 11:16:01 | 000,002,300 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Petr\AppData\Roaming\eCyber\log\isafedownloader.log.vir
[2014.09.09 22:23:48 | 000,020,989 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Petr\AppData\Roaming\Mobogenie\NjgxYTFkZmE=\APP\ico\com.google.android.apps.uploader.png.vir
[2012.03.13 12:18:28 | 003,297,128 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\Photodownloader.exe
[2012.03.13 10:41:34 | 000,000,860 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\Photodownloader.exe.manifest
[2012.03.13 10:41:58 | 000,011,161 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2012.03.13 10:42:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2012.03.13 10:42:02 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\de_de\Photodownloader.ini
[2012.03.13 10:42:02 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\en_us\Photodownloader.ini
[2012.03.13 10:42:02 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\es_es\Photodownloader.ini
[2012.03.13 10:42:02 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2012.03.13 10:42:02 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2012.03.13 10:42:02 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\it_it\Photodownloader.ini
[2012.03.13 10:42:04 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2012.03.13 10:42:04 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2012.03.13 10:42:04 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2012.03.13 10:42:04 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\no_no\Photodownloader.ini
[2012.03.13 10:42:04 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2012.03.13 10:42:04 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2012.03.13 10:42:06 | 000,000,324 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2012.03.13 10:42:06 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2012.03.28 18:52:50 | 000,008,962 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe InDesign CS6\Presets\multimedia\HTMLLoader\HTMLLoader-app.xml
[2012.03.28 18:52:50 | 000,268,719 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe InDesign CS6\Presets\multimedia\HTMLLoader\HTMLLoader.swf
[2012.03.28 18:52:04 | 000,003,754 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe InDesign CS6\Scripts\converturltohyperlink\startup scripts\ConvertURLToHyperlinkMenuItemLoader.jsx
[2012.02.23 00:11:56 | 000,078,336 | ---- | M] () -- \Program Files (x86)\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_BinaryLoader_4.4.3.dll
[2012.02.23 00:11:56 | 000,155,136 | ---- | M] () -- \Program Files (x86)\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader2_4.4.3.dll
[2012.02.23 00:11:56 | 000,117,248 | ---- | M] () -- \Program Files (x86)\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader_4.4.3.dll
[2014.10.11 14:06:14 | 000,060,712 | ---- | M] () -- \Program Files (x86)\Common Files\Apple\Apple Application Support\YSLoader.exe
[2014.11.21 14:20:40 | 000,043,816 | ---- | M] () -- \Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
[2014.11.21 14:20:40 | 001,469,224 | ---- | M] () -- \Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader_main.dll
[2012.10.01 21:47:24 | 000,268,384 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2012.10.01 21:47:24 | 000,019,048 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2013.10.23 22:07:40 | 000,007,825 | ---- | M] () -- \Program Files (x86)\Steam\remoteui\static\libs\images\ajax-loader.gif
[2012.03.24 03:01:06 | 000,115,712 | ---- | M] () -- \Program Files\Adobe\Adobe After Effects CS6\Support Files\MXF_SDK_MetaMetadata_BinaryLoader_4.4.3.dll
[2012.03.24 03:01:06 | 000,225,280 | ---- | M] () -- \Program Files\Adobe\Adobe After Effects CS6\Support Files\MXF_SDK_MetaMetadata_XSDLoader2_4.4.3.dll
[2012.03.24 03:01:06 | 000,163,840 | ---- | M] () -- \Program Files\Adobe\Adobe After Effects CS6\Support Files\MXF_SDK_MetaMetadata_XSDLoader_4.4.3.dll
[2012.03.13 13:10:54 | 003,297,128 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\Photodownloader.exe
[2012.03.13 11:42:26 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2012.03.13 11:42:28 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\combined_bitmaps\main_window\C_LoadError.png
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\de_de\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\en_us\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\es_es\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\it_it\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\no_no\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2012.03.13 11:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2012.03.13 11:42:30 | 000,000,324 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2012.03.13 11:42:30 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2012.03.16 01:17:30 | 000,115,712 | ---- | M] () -- \Program Files\Adobe\Adobe Media Encoder CS6\MXF_SDK_MetaMetadata_BinaryLoader_4.4.3.dll
[2012.03.16 01:17:30 | 000,225,280 | ---- | M] () -- \Program Files\Adobe\Adobe Media Encoder CS6\MXF_SDK_MetaMetadata_XSDLoader2_4.4.3.dll
[2012.03.16 01:17:30 | 000,163,840 | ---- | M] () -- \Program Files\Adobe\Adobe Media Encoder CS6\MXF_SDK_MetaMetadata_XSDLoader_4.4.3.dll
[2013.03.21 09:44:38 | 000,078,336 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop Lightroom 4.4\Support\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_BinaryLoader_4.4.3.dll
[2013.03.21 09:44:38 | 000,155,136 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop Lightroom 4.4\Support\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader2_4.4.3.dll
[2013.03.21 09:44:38 | 000,117,248 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop Lightroom 4.4\Support\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader_4.4.3.dll
[2012.10.01 21:47:24 | 000,364,128 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2012.10.01 21:47:24 | 000,019,048 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2013.11.25 18:46:06 | 000,751,920 | ---- | M] () -- \Program Files\Native Instruments\Service Center\Reloader.exe
[2014.01.27 01:25:14 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.104\deploy\assets\storeImages\layout\small_loader.gif
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \The KMPlayer\ImLoader.dll
[2014.09.04 00:05:49 | 026,365,817 | ---- | M] () -- \Users\DJ\Music\iTunes\iTunes Media\Mobile Applications\PerfectDownloaderLite 2.5.2.ipa
[2014.02.18 23:04:07 | 000,000,240 | ---- | M] () -- \Users\Petr\AppData\Local\SRDownloader.err
[2014.02.18 23:04:08 | 000,001,088 | ---- | M] () -- \Users\Petr\AppData\Local\SRDownloader.nast
[2014.05.12 14:11:14 | 000,011,335 | ---- | M] () -- \Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\eambnehgniboinbhhcncaggoedccddnp\1.2.12_0\images\preloader.gif
[2015.03.17 11:53:38 | 000,000,673 | ---- | M] () -- \Users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A5SAPKOW\ajax-loader-eee[1].gif
[2014.07.24 15:53:16 | 000,072,638 | ---- | M] () -- \Users\Petr\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.07.24 15:53:16 | 000,003,032 | ---- | M] () -- \Users\Petr\AppData\Local\Skype\Apps\login\images\loader.png
[2014.07.24 15:53:16 | 000,006,012 | ---- | M] () -- \Users\Petr\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.07.24 15:53:16 | 000,021,956 | ---- | M] () -- \Users\Petr\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.07.24 15:53:16 | 000,009,772 | ---- | M] () -- \Users\Petr\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2015.03.21 14:26:57 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\03984880d8\images\loader.gif
[2015.02.12 11:29:58 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\0C813A0E\images\loader.gif
[2015.02.16 18:26:13 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\316757fe\images\loader.gif
[2015.03.06 20:57:43 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\4C3455b\images\loader.gif
[2015.02.12 13:14:51 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\69ae3d866c6f6\images\loader.gif
[2015.03.07 16:49:57 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\77b81Ab3\images\loader.gif
[2015.04.04 21:14:50 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\7A07BC06\images\loader.gif
[2015.02.11 21:16:11 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\86c3Db\images\loader.gif
[2015.04.01 17:54:34 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\91aF369a\images\loader.gif
[2015.02.16 12:08:14 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\a33d7c4ca337F\images\loader.gif
[2015.02.11 21:05:37 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\d15092AA3226\images\loader.gif
[2015.03.17 10:24:18 | 000,002,193 | ---- | M] () -- \Users\Petr\AppData\Local\Temp\Dab973B2A8\images\loader.gif
[2014.07.08 18:29:48 | 000,041,527 | ---- | M] () -- \Users\Petr\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Péťa - iPhone\PerfectDownloaderLite_2014-06-12-201403_Peta-iPhone.ips
[2014.07.08 18:29:48 | 000,041,071 | ---- | M] () -- \Users\Petr\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Péťa - iPhone\PerfectDownloaderLite_2014-06-17-112207_Peta-iPhone.ips
[2014.12.29 15:53:29 | 000,047,649 | ---- | M] () -- \Users\Petr\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Petr - iPhone\MusicDownloaderFree_ASPS1_2014-12-21-095038_Petr-iPhone.ips
[2015.01.22 12:39:18 | 000,000,600 | ---- | M] () -- \Users\Petr\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Petr - iPhone\DiagnosticLogs\LanguageAssetLoader\LanguageAssetLoader_2015_01_21_10_23_35-0800.log
[2015.01.22 12:39:18 | 000,000,835 | ---- | M] () -- \Users\Petr\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Petr - iPhone\DiagnosticLogs\LanguageAssetLoader\LanguageAssetLoader_2015_01_21_19_31_060100.log
[2014.04.24 01:36:12 | 000,004,004 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\k\administration\template\images\loader.gif
[2014.07.24 16:19:42 | 000,004,004 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\kkk\administration\template\images\loader.gif
[2014.04.24 01:49:43 | 000,001,714 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\administrator\components\com_jce\includes\loader.php
[2014.04.24 01:53:53 | 000,003,135 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\administrator\components\com_sigpro\images\loader.gif
[2014.04.24 01:54:21 | 000,002,608 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\administrator\components\com_sigpro\js\swipebox\img\loader.gif
[2014.04.24 02:07:41 | 000,010,026 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\components\com_k2\images\system\k2CalendarLoader.gif
[2014.04.24 02:07:41 | 000,000,723 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\components\com_k2\images\system\searchLoader.gif
[2014.04.24 02:12:18 | 000,009,621 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\libraries\loader.php
[2014.04.24 02:13:52 | 000,001,666 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\libraries\gantry\classes\Gantry\Loader.php
[2014.04.24 02:13:55 | 000,001,101 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\libraries\gantry\core\gantryloader.class.php
[2014.04.24 02:22:11 | 000,001,737 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\media\k2\assets\images\system\loader.gif
[2014.04.24 02:26:36 | 000,000,584 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\media\system\images\mootree_loader.gif
[2014.04.24 08:58:04 | 000,001,714 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\administrator\components\com_jce\includes\loader.php
[2014.04.24 09:01:20 | 000,003,135 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\administrator\components\com_sigpro\images\loader.gif
[2014.04.24 09:01:50 | 000,002,608 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\administrator\components\com_sigpro\js\swipebox\img\loader.gif
[2014.04.24 09:13:36 | 000,010,026 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\components\com_k2\images\system\k2CalendarLoader.gif
[2014.04.24 09:13:37 | 000,000,723 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\components\com_k2\images\system\searchLoader.gif
[2014.04.24 09:18:09 | 000,009,621 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\libraries\loader.php
[2014.04.24 09:19:31 | 000,001,666 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\libraries\gantry\classes\Gantry\Loader.php
[2014.04.24 09:19:34 | 000,001,101 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\libraries\gantry\core\gantryloader.class.php
[2014.04.24 09:26:49 | 000,001,737 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\media\k2\assets\images\system\loader.gif
[2014.04.24 09:31:12 | 000,000,584 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\media\system\images\mootree_loader.gif
[2014.04.24 09:33:54 | 000,000,668 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\highslide\graphics\loader.gif
[2014.04.24 09:33:54 | 000,000,673 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\highslide\graphics\loader.white.gif
[2014.04.24 09:34:42 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\dark_rounded\loader.gif
[2014.04.24 09:34:44 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\dark_square\loader.gif
[2014.04.24 09:34:45 | 000,006,331 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\default\loader.gif
[2014.04.24 09:34:49 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\facebook\loader.gif
[2014.04.24 09:34:50 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\light_rounded\loader.gif
[2014.04.24 09:34:51 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\light_square\loader.gif
[2014.04.24 09:35:02 | 000,002,608 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_swipebox\source\img\loader.gif
[2014.04.24 09:35:10 | 000,003,208 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_yoxview\images\popup_ajax_loader.gif
[2014.04.24 09:35:38 | 000,006,820 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\content\jw_sigpro\jw_sigpro\tmpl\Galleria\images\loader.gif
[2014.04.24 09:39:48 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\system\rokbox\themes\clean\ajax-loader.gif
[2014.04.24 09:39:50 | 000,003,208 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\system\rokbox\themes\dark\ajax-loader.gif
[2014.04.24 09:39:57 | 000,003,208 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\system\rokbox\themes\light\ajax-loader.gif
[2014.04.24 09:40:04 | 000,003,208 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\system\rokbox\themes\mynxx\ajax-loader.gif
[2014.04.24 09:41:48 | 000,001,737 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\plugins\vmpayment\klarna\klarna\assets\images\share\loader1.gif
[2014.04.24 09:45:21 | 000,006,402 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\templates\theme1467\images\icons\loader.gif
[2014.04.24 09:45:26 | 000,006,091 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\templates\theme1467\images\system\preloader.gif
[2014.04.24 09:45:33 | 000,001,878 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\modules\mod_breadcrumbs\www\templates\theme1467\js\jquery.preloader.js
[2014.04.24 09:55:21 | 000,000,668 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\highslide\graphics\loader.gif
[2014.04.24 09:55:21 | 000,000,673 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\highslide\graphics\loader.white.gif
[2014.04.24 09:56:00 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\dark_rounded\loader.gif
[2014.04.24 09:56:01 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\dark_square\loader.gif
[2014.04.24 09:56:02 | 000,006,331 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\default\loader.gif
[2014.04.24 09:56:05 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\facebook\loader.gif
[2014.04.24 09:56:06 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\light_rounded\loader.gif
[2014.04.24 09:56:07 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_prettyphoto\images\prettyPhoto\light_square\loader.gif
[2014.04.24 09:56:16 | 000,002,608 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_swipebox\source\img\loader.gif
[2014.04.24 09:56:22 | 000,003,208 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\content\jw_sigpro\jw_sigpro\includes\js\jquery_yoxview\images\popup_ajax_loader.gif
[2014.04.24 09:56:46 | 000,006,820 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\content\jw_sigpro\jw_sigpro\tmpl\Galleria\images\loader.gif
[2014.04.24 09:59:56 | 000,002,545 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\system\rokbox\themes\clean\ajax-loader.gif
[2014.04.24 09:59:58 | 000,003,208 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\system\rokbox\themes\dark\ajax-loader.gif
[2014.04.24 10:00:04 | 000,003,208 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\system\rokbox\themes\light\ajax-loader.gif
[2014.04.24 10:00:10 | 000,003,208 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\system\rokbox\themes\mynxx\ajax-loader.gif
[2014.04.24 10:01:22 | 000,001,737 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\plugins\vmpayment\klarna\klarna\assets\images\share\loader1.gif
[2014.04.24 10:04:36 | 000,006,402 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\templates\theme1467\images\icons\loader.gif
[2014.04.24 10:04:40 | 000,006,091 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\templates\theme1467\images\system\preloader.gif
[2014.04.24 10:04:47 | 000,001,878 | ---- | M] () -- \Users\Petr\Desktop\PLOCHA\www\templates\theme1467\js\jquery.preloader.js
[2013.06.08 03:16:08 | 000,176,104 | ---- | M] () -- \Users\Petr\Documents\Cheat Engine 6.3\Kernelmoduleunloader.exe
[2013.06.19 18:36:30 | 000,000,132 | ---- | M] () -- \Users\Petr\Documents\Cheat Engine 6.3\Kernelmoduleunloader.exe.sig
[2014.01.30 17:44:11 | 000,905,728 | ---- | M] () -- \Users\Petr\Downloads\SRDownloader.exe
[2011.11.22 10:14:36 | 000,030,576 | ---- | M] () -- \Users\Petr\Downloads\maps-finder-app\MAPS_FINDER_APP\admin\system\core\Loader.php
[2014.08.21 22:36:01 | 000,003,945 | ---- | M] () -- \Users\Petr\Downloads\nona\admin9074\filemanager\js\jquery.queryloader2.min.js
[2014.08.21 22:37:12 | 000,010,869 | ---- | M] () -- \Users\Petr\Downloads\nona\admin9074\themes\default\img\ajax-loader.gif
[2014.08.21 22:37:17 | 000,000,070 | ---- | M] () -- \Users\Petr\Downloads\nona\admin9074\themes\default\img\bg_loaderSpace.png
[2014.08.21 23:23:27 | 000,009,234 | ---- | M] () -- \Users\Petr\Downloads\nona\classes\FileUploader.php
[2014.08.21 23:24:00 | 000,006,643 | ---- | M] () -- \Users\Petr\Downloads\nona\classes\Uploader.php
[2014.08.21 23:24:24 | 000,002,064 | ---- | M] () -- \Users\Petr\Downloads\nona\classes\helper\HelperImageUploader.php
[2014.08.21 23:24:28 | 000,007,828 | ---- | M] () -- \Users\Petr\Downloads\nona\classes\helper\HelperUploader.php
[2014.08.21 23:27:47 | 000,001,371 | ---- | M] () -- \Users\Petr\Downloads\nona\docs\licences\fileuploader.txt
[2014.08.21 23:27:55 | 000,000,070 | ---- | M] () -- \Users\Petr\Downloads\nona\img\bg_loader.png
[2014.08.21 23:27:57 | 000,003,717 | ---- | M] () -- \Users\Petr\Downloads\nona\img\loader.gif
[2014.08.21 23:28:14 | 000,010,869 | ---- | M] () -- \Users\Petr\Downloads\nona\img\admin\ajax-loader-big.gif
[2014.08.21 23:28:15 | 000,006,244 | ---- | M] () -- \Users\Petr\Downloads\nona\img\admin\ajax-loader-yellow.gif
[2014.08.21 23:28:15 | 000,000,604 | ---- | M] () -- \Users\Petr\Downloads\nona\img\admin\ajax-loader.gif
[2014.08.21 23:29:00 | 000,000,584 | ---- | M] () -- \Users\Petr\Downloads\nona\img\admin\field-loader.gif
[2014.08.21 23:35:24 | 000,035,456 | ---- | M] () -- \Users\Petr\Downloads\nona\js\fileuploader.js
[2014.08.21 23:35:34 | 000,001,720 | ---- | M] () -- \Users\Petr\Downloads\nona\js\cropper\loader.js
[2014.08.21 23:36:45 | 000,001,849 | ---- | M] () -- \Users\Petr\Downloads\nona\js\jquery\plugins\jqzoom\zoomloader.gif
[2014.08.21 23:37:35 | 000,004,782 | ---- | M] () -- \Users\Petr\Downloads\nona\js\jquery\plugins\smartWizard\loader.gif
[2014.08.21 23:37:50 | 000,000,847 | ---- | M] () -- \Users\Petr\Downloads\nona\js\jquery\plugins\treeview-categories\images\ajax-loader.gif
[2014.08.22 05:23:29 | 000,008,581 | ---- | M] () -- \Users\Petr\Downloads\nona\themes\default-bootstrap\css\modules\homeslider\images\bx_loader.gif
[2014.08.22 05:23:46 | 000,008,581 | ---- | M] () -- \Users\Petr\Downloads\nona\themes\default-bootstrap\css\modules\productscategory\css\images\bx_loader.gif
[2014.08.22 05:23:56 | 000,006,000 | ---- | M] () -- \Users\Petr\Downloads\nona\themes\default-bootstrap\img\addcartloader.gif
[2014.08.22 05:23:57 | 000,003,208 | ---- | M] () -- \Users\Petr\Downloads\nona\themes\default-bootstrap\img\ajax-loader.gif
[2014.08.22 05:44:45 | 000,000,910 | ---- | M] () -- \Users\Petr\Downloads\nona\tools\swift\Swift\ClassLoader.php
[2014.09.30 14:15:39 | 000,000,673 | ---- | M] () -- \Users\Petr\Downloads\nopCommerce_3.50_NoSource\Administration\Content\images\ajax_loader_small.gif
[2014.07.02 16:59:19 | 000,000,847 | ---- | M] () -- \Users\Petr\Downloads\nopCommerce_3.50_NoSource\Administration\Content\images\warnings-ajax-loader.gif
[2014.07.02 16:59:21 | 000,002,608 | ---- | M] () -- \Users\Petr\Downloads\nopCommerce_3.50_NoSource\Content\tinymce\skins\lightgray\img\loader.gif
[2014.07.02 16:59:22 | 000,004,985 | ---- | M] () -- \Users\Petr\Downloads\nopCommerce_3.50_NoSource\Scripts\fineuploader\fineuploader-4.2.2.css
[2014.07.02 16:59:22 | 000,003,993 | ---- | M] () -- \Users\Petr\Downloads\nopCommerce_3.50_NoSource\Scripts\fineuploader\fineuploader-4.2.2.min.css
[2014.07.02 16:59:22 | 000,299,765 | ---- | M] () -- \Users\Petr\Downloads\nopCommerce_3.50_NoSource\Scripts\fineuploader\jquery.fineuploader-4.2.2.js
[2014.07.02 16:59:22 | 000,106,632 | ---- | M] () -- \Users\Petr\Downloads\nopCommerce_3.50_NoSource\Scripts\fineuploader\jquery.fineuploader-4.2.2.min.js
[2014.07.02 16:59:22 | 000,001,811 | ---- | M] () -- \Users\Petr\Downloads\nopCommerce_3.50_NoSource\Scripts\kendo\2014.1.318\kendo.mobile.loader.min.js
[2014.07.02 16:59:22 | 000,001,833 | ---- | M] () -- \Users\Petr\Downloads\nopCommerce_3.50_NoSource\Scripts\kendo\2014.1.318\kendo.mobile.loader.min.js.map
[2014.07.02 16:59:22 | 000,036,343 | ---- | M] () -- \Users\Petr\Downloads\nopCommerce_3.50_NoSource\Themes\DefaultClean\Content\images\ajax_loader_large.gif
[2014.07.02 16:59:22 | 000,000,673 | ---- | M] () -- \Users\Petr\Downloads\nopCommerce_3.50_NoSource\Themes\DefaultClean\Content\images\ajax_loader_small.gif
[2014.12.06 08:49:58 | 000,001,517 | ---- | M] () -- \Users\Petr\Downloads\opencart-2.0.1.1\opencart-2.0.1.1\upload\catalog\view\javascript\jquery\owl-carousel\AjaxLoader.gif
[2014.12.06 08:49:58 | 000,001,676 | ---- | M] () -- \Users\Petr\Downloads\opencart-2.0.1.1\opencart-2.0.1.1\upload\system\engine\loader.php
[2015.03.06 13:09:20 | 000,003,945 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\admin\filemanager\js\jquery.queryloader2.min.js
[2015.03.06 13:09:20 | 000,010,869 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\admin\themes\default\img\ajax-loader.gif
[2015.03.06 13:09:20 | 000,000,070 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\admin\themes\default\img\bg_loaderSpace.png
[2015.03.06 13:09:20 | 000,009,503 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\classes\FileUploader.php
[2015.03.06 13:09:20 | 000,007,011 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\classes\Uploader.php
[2015.03.06 13:09:20 | 000,002,444 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\classes\helper\HelperImageUploader.php
[2015.03.06 13:09:20 | 000,007,854 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\classes\helper\HelperUploader.php
[2015.03.06 13:09:20 | 000,001,371 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\docs\licences\fileuploader.txt
[2015.03.06 13:09:20 | 000,000,070 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\img\bg_loader.png
[2015.03.06 13:09:20 | 000,003,717 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\img\loader.gif
[2015.03.06 13:09:20 | 000,010,869 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\img\admin\ajax-loader-big.gif
[2015.03.06 13:09:20 | 000,006,244 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\img\admin\ajax-loader-yellow.gif
[2015.03.06 13:09:20 | 000,000,604 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\img\admin\ajax-loader.gif
[2015.03.06 13:09:20 | 000,000,584 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\img\admin\field-loader.gif
[2015.03.06 13:09:20 | 000,002,822 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\install\classes\sqlLoader.php
[2015.03.06 13:09:20 | 000,037,281 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\install\classes\xmlLoader.php
[2015.03.06 13:09:20 | 000,008,685 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\install\theme\img\ajax-loader-small.gif
[2015.03.06 13:09:20 | 000,010,869 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\install\theme\img\ajax-loader.gif
[2015.03.06 13:09:20 | 000,000,070 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\install\theme\img\bg_loaderSpace.png
[2015.03.06 13:09:20 | 000,032,987 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\js\fileuploader.js
[2015.03.06 13:09:20 | 000,001,720 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\js\cropper\loader.js
[2015.03.06 13:09:20 | 000,008,581 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\js\jquery\plugins\bxslider\images\bx_loader.gif
[2015.03.06 13:09:20 | 000,001,849 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\js\jquery\plugins\jqzoom\zoomloader.gif
[2015.03.06 13:09:20 | 000,004,782 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\js\jquery\plugins\smartWizard\loader.gif
[2015.03.06 13:09:20 | 000,000,847 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\js\jquery\plugins\treeview-categories\images\ajax-loader.gif
[2015.03.06 13:09:20 | 000,008,581 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\themes\default-bootstrap\css\modules\crossselling\images\bx_loader.gif
[2015.03.06 13:09:20 | 000,006,000 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\themes\default-bootstrap\img\addcartloader.gif
[2015.03.06 13:09:20 | 000,003,208 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\themes\default-bootstrap\img\ajax-loader.gif
[2015.03.06 13:09:20 | 000,008,581 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\themes\default-bootstrap\img\bx_loader.gif
[2015.03.06 13:09:20 | 000,000,910 | ---- | M] () -- \Users\Petr\Downloads\prestashop_1.6.0.14\prestashop\tools\swift\Swift\ClassLoader.php
[2013.12.17 08:04:58 | 000,002,608 | ---- | M] () -- \Users\Petr\Downloads\Quick.Cart.Ext_v6.3\Quick.Cart.Ext_v6.3\plugins\tinymce\skins\lightgray\img\loader.gif
[2013.12.17 08:05:00 | 000,002,170 | ---- | M] () -- \Users\Petr\Downloads\Quick.Cart.Ext_v6.3\Quick.Cart.Ext_v6.3\plugins\valums-file-uploader\client\fileuploader.css
[2013.12.17 08:05:00 | 000,030,649 | ---- | M] () -- \Users\Petr\Downloads\Quick.Cart.Ext_v6.3\Quick.Cart.Ext_v6.3\plugins\valums-file-uploader\client\fileuploader.min.js
[2014.09.04 00:05:49 | 026,365,817 | ---- | M] () -- \Users\Petr\Music\iTunes\iTunes Media\Mobile Applications\PerfectDownloaderLite 2.5.2.ipa
[2014.01.26 16:30:44 | 000,015,872 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.In#\a0a9b8e5d489898bd266481a9b2e8d41\Microsoft.Office.InfoPath.CLRLoader.ni.dll
[2014.01.26 16:26:19 | 000,015,528 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.InfoPath.CLRLoader\v4.0_15.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.CLRLoader.dll
[2009.07.14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 17:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 17:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 17:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 17:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 17:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2009.07.14 04:58:45 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009.07.14 04:58:45 | 000,641,088 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.efi_75834aa0
[2009.07.14 04:58:45 | 000,604,192 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.exe_75835076
[2009.07.14 04:58:45 | 000,557,136 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.efi_85cd069f
[2009.07.14 04:58:45 | 000,518,352 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 17:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

gledy · #4 Příspěvek od **gledy** » 05 dub 2015 12:06

OTL Extras logfile created on: 5.4.2015 11:58:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petr\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,45 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 34,88% Memory free
6,89 Gb Paging File | 4,01 Gb Available in Paging File | 58,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 461,76 Gb Total Space | 118,85 Gb Free Space | 25,74% Space Free | Partition Type: NTFS

Computer Name: PETR-PC | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2450193332-3798230347-1995828948-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Uschovna.cz] -- C:\Program Files (x86)\Uschovna.cz\Uschovna_cz.exe /sendto: %1 (Capsa)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Uschovna.cz] -- C:\Program Files (x86)\Uschovna.cz\Uschovna_cz.exe /sendto: %1 (Capsa)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02424561-0054-4847-BB01-ED2A3BD9AE30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13248B71-6D2A-4252-9734-D96567D713E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26777A16-8E61-4A02-AC6D-071F830F2568}" = lport=58421 | protocol=6 | dir=in | name=pando media booster |
"{26C85A38-DF3E-496A-A775-1DAC9D1C3E99}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{30565FDD-BCCB-4D06-A08D-00D2612C1E61}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe |
"{318A633C-A730-4620-8494-BD4EB783270C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{33E8CF8D-FE7F-463B-90F6-D4F80ABC300D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3959F062-FEEC-40EF-95BE-7A2B83F8BF11}" = rport=137 | protocol=17 | dir=out | app=system |
"{42E13B8E-3328-4623-89F7-376F9F97DA0D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{443F2358-3199-4D96-AFE9-2B483D0BC17B}" = lport=139 | protocol=6 | dir=in | app=system |
"{46575647-2C0A-4A92-83AE-0E1186A93613}" = lport=58421 | protocol=17 | dir=in | name=pando media booster |
"{46FF2333-8CC6-48AF-8A96-81CBA54A16F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B9F6989-90CF-4236-807E-1F923CB32DB3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{564BF30F-9D39-4A12-AC6E-4DB730C07217}" = lport=138 | protocol=17 | dir=in | app=system |
"{5E6B2521-B78B-45A2-A5AD-555226A37AAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75AB49FB-D007-48E3-9212-36892AE92B34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{85C5D1AB-C0A7-4B26-8A9E-83795BC63D64}" = lport=137 | protocol=17 | dir=in | app=system |
"{8C0CF849-200E-4F69-86E1-0E7CB8B7D18A}" = rport=139 | protocol=6 | dir=out | app=system |
"{9958C114-51F0-4376-B5D3-986361073E9F}" = rport=138 | protocol=17 | dir=out | app=system |
"{9E3B50C6-7C39-4F3F-8CF0-8CD55FD393E6}" = rport=445 | protocol=6 | dir=out | app=system |
"{9EF3ACE7-9190-4FD5-B69F-C563F5633F6C}" = lport=58421 | protocol=17 | dir=in | name=pando media booster |
"{A26EE3FD-3461-49A9-9958-D4F0383B84D2}" = lport=445 | protocol=6 | dir=in | app=system |
"{B71C5508-4D4C-4C28-B4A8-66691AF834BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8603A69-3E64-4F4C-ABD6-C812701C454F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D29FA393-F894-4612-B080-635CE5D9B669}" = lport=58421 | protocol=6 | dir=in | name=pando media booster |
"{F2F24EE6-E423-4CA3-8754-19C0F159DE7A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F5159810-8651-47EF-A10C-A60637621CBC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0374615E-B9C2-4C69-BEC7-6F0226B72FAC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{0534EA91-F220-4758-866D-D0BD3682C332}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{07E369AD-38B7-40E5-B19C-5FCE14EE3F68}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{0BEF7657-CEC8-4244-974E-6004B277A60D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{0DDEEBB2-1518-4912-B73D-F9F515B43335}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{13CFAF59-A551-4ED1-800D-EA6295CA9158}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{144FFD9C-F84C-432D-A644-C57FE3B9B325}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{151E3F47-807B-41CD-B1C4-559850D90F37}" = protocol=6 | dir=in | app=c:\program files (x86)\mobogenie3\mobogeniep2sp.exe |
"{15745F41-A265-463B-A0F5-9096CDA2E4AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{23C54EE8-ACD1-4AA3-B369-22DB08E7E8D0}" = protocol=17 | dir=in | app=c:\users\petr\appdata\local\temp\kmsnano\qemu-system-i386.exe |
"{2727481C-3D5A-4699-B706-F5F5875467E0}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{2E9CA3A2-4D94-4C77-8CBC-DB0193AEA921}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{304D5A5A-8F68-484F-BB9F-37F0DBF5C15D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{37FAC964-6412-4EAE-ABE7-299C245B0664}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3C521E95-998A-4E89-9611-909B0C1FDADD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{3C5EAC9D-CB15-42B1-91C9-7E97A5AAA2A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E8B323A-CC5C-4DA5-9D9F-33B280A62ED1}" = protocol=6 | dir=in | app=c:\users\petr\appdata\roaming\utorrent\utorrent.exe |
"{3ED3B018-508C-41FD-8F25-325D1F490A08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{43B51B5B-F3B8-47AE-8A10-971F56952D8C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47901178-06AE-4168-AE78-45055CB18F23}" = protocol=17 | dir=in | app=c:\program files (x86)\mobogenie3\mobogeniep2sp.exe |
"{4C409330-3EBC-4C6A-9874-E82DD2A144CF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4FD04A50-57EE-4E44-84A3-B6CB216C3749}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54E2C9C2-024C-4D1D-AFCE-22408832624E}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{582779F5-E2D8-4850-96FA-6E8F999C5B0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{59CDCEAE-9E2A-4842-A31E-FEB814DAB103}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5EA34030-F086-4807-89DC-1FC6B08DFDA8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{5F23F1F9-074E-4087-ACD2-92DD78DA902E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{608C3197-954A-40CF-A67C-7A87F0171B07}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{63A82AE9-E707-4FDC-8902-47836A486751}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{68DB40E7-65D7-4755-8E0B-CAE9D2B434D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{6AA5E3AF-BA19-46DC-BA56-7722B766BEEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6AF3A80A-54D0-4D78-A980-247BDB4B3A75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B2C89BD-34D6-4160-A96E-76FC216827F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E0592C2-4529-46C7-9C1A-13F746B1183B}" = protocol=17 | dir=in | app=c:\users\petr\appdata\local\temp\kmsnano\qemu-system-i386.exe |
"{718C1AA3-0E03-41FC-88EC-C8684D0040E8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{780698F7-3AD7-492A-9E0F-9716A49B55A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78BF539F-82ED-4057-86C2-C3B3E2D321F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{78D2F41D-C09C-4E65-85F9-1E27CD094AC4}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{7D1D1938-2D11-45DD-AAAA-2CEE17A748B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8262304A-236B-48F8-B069-05DB86EE1CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{876D3165-5714-4139-A9D6-0AE7919447D1}" = protocol=6 | dir=in | app=c:\users\petr\appdata\local\temp\kmsnano\qemu-system-i386.exe |
"{8A1004FD-F2AE-4F48-8798-581C80C4654A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B941F26-67FF-41B0-9D6B-1264D7A1C43C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{8F69C75D-8FD7-4DB3-899F-56E6BD171535}" = protocol=6 | dir=in | app=c:\program files (x86)\mobogenie3\mobogeniep2sp.exe |
"{95C37D24-796E-44C4-829A-EB0BF6A03DEE}" = protocol=17 | dir=in | app=c:\program files (x86)\mobogenie3\mobogeniep2sp.exe |
"{9861A813-5477-491F-99F9-91050D76255B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{9F926D16-C0F5-42DC-AABE-CD55AD08F993}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A1814D0A-24F4-405F-9DAB-6D100985D178}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A467F617-BFA0-4DA6-94FC-26FA81727A71}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A642E942-6657-490B-8E88-B1A0C2A72183}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{A7E64D74-0EBB-4A20-9532-855C3CBD7A82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{A7FB328F-2938-4F84-9FD9-ADA3951393FE}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A9D57C04-7275-4D11-A5AC-67C4704348EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{AEFE5FDF-53CD-40A3-B474-F1AB08D088A8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B498FB5F-DB0C-4A2F-B546-786774CF7933}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B7524813-C29E-4E23-A13D-97B3AB39C99E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{B79B8E33-211B-4B2A-BC8A-DAE1E39C1E43}" = protocol=6 | dir=in | app=c:\users\petr\appdata\local\temp\kmsnano\qemu-system-i386.exe |
"{BF503F16-EC83-4E39-823D-9B0187A0C66C}" = protocol=6 | dir=out | app=system |
"{C79302E9-B0E7-4207-BD98-3A55B3DAFCA4}" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"{C8862C4D-0869-48F0-B950-B5D44C6E152F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D1BD1105-57DE-4837-A163-6E20D8F85A5E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{D48CA702-E816-4C9E-B5EA-6157A0C16F72}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D73C5714-CBDF-4E8A-A88E-CAC843338000}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{DDA1792D-1FBE-4FD9-B67A-2D5340900A07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{E3A925D5-D696-4F78-A8F3-4CF6F306E197}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4B5E9D6-CBA3-4B4F-8F4E-54817D8A6F8C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E677F842-0B98-468A-84AC-127C335CF73C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EAD4AB4B-24BF-4041-9B09-008B71A04B13}" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"{F6E735B9-FD69-4777-B29D-BB3C8868993A}" = protocol=17 | dir=in | app=c:\users\petr\appdata\roaming\utorrent\utorrent.exe |
"{F8A17E99-566F-4F6C-A62E-8709BA4C6696}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{6A55F3DF-2F70-47E7-AEB2-0E264861343A}C:\totalcmd\totalcmd64.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd64.exe |
"TCP Query User{A464F80A-C475-48C9-9926-31DB086F7B76}C:\totalcmd\totalcmd64.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd64.exe |
"TCP Query User{AFD2D985-D350-41E4-BFC4-31ADF1FA1CEE}C:\users\petr\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\petr\appdata\roaming\spotify\spotify.exe |
"TCP Query User{CB8DC1A2-56D6-4EE8-B5DA-9F77A495FCF4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{DC5AB90F-4B3C-4F57-8379-F3B1269B8A6D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E936DAC6-3EE3-481A-97B0-61FB4DFC3D0E}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{EF319617-E02D-43A1-B4C6-EC921C266BD1}C:\users\petr\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\petr\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F746067E-FC17-4F62-A05F-68E954D08A11}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{1335C87C-90D2-4334-A9F8-D7E25625EFFA}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{4FFB476B-0B73-40FA-BC34-FE8733C4052A}C:\users\petr\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\petr\appdata\roaming\spotify\spotify.exe |
"UDP Query User{548C2E6E-D018-4256-9DF9-06873B2BEA07}C:\totalcmd\totalcmd64.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd64.exe |
"UDP Query User{7B422AFA-B054-4261-AA2B-BC31A33D5002}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{944734A3-48FA-4D67-BFB2-F20551BDB517}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A2362AE8-9707-4C9D-BB51-270C2C22638E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{A3300422-7ED0-4516-A568-85F7AA711A2C}C:\users\petr\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\petr\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E662A565-D4AB-443B-9AB3-E9DEEDBC549B}C:\totalcmd\totalcmd64.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd64.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{11A955CD-4398-405A-886D-E464C3618FBF}" = Adobe Photoshop Lightroom 4.4 64-bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{28F19F09-F228-49cb-8B90-F97DA7180DD4}" = Native Instruments Traktor Kontrol S4 Driver
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{309768A4-A2BB-4930-A5A2-8169678C9B4C}" = iCloud
"{335CD0FF-3D66-CF12-11BF-278E0B5CE78E}" = AMD Accelerated Video Transcoding
"{408DD513-C71C-EF6C-1456-247DD8403E18}" = AMD Steady Video Plug-In
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73E9754D-8D6C-A5C7-7C5F-586C4FB6350B}" = AMD Media Foundation Decoders
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2013
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DDAB98B-4AA5-96AF-B054-D05F3331D472}" = ccc-utility64
"{A324DC11-FF02-3CE8-9D6F-67EBC006D970}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F903C9F3-A5B6-A402-CBF8-A1AAF80B4836}" = AMD Catalyst Install Manager
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 11.6.22.201_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Recuva" = Recuva
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0804FC73-A3EB-C039-42DF-CCA9EF06BFCF}" = CCC Help Hungarian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9617fb41}" = SystemContinue
"{1358AD71-CB62-09F7-A938-21974780E1CA}" = CCC Help Dutch
"{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1" = NEF to JPG
"{1583E845-C4C8-74F6-6572-227108908846}" = CCC Help Chinese Traditional
"{1B53840D-5433-5F6B-CBBA-E98432FDB0FF}" = CCC Help French
"{1E0C0F10-C163-1DC1-347A-3ADA7AC9BAD3}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22E3589B-99D9-C540-A4C9-0E000383CE7F}" = CCC Help Danish
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2E74A0C9-87FC-87EC-1D1F-B733E180E4D9}" = CCC Help Swedish
"{30BE44CC-0B20-2BA8-44EB- 6E3116F3B41}_is1" = Adobe Photoshop CS6 crack version for Windows
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{37476589-E48E-439E-A706-56189E2ED4C4}_is1" = TheAdBlock
"{37ED95F2-6E87-F58C-1CBD-7895C211620A}" = CCC Help Portuguese
"{45606A90-3363-3A3B-1C15-C40E77F4DAA0}" = Quick Login for Google Accounts
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E0BC999-655B-421D-87F3-640C6F2BFC11}" = QCA CardReader Driver Installer
"{53B21E29-3967-C332-57EB-C02631658584}" = TakeTiheeCoupon
"{54C56F5B-D865-D7F0-3781-EC61F5B98DAF}" = CCC Help Greek
"{5C56AD8F-7317-42CB-B5D9-955F4F4BF6A5}" = Catalyst Control Center - Branding
"{611DFBA7-A9E3-8B04-41D7-DC235B826916}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A311B5-8971-93EE-200C-CB478A2B7E06}" = Catalyst Control Center Localization All
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{818D0261-51AE-FD8A-09B2-5ADC4D99B4A5}" = CCC Help Norwegian
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{8531A154-5045-4E32-885A-391F750C5DE2}_is1" = Uschovna.cz 1.1.0
"{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}" = RandeomPRice
"{90150000-0015-0405-0000-0000000FF1CE}" = Microsoft Access MUI (Czech) 2013
"{90150000-0016-0405-0000-0000000FF1CE}" = Microsoft Excel MUI (Czech) 2013
"{90150000-0018-0405-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (Czech) 2013
"{90150000-0019-0405-0000-0000000FF1CE}" = Microsoft Publisher MUI (Czech) 2013
"{90150000-001A-0405-0000-0000000FF1CE}" = Microsoft Outlook MUI (Czech) 2013
"{90150000-001B-0405-0000-0000000FF1CE}" = Microsoft Word MUI (Czech) 2013
"{90150000-001F-0405-0000-0000000FF1CE}" = Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-041B-0000-0000000FF1CE}" = Nástroje korektúry balíka Microsoft Office 2013 - slovenčina
"{90150000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2013
"{90150000-0044-0405-0000-0000000FF1CE}" = Microsoft InfoPath MUI (Czech) 2013
"{90150000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2013
"{90150000-0090-0405-0000-0000000FF1CE}" = Microsoft DCF MUI (Czech) 2013
"{90150000-00A1-0405-0000-0000000FF1CE}" = Microsoft OneNote MUI (Czech) 2013
"{90150000-00BA-0405-0000-0000000FF1CE}" = Microsoft Groove MUI (Czech) 2013
"{90150000-00E1-0405-0000-0000000FF1CE}" = Microsoft Office OSM MUI (Czech) 2013
"{90150000-00E2-0405-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Czech) 2013
"{90150000-012B-0405-0000-0000000FF1CE}" = Microsoft Lync MUI (Czech) 2013
"{9047CBC5-3DBB-66F1-C70E-A3D0DAA7ECFF}" = CCC Help Polish
"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{937A60BC-DB39-CE30-FD1D-B1459DB29D49}" = CCC Help Japanese
"{94AAE917-DF22-8716-4C33-43C99E8CEADE}" = Catalyst Control Center Graphics Previews Common
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}" = BBiotSaver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A952B063-B64B-E618-C4CF-D1EEEF72A5E0}" = CCC Help Russian
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" = Bookmark
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF992111-52BE-832B-5882-8477E4A3C99A}" = DuoWnSaVe
"{B6C6E5B8-F88C-77DA-320F-1B77B308350A}" = CCC Help Turkish
"{B755E7B9-F6ED-E1CF-7521-E521F2DBD9A1}" = CCC Help Italian
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}" = RoboSaveR
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C4C40A58-752D-D291-848F-266EE373EEAA}" = AMD VISION Engine Control Center
"{C681D014-77B5-7E8B-BBE4-3F915FABE95E}" = CCC Help Finnish
"{C89A97B6-F991-EBB5-77B7-927BCF420EBE}" = OEM Application Profile
"{CA1838EF-A497-194E-3850-37A62CEE398B}" = MinimumoPricce
"{CC8962CC-5F32-3D07-3597-0E84A762461A}" = CCC Help Thai
"{CEB0F72B-5A01-60C0-4BF5-DAEBE95EAE4C}" = CCC Help English
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1" = aTube Catcher verze 3.8
"{D586BF67-0A61-4572-BE25-07B40C4CEDA1}" = Adobe Photoshop CS6
"{D8ED1D8D-9834-AEA6-8DFB-160AD84D344A}" = CCC Help Chinese Standard
"{DA961505-4602-420E-A8DA-61F440BE81E8}" = Microsoft Camera Codec Pack
"{E9BDB2DF-1E15-8FBD-F86F-1CBAAEA37A5B}" = CCC Help Spanish
"{EA21EB55-073F-4CF5-A964-0412E755955A}" = Scratch Live 2.5.0 (11)
"{EACA2C34-9C5D-D3B7-7696-814B892CBD0B}" = CCC Help German
"{EF8E0A8D-43CF-5E8E-3ABC-810DD2480EF8}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"aTube Catcher" = aTube Catcher
"Color Efex Pro 4" = Color Efex Pro 4
"FastStone Photo Resizer" = FastStone Photo Resizer 3.2
"FileZilla Client" = FileZilla Client 3.10.3
"Google Chrome" = Google Chrome
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"iSafe" = YAC(Yet Another Cleaner!)
"JPEG Resampler_is1" = JPEG Resampler Vs 5.99.99
"League of Legends 3.0.1" = League of Legends
"Mozilla Firefox 37.0 (x86 cs)" = Mozilla Firefox 37.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktor Kontrol S4 Driver" = Native Instruments Traktor Kontrol S4 Driver
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"Steam" = Steam
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12210" = Grand Theft Auto IV
"Steam App 240" = Counter-Strike: Source
"Steam App 730" = Counter-Strike: Global Offensive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer" = TeamViewer 10
"The KMPlayer" = KMPlayer (remove only)
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.00 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2450193332-3798230347-1995828948-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"959415b99795d6b5" = Partners ANAKIN
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
"Viber" = Viber

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28.9.2014 16:11:13 | Computer Name = Petr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6177

Error - 28.9.2014 16:11:13 | Computer Name = Petr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6177

Error - 28.9.2014 16:11:14 | Computer Name = Petr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28.9.2014 16:11:14 | Computer Name = Petr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7176

Error - 28.9.2014 16:11:14 | Computer Name = Petr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7176

Error - 28.9.2014 16:11:15 | Computer Name = Petr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28.9.2014 16:11:15 | Computer Name = Petr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8174

Error - 28.9.2014 16:11:15 | Computer Name = Petr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8174

Error - 28.9.2014 16:11:16 | Computer Name = Petr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28.9.2014 16:11:16 | Computer Name = Petr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9188

[ System Events ]
Error - 12.2.2015 5:41:27 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7034
Description = Služba TeamViewer 10 byla neočekávaně ukončena. Tento stav nastal
již 3krát.

Error - 12.2.2015 9:28:50 | Computer Name = Petr-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (14:27:06, ?12.?2.?2015) bylo neočekávané.

Error - 16.2.2015 12:24:17 | Computer Name = Petr-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (17:22:36, ?16.?2.?2015) bylo neočekávané.

Error - 19.2.2015 18:23:01 | Computer Name = Petr-PC | Source = Tcpip | ID = 4199
Description = Systém zjistil konflikt IP adresy 10.0.0.37 se systémem, jehož síťová
hardwarová adresa je 4C-7C-5F-D4-FA-C2. Síťové operace v systému mohou být přerušeny.

Error - 7.3.2015 10:48:29 | Computer Name = Petr-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (1:42:42, ?7.?3.?2015) bylo neočekávané.

Error - 13.3.2015 6:25:38 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby p2pimsvc bylo dosaženo časového
limitu (30000 ms).

Error - 16.3.2015 9:57:17 | Computer Name = Petr-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error - 17.3.2015 4:22:28 | Computer Name = Petr-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (17:11:40, ?16.?3.?2015) bylo neočekávané.

Error - 21.3.2015 8:25:34 | Computer Name = Petr-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (12:08:07, ?19.?3.?2015) bylo neočekávané.

Error - 21.3.2015 16:14:15 | Computer Name = Petr-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

< End of report >

#5 Příspěvek od **vyosek** » 05 dub 2015 12:47

vyosek píše: Jen se zeptam pouzivate legalni operacni system, nejvyssi licence (v hodnote nejake tisic) Ultimate zrovna neni bezna domaci verze

gledy · #6 Příspěvek od **gledy** » 05 dub 2015 12:54

vyosek píše:
vyosek píše: Jen se zeptam pouzivate legalni operacni system, nejvyssi licence (v hodnote nejake tisic) Ultimate zrovna neni bezna domaci verze

Omlouvám se, tohle mi vypadlo.. Ne

#7 Příspěvek od **vyosek** » 05 dub 2015 12:57

Pak je mi lito, ale pravidla fora a charty mezinarodni aliance ASAP hovori jasne - nelegalnimi systemy se nezabyvame...

Jen poradim aspon trochu, zkuste vycistit AdwCleanerem, MBAMem a CCleanerem - vice bohuzel poradit nemohu

VIRY.CZ

Reklamy v prohlížeči + další nepořádek v ntb

Reklamy v prohlížeči + další nepořádek v ntb

Re: Reklamy v prohlížeči + další nepořádek v ntb

Re: Reklamy v prohlížeči + další nepořádek v ntb

Re: Reklamy v prohlížeči + další nepořádek v ntb

Re: Reklamy v prohlížeči + další nepořádek v ntb

Re: Reklamy v prohlížeči + další nepořádek v ntb

Re: Reklamy v prohlížeči + další nepořádek v ntb