Win32/Remtasu Troják

Zpráva

kodl74 · #16 Příspěvek od **kodl74** » 05 lis 2012 00:46

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rodina Plachá\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,25 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 52,19% Memory free
6,49 Gb Paging File | 4,95 Gb Available in Paging File | 76,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,97 Gb Total Space | 201,62 Gb Free Space | 68,82% Space Free | Partition Type: NTFS
Drive D: | 303,19 Gb Total Space | 77,18 Gb Free Space | 25,45% Space Free | Partition Type: NTFS
Drive F: | 0,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: RODINAPLACHÁ-PC | User Name: rodina Plachá | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.11.04 23:59:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rodina Plachá\Desktop\OTL.exe
PRC - [2012.11.03 05:12:03 | 000,568,832 | ---- | M] (Microsoft) -- C:\Users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe
PRC - [2012.09.19 08:45:35 | 000,295,440 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012.09.19 08:45:30 | 000,078,352 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012.09.19 08:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012.03.07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012.03.07 14:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011.07.05 22:32:12 | 013,283,456 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\Nexus.exe
PRC - [2011.05.25 12:29:32 | 001,981,952 | ---- | M] () -- D:\HTC Hodiny 3.0\Clock.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\WsxService.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.28 21:51:26 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.09.28 21:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.03.25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\GUI.exe
PRC - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.14 09:09:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 09:08:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 09:08:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.13 20:31:26 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.13 20:29:09 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012.06.13 20:28:58 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012.06.13 20:28:50 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012.06.13 20:28:48 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.05.11 08:26:44 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
MOD - [2012.05.11 08:25:17 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012.05.11 08:25:15 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012.05.10 17:04:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 17:03:30 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 17:03:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 17:03:23 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 17:03:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.10 15:44:00 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012.05.10 15:41:38 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012.05.10 15:41:33 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.05.10 15:41:32 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.05.10 15:41:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.10 15:41:26 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.10 15:41:21 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011.05.25 12:29:32 | 001,981,952 | ---- | M] () -- D:\HTC Hodiny 3.0\Clock.exe
MOD - [2010.11.13 03:37:08 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 02:54:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.30 22:36:20 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.07.28 15:00:02 | 002,351,175 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\Normal.dll
MOD - [2010.07.20 15:23:56 | 000,196,608 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\GVTunner.dll
MOD - [2010.06.10 15:52:24 | 000,110,592 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\AMD8.dll
MOD - [2010.05.28 14:15:02 | 000,344,131 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\work.dll
MOD - [2010.05.27 10:08:58 | 000,139,264 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\OCK.dll
MOD - [2010.05.25 14:00:34 | 000,290,816 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\MFCCPU.dll
MOD - [2010.04.12 16:59:06 | 000,430,080 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.03.12 05:40:58 | 004,449,632 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\platform.dll
MOD - [2010.03.12 05:40:56 | 000,423,256 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\device.dll
MOD - [2010.01.12 17:09:20 | 000,102,400 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\SF.dll
MOD - [2009.12.22 16:52:04 | 000,102,400 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\ycc.dll
MOD - [2009.10.21 14:07:06 | 000,106,496 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\HM.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.05.07 15:22:58 | 000,102,400 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\CIAMIB.dll
MOD - [2008.03.25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\GUI.exe
MOD - [2007.10.02 15:41:38 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2003.02.14 14:11:46 | 000,102,400 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\Sound.dll

========== Services (SafeList) ==========

SRV - [2012.10.27 14:38:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.22 19:57:31 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.09 14:32:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.19 08:45:35 | 000,295,440 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012.09.19 08:45:30 | 000,078,352 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012.09.19 08:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012.03.07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.02.11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2011.02.11 14:51:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.09.28 21:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\RODINA~1\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\RODINA~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\RODINA~1\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ab353q6o)
DRV - [2012.11.04 23:16:15 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2012.11.04 23:15:58 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.09.19 15:12:50 | 000,089,616 | ---- | M] (CyberLink Corp.) [2012/10/26 14:32:28] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({73526619-C24F-470B-9BED-53D455FBB5C6})
DRV - [2012.08.12 19:00:35 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2012.07.29 07:20:25 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.07.29 07:20:25 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.06.20 10:35:49 | 000,121,208 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys -- (ntk_PowerDVD12)
DRV - [2012.03.14 07:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012.03.14 07:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012.03.14 07:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012.03.14 07:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012.03.14 07:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2012.01.20 14:07:17 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.12.18 19:02:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.12.18 19:02:42 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.09.20 06:00:44 | 000,523,904 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerPola.sys -- (AVerPola)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.28 22:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.09.28 22:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.28 21:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.03.12 05:35:48 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys -- (AODDriver)
DRV - [2009.10.26 22:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.05.01 00:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.04.30 23:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009.04.30 23:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.07.26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.07.25 23:04:04 | 000,800,000 | ---- | M] (Animation Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVHybrid.sys -- (LVHybrid)

kodl74 · #17 Příspěvek od **kodl74** » 05 lis 2012 00:47

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\rodina Plachá\Desktop
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8
FF - prefs.js..extensions.enabledAddons: notreal.ccoptions@environmentalchemistry.com:10.0.2
FF - prefs.js..extensions.enabledAddons: {2b6788a0-0ccd-11e1-be50-0800200c9a66}:2.3.3
FF - prefs.js..extensions.enabledItems: ALone-live@ya.ru:1.3.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 14:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 14:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.05.17 10:36:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 14:38:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 14:38:14 | 000,000,000 | ---D | M]

[2012.02.05 17:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Extensions
[2012.02.05 17:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.10.13 15:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions
[2012.07.10 16:49:38 | 000,000,000 | ---D | M] (8 Ultimo) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66}
[2012.08.04 20:17:55 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions\ALone-live@ya.ru
[2012.09.05 17:18:26 | 000,159,657 | ---- | M] () (No name found) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
[2012.07.25 17:34:37 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.05 17:08:20 | 001,073,809 | ---- | M] () (No name found) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi
[2012.10.27 14:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.27 14:38:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\RODINA PLACHĂˇ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9TQJKM2.DEFAULT\EXTENSIONS\ALONE-LIVE@YA.RU
File not found (No name found) -- C:\USERS\RODINA PLACHĂˇ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9TQJKM2.DEFAULT\EXTENSIONS\NOTREAL.CCOPTIONS@ENVIRONMENTALCHEMISTRY.COM.XPI
[2012.10.27 14:38:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.30 19:34:38 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012.04.25 11:49:42 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.04.25 11:49:42 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.12.13 01:09:23 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2012.04.25 11:49:42 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.04.25 11:49:42 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.04.25 11:49:42 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2012.11.04 23:15:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1286337246-397317185-390026832-1000..\Run: [Clock Widget (HTC Home)] D:\HTC Hodiny 3.0\Clock.exe ()
O4 - HKU\S-1-5-21-1286337246-397317185-390026832-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1286337246-397317185-390026832-1000..\Run: [KMPlayer] C:\Users\rodina Plachá\AppData\Roaming\nivida\KMPlayer.exe (Microsoft)
O4 - HKU\S-1-5-21-1286337246-397317185-390026832-1000..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe (Winstep Software Technologies)
O4 - HKU\S-1-5-21-1286337246-397317185-390026832-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe ()
O4 - Startup: C:\Users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1286337246-397317185-390026832-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1286337246-397317185-390026832-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.240.178.250 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BDEE68E-FC70-4DAC-B5AE-D8186D72C983}: DhcpNameServer = 62.240.178.250 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.08.10 20:03:37 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.11.04 23:59:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rodina Plachá\Desktop\OTL.exe
[2012.11.04 23:16:26 | 000,000,000 | RHSD | C] -- C:\Users\rodina Plachá\AppData\Roaming\nivida
[2012.11.04 23:15:59 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.11.04 23:06:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.04 23:06:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.04 23:06:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.04 23:06:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.04 23:05:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.04 23:03:51 | 004,996,943 | R--- | C] (Swearware) -- C:\Users\rodina Plachá\Desktop\ComboFix.exe
[2012.11.04 22:52:31 | 001,679,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\rodina Plachá\Desktop\rkill.com
[2012.11.04 22:42:42 | 000,000,000 | ---D | C] -- C:\Users\rodina Plachá\Desktop\RK_Quarantine
[2012.11.04 22:38:28 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\rodina Plachá\Desktop\MbrScan.exe
[2012.11.04 10:18:38 | 000,568,832 | ---- | C] (Microsoft) -- C:\Users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe
[2012.11.04 10:18:38 | 000,000,000 | RHSD | C] -- C:\Windows\System32\nivida
[2012.11.02 19:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 2013
[2012.11.02 19:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Farming Simulator 2013
[2012.10.31 13:37:46 | 000,000,000 | ---D | C] -- C:\Users\rodina Plachá\Desktop\Tungové války
[2011.04.24 09:28:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\rodina Plachá\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.11.05 00:28:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.11.04 23:59:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rodina Plachá\Desktop\OTL.exe
[2012.11.04 23:48:16 | 000,139,264 | ---- | M] () -- C:\Users\rodina Plachá\Desktop\SystemLook.exe
[2012.11.04 23:32:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.04 23:23:25 | 000,014,224 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.04 23:23:25 | 000,014,224 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.04 23:20:11 | 000,639,970 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.11.04 23:20:11 | 000,624,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.04 23:20:11 | 000,126,882 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.11.04 23:20:11 | 000,110,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.04 23:16:15 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2012.11.04 23:16:15 | 000,000,004 | ---- | M] () -- C:\Windows\System32\GVTunner.ref
[2012.11.04 23:15:58 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2012.11.04 23:15:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.04 23:15:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.04 23:15:05 | 2615,320,576 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.04 23:04:01 | 004,996,943 | R--- | M] (Swearware) -- C:\Users\rodina Plachá\Desktop\ComboFix.exe
[2012.11.04 22:52:32 | 001,679,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\rodina Plachá\Desktop\rkill.com
[2012.11.04 22:45:22 | 000,000,512 | ---- | M] () -- C:\Users\rodina Plachá\Desktop\Dump_Hdd0_DR0.mbr
[2012.11.04 22:41:52 | 000,430,592 | ---- | M] () -- C:\Users\rodina Plachá\Desktop\RogueKiller.exe
[2012.11.04 22:38:30 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\rodina Plachá\Desktop\MbrScan.exe
[2012.11.03 05:12:03 | 000,568,832 | ---- | M] (Microsoft) -- C:\Users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.05 00:04:12 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.11.04 23:48:15 | 000,139,264 | ---- | C] () -- C:\Users\rodina Plachá\Desktop\SystemLook.exe
[2012.11.04 23:16:15 | 000,000,004 | ---- | C] () -- C:\Windows\System32\GVTunner.ref
[2012.11.04 23:06:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.04 23:06:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.04 23:06:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.04 23:06:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.04 23:06:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.04 22:45:22 | 000,000,512 | ---- | C] () -- C:\Users\rodina Plachá\Desktop\Dump_Hdd0_DR0.mbr
[2012.11.04 22:41:47 | 000,430,592 | ---- | C] () -- C:\Users\rodina Plachá\Desktop\RogueKiller.exe
[2012.07.30 09:18:51 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2012.05.20 21:37:43 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012.05.06 10:21:37 | 000,000,132 | ---- | C] () -- C:\Users\rodina Plachá\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
[2012.04.16 10:44:17 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012.03.31 18:59:33 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll
[2011.12.18 19:02:42 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.12.18 19:02:42 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.10.30 18:49:41 | 000,000,132 | ---- | C] () -- C:\Users\rodina Plachá\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2011.10.30 15:01:15 | 000,000,039 | ---- | C] () -- C:\Windows\ka.ini
[2011.08.10 17:55:02 | 000,000,177 | ---- | C] () -- C:\Windows\disney.ini
[2011.04.24 09:28:53 | 000,087,608 | ---- | C] () -- C:\Users\rodina Plachá\AppData\Roaming\inst.exe
[2011.04.24 09:28:53 | 000,007,887 | ---- | C] () -- C:\Users\rodina Plachá\AppData\Roaming\pcouffin.cat
[2011.04.24 09:28:53 | 000,001,144 | ---- | C] () -- C:\Users\rodina Plachá\AppData\Roaming\pcouffin.inf
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.06 17:41:55 | 000,022,328 | ---- | C] () -- C:\Users\rodina Plachá\AppData\Roaming\PnkBstrK.sys
[2011.03.10 21:01:04 | 000,001,189 | ---- | C] () -- C:\Users\rodina Plachá\AppData\Roaming\vso_ts_preview.xml
[2011.03.01 12:25:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.03.01 12:24:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.10 21:10:06 | 000,165,386 | ---- | C] () -- C:\Windows\hpoins32.dat.temp
[2011.02.10 21:10:06 | 000,001,006 | ---- | C] () -- C:\Windows\hpomdl32.dat.temp
[2011.02.10 20:43:30 | 000,179,253 | ---- | C] () -- C:\Windows\hpoins32.dat
[2011.02.10 16:55:00 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2011.02.10 16:49:29 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.02.10 16:48:15 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.02.10 16:31:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.03 21:55:08 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.03 21:54:58 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

kodl74 · #18 Příspěvek od **kodl74** » 05 lis 2012 00:48

========== LOP Check ==========

[2012.02.15 21:02:24 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\AlderGames
[2012.09.21 21:08:23 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\AnvSoft
[2011.03.10 11:33:06 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Artogon
[2011.11.25 13:47:22 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Ashampoo
[2011.05.06 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Awem
[2012.09.27 10:03:34 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\calibre
[2012.05.06 14:19:47 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.10.02 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\DAEMON Tools Lite
[2011.03.13 13:46:46 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Dream Aquarium
[2011.11.26 13:39:57 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\DVDFab
[2011.02.10 17:01:45 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\ESET
[2011.09.11 16:40:40 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\GHISLER
[2011.12.18 18:30:46 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Leadertech
[2012.05.03 16:52:44 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Marine Aquarium 3
[2012.01.27 12:29:58 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Maxthon3
[2011.03.22 18:29:19 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\MoveFab
[2011.04.22 19:05:16 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\mp3DirectCut
[2012.10.26 14:30:50 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Mp3tag
[2012.11.04 23:16:26 | 000,000,000 | RHSD | M] -- C:\Users\rodina Plachá\AppData\Roaming\nivida
[2012.02.05 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Opera
[2011.12.16 12:47:09 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Photo DVD Slideshow
[2011.05.15 11:36:08 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\picpick
[2012.02.05 16:29:02 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\ProtectDISC
[2012.10.10 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Rovio
[2011.02.11 13:39:22 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\runic games
[2012.09.26 21:30:04 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\SolSuite
[2011.10.10 19:18:50 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\SoundSpectrum
[2012.10.26 15:49:49 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\SPORE
[2011.07.11 22:04:40 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.11.08 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Sytexis Software
[2012.04.09 13:54:33 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\TeraCopy
[2011.12.08 17:32:15 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Trine2
[2011.04.25 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Ulead Systems
[2012.11.04 23:45:32 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\uTorrent
[2012.08.01 12:10:28 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Vso
[2012.05.26 09:28:50 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Wise Registry Cleaner
[2012.02.15 21:18:21 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\wrapper
[2011.09.05 20:56:16 | 000,000,000 | -HSD | M] -- C:\Users\rodina Plachá\AppData\Roaming\wyUpdate AU
[2012.08.10 21:06:36 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Youtube Downloader HD
[2012.10.23 16:15:07 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Zoner

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 05:53:46 | 000,032,574 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.04.12 09:25:41 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: KM PLAYER.EXE >
[2012.11.03 05:12:03 | 000,568,832 | ---- | M] (Microsoft) MD5=639D0A29F5239209394D9089042BFBFF -- C:\Users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2012.09.07 16:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 05:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 06:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.09.29 17:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2012.08.22 18:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011.04.25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 17:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2012.03.30 11:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011.09.29 16:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011.09.29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011.04.25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012.03.30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 05:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 10:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011.06.21 06:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010.06.14 07:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2012.08.22 18:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\erdnt\cache\tcpip.sys
[2012.08.22 18:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\System32\drivers\tcpip.sys
[2012.08.22 18:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2010.06.14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011.06.21 06:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011.06.21 07:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012.03.30 11:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 16:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< >

< c:\windows\system32\nivida\*.* >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[6 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\System32\config\systemprofile\AppData\Roaming\CyberLink\RVInfo\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Roaming\CyberLink\RVInfo\*.tmp -> ]
[2 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\twain_32\*.tmp files -> C:\Windows\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.07.20 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Adobe
[2011.07.11 22:04:40 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Adobe Mini Bridge CS5
[2012.02.15 21:02:24 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\AlderGames
[2012.09.21 21:08:23 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\AnvSoft
[2011.02.24 18:26:33 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Apple Computer
[2011.03.10 11:33:06 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Artogon
[2011.11.25 13:47:22 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Ashampoo
[2011.02.10 17:27:20 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\ATI
[2011.05.06 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Awem
[2012.09.27 10:03:34 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\calibre
[2012.05.06 14:19:47 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.10.26 13:33:17 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\CyberLink
[2012.10.02 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\DAEMON Tools Lite
[2011.03.13 13:46:46 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Dream Aquarium
[2012.02.29 17:13:30 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\dvdcss
[2011.11.26 13:39:57 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\DVDFab
[2011.02.10 17:01:45 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\ESET
[2011.09.11 16:40:40 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\GHISLER
[2011.02.10 21:30:26 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\HP
[2011.07.03 18:32:16 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Identities
[2012.05.12 15:07:59 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\InstallShield
[2011.12.18 18:30:46 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Leadertech
[2012.04.17 18:27:41 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Logitech
[2011.02.10 17:22:09 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Macromedia
[2011.02.16 09:13:09 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Malwarebytes
[2012.05.03 16:52:44 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Marine Aquarium 3
[2012.01.27 12:29:58 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Maxthon3
[2009.07.14 10:20:06 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Media Center Programs
[2011.03.25 10:43:49 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Media Player Classic
[2012.06.23 21:56:15 | 000,000,000 | --SD | M] -- C:\Users\rodina Plachá\AppData\Roaming\Microsoft
[2011.03.22 18:29:19 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\MoveFab
[2012.02.05 17:47:41 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla
[2011.04.22 19:05:16 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\mp3DirectCut
[2012.10.26 14:30:50 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Mp3tag
[2012.11.04 23:16:26 | 000,000,000 | RHSD | M] -- C:\Users\rodina Plachá\AppData\Roaming\nivida
[2012.02.05 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Opera
[2011.12.16 12:47:09 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Photo DVD Slideshow
[2011.05.15 11:36:08 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\picpick
[2012.02.05 16:29:02 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\ProtectDISC
[2012.10.10 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Rovio
[2011.02.11 13:39:22 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\runic games
[2012.11.05 00:16:08 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Skype
[2012.09.26 21:30:04 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\SolSuite
[2011.10.10 19:18:50 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\SoundSpectrum
[2012.10.26 15:49:49 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\SPORE
[2011.07.11 22:04:40 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.11.08 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Sytexis Software
[2012.04.09 13:54:33 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\TeraCopy
[2011.12.08 17:32:15 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Trine2
[2011.04.25 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Ulead Systems
[2012.11.04 23:45:32 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\uTorrent
[2012.08.01 12:10:28 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Vso
[2011.02.10 18:00:50 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\WinRAR
[2012.05.26 09:28:50 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Wise Registry Cleaner
[2012.02.15 21:18:21 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\wrapper
[2011.09.05 20:56:16 | 000,000,000 | -HSD | M] -- C:\Users\rodina Plachá\AppData\Roaming\wyUpdate AU
[2012.08.10 21:06:36 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Youtube Downloader HD
[2012.10.23 16:15:07 | 000,000,000 | ---D | M] -- C:\Users\rodina Plachá\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2011.10.16 10:36:32 | 000,087,608 | ---- | M] () -- C:\Users\rodina Plachá\AppData\Roaming\inst.exe
[2012.06.29 22:31:37 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\rodina Plachá\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.02.10 21:06:04 | 000,010,134 | R--- | M] () -- C:\Users\rodina Plachá\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.11.21 21:33:16 | 000,010,134 | R--- | M] () -- C:\Users\rodina Plachá\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2012.11.03 05:12:03 | 000,568,832 | ---- | M] (Microsoft) -- C:\Users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe
[2012.11.03 05:12:03 | 000,568,832 | RHS- | M] (Microsoft) -- C:\Users\rodina Plachá\AppData\Roaming\nivida\KMPlayer.exe
[2012.02.01 15:01:12 | 005,508,752 | ---- | M] (Spidla) -- C:\Users\rodina Plachá\AppData\Roaming\wrapper\Carodejka.exe
[2012.02.15 21:18:21 | 001,602,560 | -H-- | M] () -- C:\Users\rodina Plachá\AppData\Roaming\wrapper\game.exe
[2012.02.15 21:00:25 | 001,173,631 | ---- | M] () -- C:\Users\rodina Plachá\AppData\Roaming\wrapper\unins000.exe
[2011.06.27 20:56:37 | 012,505,560 | ---- | M] (ZONER software ) -- C:\Users\rodina Plachá\AppData\Roaming\Zoner\NLMDB\product.0034\autoupdate.cz\ZPS13_Update_Build07.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012.11.05 00:32:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.01.20 14:07:17 | 000,428,088 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2012.11.04 23:16:15 | 000,024,944 | ---- | M] () -- C:\Windows\system32\drivers\GVTDrv.sys

< %systemroot%\system32\*.* /3 >
[2012.11.04 23:23:25 | 000,014,224 | ---- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.04 23:23:25 | 000,014,224 | ---- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.04 23:16:15 | 000,000,004 | ---- | M] () -- C:\Windows\system32\GVTunner.ref
[2012.11.04 23:20:11 | 000,126,882 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.11.04 23:20:11 | 000,110,438 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.11.04 23:20:11 | 000,639,970 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.11.04 23:20:11 | 000,624,800 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.11.04 23:20:11 | 001,497,710 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Nexus" = C:\Program Files\Winstep\Nexus.exe autostart -- [2011.07.05 22:32:12 | 013,283,456 | ---- | M] (Winstep Software Technologies)
"Clock Widget (HTC Home)" = "D:\HTC Hodiny 3.0\Clock.exe" -- [2011.05.25 12:29:32 | 001,981,952 | ---- | M] ()
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2012.01.19 18:08:34 | 003,477,312 | ---- | M] (DT Soft Ltd)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.10.11 16:49:48 | 014,940,040 | R--- | M] (Skype Technologies S.A.)
"KMPlayer" = C:\Users\rodina Plachá\AppData\Roaming\nivida\KMPlayer.exe -- [2012.11.03 05:12:03 | 000,568,832 | RHS- | M] (Microsoft)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.10.27 14:38:19 | 000,917,984 | ---- | M] (Mozilla Corporation) MD5=E60E9D5F229CB8DA347D48ADD6E8DC47 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012.08.24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2012.10.07 10:31:20 | 000,874,896 | ---- | M] (Opera Software) MD5=E9B8F06429A1727D9FD9D4CE023EDCEB -- C:\Program Files\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.11.05 00:28:18 | 000,000,512 | ---- | M] () MD5=5486261CA6CA79C2AD9EA671ED99BFAF -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2011.11.10 20:55:03 | 000,018,466 | ---- | M] () -- \torrent\Adobe Acrobat Pro v9.4.6 CZ.SK+SN+Crack.torrent
[2011.12.14 20:21:51 | 000,016,863 | ---- | M] () -- \torrent\Angry.Birds.Rio.v1.4.0.cracked.READ.NFO-THETA.torrent

< *keygen* /s >

< *loader* /s >
[2012.08.30 21:18:08 | 000,098,883 | ---- | M] () -- \Flashtool\devices\E10\loader.sin
[2012.08.30 21:18:08 | 000,103,949 | ---- | M] () -- \Flashtool\devices\E10\loader_unlocked.sin
[2012.08.30 21:18:08 | 000,098,883 | ---- | M] () -- \Flashtool\devices\E15\loader.sin
[2012.08.30 21:18:08 | 000,103,949 | ---- | M] () -- \Flashtool\devices\E15\loader_unlocked.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\devices\LT15\loader.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\devices\LT18\loader.sin
[2012.08.30 21:18:08 | 000,100,712 | ---- | M] () -- \Flashtool\devices\LT22\loader.sin
[2012.08.30 21:18:08 | 000,136,600 | ---- | M] () -- \Flashtool\devices\LT26\loader.sin
[2012.08.30 21:18:08 | 000,136,600 | ---- | M] () -- \Flashtool\devices\LT28\loader.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\devices\MK16\loader.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\devices\MT11\loader.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\devices\MT15\loader.sin
[2012.08.30 21:18:08 | 000,100,712 | ---- | M] () -- \Flashtool\devices\MT27\loader.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\devices\R800\loader.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\devices\SK17\loader.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\devices\ST15\loader.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\devices\ST17\loader.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\devices\ST18\loader.sin
[2012.08.30 21:18:08 | 000,100,712 | ---- | M] () -- \Flashtool\devices\ST25\loader.sin
[2012.08.30 21:18:08 | 000,100,712 | ---- | M] () -- \Flashtool\devices\ST27\loader.sin
[2012.08.30 21:18:08 | 000,098,883 | ---- | M] () -- \Flashtool\devices\U20\loader.sin
[2012.08.30 21:18:08 | 000,103,949 | ---- | M] () -- \Flashtool\devices\U20\loader_unlocked.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\devices\WT19\loader.sin
[2012.08.30 21:18:08 | 000,087,559 | ---- | M] () -- \Flashtool\devices\X10\loader.sin
[2012.08.30 21:18:08 | 000,087,569 | ---- | M] () -- \Flashtool\devices\X10\loader_unlocked.sin
[2012.08.30 21:18:08 | 000,100,591 | ---- | M] () -- \Flashtool\loaders\S1_Loader_Root_773f.sin
[2011.06.09 22:52:42 | 005,299,048 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\Photodownloader.exe
[2010.03.09 00:38:58 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2010.03.09 00:38:58 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\de_de\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\en_us\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\es_es\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\it_it\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\no_no\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,308 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2010.03.09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2012.09.21 11:06:42 | 000,044,032 | R--- | M] () -- \Program Files\Calibre2\DLLs\PyISAPI_loader.dll
[2012.08.27 20:33:18 | 000,008,827 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2012.09.10 12:51:10 | 000,000,034 | ---- | M] () -- \Program Files\CyberLink\PowerDVD12\ComLoader.ini
[2012.09.19 08:53:49 | 000,127,504 | ---- | M] () -- \Program Files\CyberLink\PowerDVD12\Common\Koan\pyloader.dll
[2012.06.13 08:41:28 | 000,018,123 | ---- | M] () -- \Program Files\CyberLink\PowerDVD12\MediaEspresso\subsys\DataCenter\ImageLoader.kc
[2012.07.19 08:20:16 | 000,028,102 | ---- | M] () -- \Program Files\CyberLink\PowerDVD12\Movie\PK\subsys\PyImpLoader\PyImpLoader.kc
[2012.09.19 09:28:34 | 000,123,408 | ---- | M] () -- \Program Files\CyberLink\PowerDVD12\Movie\PK\subsys\PyImpLoader\_PyImpLoader.pyd
[2012.09.07 07:38:48 | 000,012,088 | ---- | M] () -- \Program Files\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\mm\MediaCtrl\ImageLoader.kc
[2012.06.04 09:04:24 | 000,012,020 | ---- | M] () -- \Program Files\CyberLink\PowerDVD12\Movie\PowerDVD Cox\mm\MediaCtrl\ImageLoader.kc
[2012.09.10 12:50:34 | 000,022,781 | ---- | M] () -- \Program Files\CyberLink\PowerDVD12\subsys\DataCenter\ImageLoader.kc
[2012.09.10 12:50:35 | 000,007,947 | ---- | M] () -- \Program Files\CyberLink\PowerDVD12\subsys\NetService\netThumbLoader.kc
[2012.09.10 12:50:37 | 000,001,566 | ---- | M] () -- \Program Files\CyberLink\PowerDVD12\subsys\Video\D3D9Loader.kc
[2010.11.26 00:00:16 | 002,525,480 | ---- | M] () -- \Program Files\CyberLink\Shared files\Plugin\7.0\CES_3DLoaderFBX.dll
[2011.10.04 10:00:08 | 002,532,136 | ---- | M] () -- \Program Files\CyberLink\Shared files\Plugin\8.0\CES_3DLoaderFBX.dll
[2012.03.16 12:43:12 | 000,071,008 | ---- | M] () -- \Program Files\Farming Simulator 2013\PhysXLoader.dll
[2012.06.19 18:12:02 | 000,032,896 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\store_deutzFrontloaderBalefork.dds
[2012.06.19 18:12:02 | 000,032,896 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\store_deutzFrontloaderPalletfork.dds
[2012.06.19 18:12:02 | 000,032,896 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\store_deutzFrontloaderShovel.dds
[2012.06.29 12:45:50 | 000,032,896 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\store_deutzFrontloaderSilageFork.dds
[2012.08.28 17:43:02 | 000,032,896 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\store_wheelloader.dds
[2012.10.12 11:59:48 | 003,168,958 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzAgrofarmFrontloader.i3d
[2012.10.05 14:00:52 | 000,008,582 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzAgrofarmFrontloader.xml
[2010.10.01 14:08:06 | 000,696,448 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzAgrofarmFrontloader_diffuse.dds
[2010.09.28 09:29:56 | 000,174,904 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzAgrofarmFrontloader_normal.dds
[2010.09.28 15:05:12 | 000,174,904 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzAgrofarmFrontloader_specular.dds
[2012.09.17 06:18:20 | 000,088,703 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzFrontloaderBalefork.i3d
[2012.10.05 14:00:52 | 000,000,854 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzFrontloaderBalefork.xml
[2012.09.17 06:18:20 | 000,105,847 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzFrontloaderPalletfork.i3d
[2012.10.05 14:00:52 | 000,000,857 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzFrontloaderPalletfork.xml
[2012.09.11 21:13:26 | 000,094,161 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzFrontloaderShovel.i3d
[2012.10.09 09:22:20 | 000,003,040 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzFrontloaderShovel.xml
[2012.10.10 16:22:24 | 000,262,878 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzFrontloaderSilageFork.i3d
[2012.10.10 15:12:02 | 000,002,966 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\deutz\deutzFrontloaderSilageFork.xml
[2012.10.09 14:47:26 | 002,654,362 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoader.i3d
[2012.10.09 14:47:26 | 000,010,051 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoader.xml
[2012.09.02 14:57:46 | 000,134,236 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoaderIdle.wav
[2012.09.02 14:57:46 | 000,080,314 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoaderStart.wav
[2012.09.16 16:48:02 | 000,059,542 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoaderStop.wav
[2012.08.27 19:23:24 | 000,699,192 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoaderWheel_diffuse.dds
[2012.08.27 19:23:24 | 000,699,192 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoaderWheel_normal.dds
[2012.08.27 19:23:24 | 000,043,832 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoaderWheel_specular.dds
[2012.08.27 19:23:24 | 002,796,344 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoader_diffuse.dds
[2012.08.27 19:23:24 | 002,796,344 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoader_normal.dds
[2012.09.02 14:57:46 | 000,188,618 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoader_run.wav
[2012.08.27 19:23:24 | 000,174,904 | ---- | M] () -- \Program Files\Farming Simulator 2013\data\vehicles\steerable\lizard\wheelLoader_specular.dds
[2011.12.07 14:50:30 | 000,064,352 | ---- | M] () -- \Program Files\Frozenbyte\Trine 2\PhysXLoader.dll
[2011.12.07 14:50:30 | 000,066,912 | ---- | M] () -- \Program Files\Frozenbyte\Trine 2\PhysXLoader64.dll
[2009.05.21 20:21:18 | 000,007,507 | ---- | M] () -- \Program Files\HP\Digital Imaging\HelpViewer\Resources\Loader.swf
[2009.09.20 12:15:26 | 000,030,776 | ---- | M] () -- \Program Files\HP\Digital Imaging\Smart Web Printing\RsrcLoaderLib.dll
[2009.09.20 12:15:26 | 000,002,713 | ---- | M] () -- \Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\uriloader.xpt
[2009.05.31 02:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012.10.24 14:10:46 | 000,001,702 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\licenses\loaderbinarylegal.txt
[2006.12.23 17:37:56 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2012.05.03 23:03:14 | 000,370,070 | ---- | M] () -- \Program Files\Youtube Downloader HD\downloader-hd.ico
[2012.06.15 08:27:10 | 005,108,224 | ---- | M] () -- \Program Files\Youtube Downloader HD\YouTubeDownloaderHD.exe
[2012.08.10 21:04:55 | 000,000,061 | ---- | M] () -- \Program Files\Youtube Downloader HD\YoutubeDownloaderHD.url
[2012.10.18 16:48:18 | 000,430,080 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSPluginLoader.exe
[2012.10.18 16:47:30 | 000,442,368 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 14:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSPluginLoader.exe
[2012.10.18 16:48:44 | 000,194,560 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPluginLoader.exe
[2012.10.18 16:56:18 | 000,103,520 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\8bfLoader.exe
[2012.10.18 16:56:32 | 000,017,504 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\WICLoader.exe
[2012.08.10 21:04:55 | 000,001,129 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD\Youtube Downloader HD.lnk
[2012.08.10 21:04:55 | 000,001,129 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD\Youtube Downloader HD.lnk
[2012.01.23 17:56:54 | 000,009,051 | ---- | M] () -- \Users\rodina Plachá\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\loader.gif
[2012.01.23 17:56:54 | 000,011,274 | ---- | M] () -- \Users\rodina Plachá\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.jpg
[2012.01.23 17:56:54 | 000,004,856 | ---- | M] () -- \Users\rodina Plachá\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\ImageInfoLoader.js
[2012.10.13 13:55:59 | 000,000,049 | ---- | M] () -- \Users\rodina Plachá\AppData\Roaming\Youtube Downloader HD\YouTubeDownloaderHD.ini
[2012.03.16 12:43:12 | 000,071,008 | ---- | M] () -- \Users\rodina Plachá\Desktop\Farming Simulator 2013\čeština\PhysXLoader.dll
[2011.02.10 18:20:16 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2010.07.01 19:09:54 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2012.08.20 18:32:13 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2012.06.29 22:33:42 | 000,003,620 | ---- | M] () -- \Windows\System32\Tasks\Launch HTC Sync Loader
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 09:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 09:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 09:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2011.03.01 12:30:52 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2011.03.01 12:30:52 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2011.03.01 12:30:52 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 09:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 08:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 08:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 07:22:35 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 06:45:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:19:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.18 12:09:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 07:13:36 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:47:28 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll

< >

< End of report >

kodl74 · #19 Příspěvek od **kodl74** » 05 lis 2012 00:49

OTL Extras logfile created on: 5.11.2012 0:26:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rodina Plachá\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,25 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 52,19% Memory free
6,49 Gb Paging File | 4,95 Gb Available in Paging File | 76,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,97 Gb Total Space | 201,62 Gb Free Space | 68,82% Space Free | Partition Type: NTFS
Drive D: | 303,19 Gb Total Space | 77,18 Gb Free Space | 25,45% Space Free | Partition Type: NTFS
Drive F: | 0,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: RODINAPLACHÁ-PC | User Name: rodina Plachá | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1286337246-397317185-390026832-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8DE277A7-22D0-42A3-9297-93B12F663DE0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{903D1DCF-8448-4ABE-B37F-9166149293F4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BD5A2716-2AD7-4D8C-8A3C-D26B545123B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F610B15-6AC1-4D3D-B25C-92875B9881F9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{227A4908-AF1E-429F-B0BA-C5137B7A7741}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{23CC1999-168F-4970-ABC8-725FFB027F62}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2905B13D-8917-4098-B9B7-4CD917D54E12}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{29E6AC4F-2F8A-43FA-B5F1-B722A2D51E21}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{2ED1A125-6511-4142-A1FE-A4E6B9C960E2}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{387AFC53-ABFC-46AF-9E00-44AEB108C773}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12agent.exe |
"{499DCAE1-2FDE-4321-AE53-C622ABF31D56}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{526FEA35-C140-4561-BAA6-0EDC08E60D95}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{529D4D32-FCFE-40A6-AC6E-5443141BE364}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{532B722C-F304-4ACF-82A0-FF7F71E51F91}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{5A30946F-B98A-4BB7-94C3-802B44227B01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{5C0754C3-2EED-4C92-9104-005DDC3B04FC}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12.exe |
"{5C6315AF-2699-410E-BFAF-FB77D5BE15D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5C7476C0-F8C6-4CD8-ABB0-EF91AAA0FBA9}" = protocol=6 | dir=in | app=c:\program files\empire interactive\flatout ultimate carnage\fouc.exe |
"{5D7B85F1-6F73-4DD9-8C54-54E4E19E1483}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{64A53E24-BAB2-461E-B797-BDE93B568212}" = protocol=17 | dir=in | app=c:\program files\farming simulator 2013\farmingsimulator2013.exe |
"{66C75899-C559-4FDB-BE0F-7687811FAEAC}" = protocol=17 | dir=in | app=c:\program files\empire interactive\flatout ultimate carnage\fouc.exe |
"{690F5828-FD78-4A78-9EA5-879D18B9B4E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{6B17133E-4E84-4BF1-9455-570C5606A924}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{75AABC00-A1E8-4C63-A84A-F67785C812A3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{779859B5-DDA6-413F-876C-329D70CF65C1}" = dir=in | app=c:\program files\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{79231C73-7AAC-4470-BC72-0B1906250A82}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7B2A3000-197F-477F-A148-4523EC767415}" = protocol=6 | dir=in | app=c:\program files\farming simulator 2013\farmingsimulator2013.exe |
"{7E88D68E-2EFE-46CD-B27C-697AC387D131}" = protocol=6 | dir=in | app=c:\program files\farming simulator 2013\farmingsimulator2013game.exe |
"{824784DA-1D07-452D-A28F-A94ECFF0A0D1}" = dir=in | app=c:\program files\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{83816A4A-A80A-4AF9-A6DC-12858F2B6E4B}" = dir=in | app=c:\program files\cyberlink\powerdvd12\powerdvd12ml.exe |
"{83F83CEC-FA37-4C39-8155-29BC5BAE5BB8}" = dir=in | app=c:\program files\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{88FDFC17-C269-445D-BEC0-88EA328054CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B5B358E-D742-4B77-B007-0CC9BCA66381}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe |
"{9531EF15-043D-47B3-9387-D29E54D78C6D}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{95746132-05BF-4973-9A11-D89E2C7994A9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{966E7778-BDDA-48E0-9DF2-343E555BA2FE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9FA9B7A6-ED8A-450C-A205-79C044DA9C76}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{A488941D-FB85-4FB2-B17F-27C89BB61C22}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{A66CD585-FB52-4762-9D07-C196B9BA4AA2}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{AE3D5E07-FA85-4A0A-847C-02D7D9180EB9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{B628161A-AE0C-42DC-A77C-81C29FF3855D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C19B4703-CAC2-4034-817B-64CDFBC3AD6D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C26A0230-D4E9-46E1-BAED-7DFBB80F6AB1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C47350A2-7602-424D-8C14-44E0CBD2D203}" = protocol=17 | dir=in | app=c:\program files\farming simulator 2013\farmingsimulator2013game.exe |
"{CA859AE0-83A3-4010-8C3D-575C9711046C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CCC204B8-2764-4C38-A827-3874D55E41B4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CDAC4650-2EB8-443B-8E82-6FB4A74F01F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D10E5A2F-0E70-40A1-AC30-9B815DCC7032}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{DA7E42B7-8B02-490B-B768-A7B61AA8F3EC}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{DC61E83D-755D-498F-AF7F-EA34B4FE6C15}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{ED671AF4-9994-42EE-9D68-D163F55E0823}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02A003AD-7DEF-D28F-0E61-18D5F1D53CF5}" = Catalyst Control Center Localization All
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03DDA3C7-8D88-5D41-9BE4-210988CF65C3}" = Catalyst Control Center Graphics Previews Vista
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{095FC6D2-DF7E-40C1-B4AF-FFB3EC472BEB}" = C5300
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0FD40A50-38AB-454F-B41E-AC365E13D06D}" = calibre
"{11A292E3-E60B-1335-C4F8-92F1841725D6}" = CCC Help Greek
"{12CB7D4B-F29B-08D3-B305-3C3163F11E6D}" = CCC Help Finnish
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22A0602D-A83C-14A7-A09B-F3E13044D395}" = CCC Help Turkish
"{22E05721-B122-F1A6-7EB2-3A61CA382464}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{32BA6FBB-C948-F45E-934C-5CC049D16263}" = CCC Help Hungarian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35767883-90A2-B69B-E128-2912DD65CA09}" = CCC Help Dutch
"{386AB6EF-B693-C15B-52F5-88BDC6B8291E}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40138968-506D-15D7-B6DD-059C06EA2682}" = CCC Help Chinese Standard
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4441574D-727E-4DD3-AAFD-4E240EE3B588}" = CyberLink Holiday Pack Vol. 3
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0728.1
"{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F62B1AE-E778-49E2-9C57-C1C65A122098}" = Zoner Callisto 5
"{518A54AE-002F-406F-BB48-620676AB9960}" = Anno 1404
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{567C4A87-9029-4001-ACF1-CFC0717EC1A0}" = PS_AIO_04_C5300_Software_Min
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{66CB0FCD-3BF4-F5C5-77AA-37316109072E}" = CCC Help German
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}" = HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74BB27FA-63B9-DE85-04CB-69D51FF14AD6}" = CCC Help Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{852DBAD9-ECAC-48FD-99D8-775CF9BFD42C}" = Moorfrosch XXL
"{865F8014-4DED-B63D-832A-3FB08FC38479}" = ATI Catalyst Install Manager
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88F66BC2-87E5-53F8-48DD-728501B98181}" = CCC Help Thai
"{8DC72EF6-1EB6-610C-6CAB-709718CD2132}" = CCC Help English
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97D2408A-AC76-4ACA-F047-42180975A250}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D9F86BB-E232-AC3B-8705-146AC303F636}" = CCC Help Polish
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA3F9FB3-20DF-8CAA-919A-F507FCAA9AB9}" = CCC Help Japanese
"{B04880D4-D900-4FE2-8BB3-707122801B0B}_is1" = Bambulky 1.0
"{B0AC53AC-0BE0-4E18-B2FE-0D88040AA56B}" = ESET Smart Security
"{B1F7BB94-BE89-92DF-4736-D94A13E32622}" = CCC Help Swedish
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B76E1251-5ACA-AAB7-518D-17DC63282D23}" = Catalyst Control Center InstallProxy
"{BA592980-D2D8-74B9-D9B0-84FB947F8DC9}" = CCC Help Portuguese
"{BAFCE6EC-1BED-0644-4AE0-0827D3A5BF2D}" = CCC Help Russian
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC9CB03-079E-D721-4210-0CD5AE082A1B}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.364
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE5D7C38-92A7-675C-A49E-1B4F3D945AFE}" = CCC Help French
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2E654A9-FF43-C395-2673-1385B493C574}" = CCC Help Korean
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E600853D-6991-2174-0826-F0DE7E024602}" = CCC Help Spanish
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E735A4C4-F4E0-0BA6-288F-C792BD8969B1}" = CCC Help Norwegian
"{EEA93FD7-132D-2968-9478-D84CAAF3FAD5}" = CCC Help Czech
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ant Movie Catalog_is1" = Ant Movie Catalog
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.5.3
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.2
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CosmoPlayer" = Cosmo Player 2.1.1
"Crysis 2" = Crysis 2
"Cuckoo Clock 3D Screensaver_is1" = Cuckoo Clock 3D Screensaver 1.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defraggler" = Defraggler
"DjVuLibre+DjView" = DjVuLibre+DjView
"Dream Aquarium" = Dream Aquarium 1.234
"DVD Menu Template Package" = DVD Menu Template Package 1.2
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.2 (31/10/2011) Qt
"Easy CD-DA Extractor 16" = Easy CD-DA Extractor 16
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"FarmingSimulator2013INT_is1" = Farming Simulator 2013
"FlatOut Ultimate Carnage" = FlatOut Ultimate Carnage
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.0
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 16.0.2 (x86 cs)" = Mozilla Firefox 16.0.2 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Opera 12.02.1578" = Opera 12.02
"Photo DVD Slideshow Professional" = Photo DVD Slideshow Pro 8.33
"Polární dobrodružství 2" = Polární dobrodružství 2
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"Shop for HP Supplies" = Shop for HP Supplies
"SolSuite_is1" = SolSuite 2010 v10.0
"Totalcmd" = Total Commander (Remove or Repair)
"Trine 2_is1" = Trine 2
"TS Český jazyk 4 (doporučená instalace)" = TS Český jazyk 4 (doporučená instalace)
"TS Diktáty (plná instalace)" = TS Diktáty (plná instalace)
"Uninstall Tool_is1" = Uninstall Tool
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Winstep Xtreme_is1" = Nexus 11.6
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.51
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.4
"ZonerPhotoStudio15_CZ_is1" = Zoner Photo Studio 15

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1286337246-397317185-390026832-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11.4.2012 9:12:31 | Computer Name = rodinaPlachá-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Crysis.exe, verze: 1.1.1.6156, časové razítko:
0x47d6d167 Název chybujícího modulu: d3d10core.dll, verze: 6.1.7600.16385, časové
razítko: 0x4a5bd9a3 Kód výjimky: 0xc0000005 Posun chyby: 0x00025ba1 ID chybujícího
procesu: 0xc40 Čas spuštění chybující aplikace: 0x01cd17df0dae976c Cesta k chybující
aplikaci: C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe Cesta
k chybujícímu modulu: C:\Windows\system32\d3d10core.dll ID zprávy: fe0ca31a-83d7-11e1-8e49-1c6f658aab67

Error - 11.4.2012 9:18:49 | Computer Name = rodinaPlachá-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Crysis.exe, verze: 1.1.1.6156, časové razítko:
0x47d6d167 Název chybujícího modulu: d3d10core.dll, verze: 6.1.7600.16385, časové
razítko: 0x4a5bd9a3 Kód výjimky: 0xc0000005 Posun chyby: 0x00025ba1 ID chybujícího
procesu: 0x538 Čas spuštění chybující aplikace: 0x01cd17e4d9832f7a Cesta k chybující
aplikaci: C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe Cesta
k chybujícímu modulu: C:\Windows\system32\d3d10core.dll ID zprávy: df6e7c9f-83d8-11e1-8e49-1c6f658aab67

Error - 11.4.2012 9:19:01 | Computer Name = rodinaPlachá-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Crysis.exe, verze: 1.1.1.6156, časové razítko:
0x47d6d167 Název chybujícího modulu: atidxx32.dll, verze: 8.17.10.310, časové razítko:
0x4ca29a5d Kód výjimky: 0xc0000005 Posun chyby: 0x00012d69 ID chybujícího procesu:
0x538 Čas spuštění chybující aplikace: 0x01cd17e4d9832f7a Cesta k chybující aplikaci:
C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe Cesta k chybujícímu
modulu: C:\Windows\system32\atidxx32.dll ID zprávy: e6ddfa1e-83d8-11e1-8e49-1c6f658aab67

Error - 11.4.2012 9:24:33 | Computer Name = rodinaPlachá-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Crysis.exe, verze: 1.1.1.6156, časové razítko:
0x47d6d167 Název chybujícího modulu: d3d10core.dll, verze: 6.1.7600.16385, časové
razítko: 0x4a5bd9a3 Kód výjimky: 0xc0000005 Posun chyby: 0x00025ba1 ID chybujícího
procesu: 0x16a0 Čas spuštění chybující aplikace: 0x01cd17e5b4578a5f Cesta k chybující
aplikaci: C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe Cesta
k chybujícímu modulu: C:\Windows\system32\d3d10core.dll ID zprávy: ac68cd38-83d9-11e1-8e49-1c6f658aab67

Error - 11.4.2012 9:31:29 | Computer Name = rodinaPlachá-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Crysis.exe, verze: 1.1.1.6156, časové razítko:
0x47d6d167 Název chybujícího modulu: d3d10core.dll, verze: 6.1.7600.16385, časové
razítko: 0x4a5bd9a3 Kód výjimky: 0xc0000005 Posun chyby: 0x00025ba1 ID chybujícího
procesu: 0x17a4 Čas spuštění chybující aplikace: 0x01cd17e681c97db9 Cesta k chybující
aplikaci: C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe Cesta
k chybujícímu modulu: C:\Windows\system32\d3d10core.dll ID zprávy: a462fa8f-83da-11e1-8e49-1c6f658aab67

Error - 11.4.2012 9:31:42 | Computer Name = rodinaPlachá-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Crysis.exe, verze: 1.1.1.6156, časové razítko:
0x47d6d167 Název chybujícího modulu: atidxx32.dll, verze: 8.17.10.310, časové razítko:
0x4ca29a5d Kód výjimky: 0xc0000005 Posun chyby: 0x00012d69 ID chybujícího procesu:
0x17a4 Čas spuštění chybující aplikace: 0x01cd17e681c97db9 Cesta k chybující aplikaci:
C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe Cesta k chybujícímu
modulu: C:\Windows\system32\atidxx32.dll ID zprávy: ac0ee5b1-83da-11e1-8e49-1c6f658aab67

Error - 11.4.2012 10:29:20 | Computer Name = rodinaPlachá-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Crysis.exe, verze: 1.1.1.6156, časové razítko:
0x47d6d167 Název chybujícího modulu: CrySystem.dll, verze: 1.1.1.6156, časové razítko:
0x47d6d5ce Kód výjimky: 0xc0000005 Posun chyby: 0x0000b69c ID chybujícího procesu:
0xb4c Čas spuštění chybující aplikace: 0x01cd17e8589de5da Cesta k chybující aplikaci:
C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe Cesta k chybujícímu
modulu: C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrySystem.dll ID zprávy:
b9ac0109-83e2-11e1-8e49-1c6f658aab67

Error - 11.4.2012 14:25:16 | Computer Name = rodinaPlachá-PC | Source = VSS | ID = 8194
Description =

Error - 12.4.2012 13:25:01 | Computer Name = rodinaPlachá-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 12.4.2012 13:25:45 | Computer Name = rodinaPlachá-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\cyberlink\powerdirector\muitransfer\MUIStartMenuX64.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

[ Media Center Events ]
Error - 4.6.2011 4:35:07 | Computer Name = rodinaPlachá-PC | Source = MCUpdate | ID = 0
Description = 10:35:04 - Chyba při připojování k Internetu 10:35:04 - Nelze kontaktovat
server..

Error - 4.6.2011 5:35:59 | Computer Name = rodinaPlachá-PC | Source = MCUpdate | ID = 0
Description = 11:35:55 - Chyba při připojování k Internetu 11:35:55 - Nelze kontaktovat
server..

Error - 4.6.2011 6:36:31 | Computer Name = rodinaPlachá-PC | Source = MCUpdate | ID = 0
Description = 12:36:30 - Chyba při připojování k Internetu 12:36:30 - Nelze kontaktovat
server..

Error - 4.6.2011 7:37:13 | Computer Name = rodinaPlachá-PC | Source = MCUpdate | ID = 0
Description = 13:37:13 - Chyba při připojování k Internetu 13:37:13 - Nelze kontaktovat
server..

Error - 23.5.2012 16:13:20 | Computer Name = rodinaPlachá-PC | Source = MCUpdate | ID = 0
Description = 22:13:19 - Načtení položky MCEClientUX se nezdařilo. (Chyba: Nadřízené
připojení bylo uzavřeno: Nepodařilo se nastavit vztah důvěryhodnosti pro zabezpečený
kanál SSL/TLS..)

[ OSession Events ]
Error - 12.2.2011 7:53:57 | Computer Name = rodinaPlachá-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22.3.2012 6:07:46 | Computer Name = rodinaPlachá-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 558
seconds with 540 seconds of active time. This session ended with a crash.

Error - 15.9.2012 13:26:04 | Computer Name = rodinaPlachá-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29.10.2012 7:19:37 | Computer Name = rodinaPlachá-PC | Source = Service Control Manager | ID = 7034
Description = Služba CyberLink PowerDVD 12 Media Server Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.

Error - 29.10.2012 8:16:54 | Computer Name = rodinaPlachá-PC | Source = Service Control Manager | ID = 7034
Description = Služba CyberLink PowerDVD 12 Media Server Service byla neočekávaně
ukončena. Tento stav nastal již 2krát.

Error - 30.10.2012 1:01:20 | Computer Name = rodinaPlachá-PC | Source = Service Control Manager | ID = 7034
Description = Služba CyberLink PowerDVD 12 Media Server Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.

Error - 30.10.2012 6:51:38 | Computer Name = rodinaPlachá-PC | Source = Service Control Manager | ID = 7034
Description = Služba CyberLink PowerDVD 12 Media Server Service byla neočekávaně
ukončena. Tento stav nastal již 2krát.

Error - 31.10.2012 3:28:06 | Computer Name = rodinaPlachá-PC | Source = Service Control Manager | ID = 7034
Description = Služba CyberLink PowerDVD 12 Media Server Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.

Error - 31.10.2012 8:27:42 | Computer Name = rodinaPlachá-PC | Source = BTHUSB | ID = 327697
Description = Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit
a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error - 4.11.2012 18:05:50 | Computer Name = rodinaPlachá-PC | Source = Service Control Manager | ID = 7034
Description = Služba Process Monitor byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 4.11.2012 18:07:24 | Computer Name = rodinaPlachá-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 4.11.2012 18:11:11 | Computer Name = rodinaPlachá-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 4.11.2012 18:15:33 | Computer Name = rodinaPlachá-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (23:13:51, ?4.?11.?2012) bylo neočekávané.

< End of report >

#20 Příspěvek od **vyosek** » 05 lis 2012 09:32

Jen se zeptam, ta verze Ultimate je legalni

kodl74 · #21 Příspěvek od **kodl74** » 05 lis 2012 09:44

Ano, kupováno společně s PC asi před dvěma roky.

Vrátil sem se v bodě obnovení do 2.11. a vypadá to že to zmizlo, jelikož se to ráno po spuštění objevilo znova. Ta nvidia kmplayer.exe nešel z procesů zastavit.
Doufám že to nevadí. Potřebné logy rád dodám a omlouvám se jestli sem tímto krokem nepřidal další luštění logů.

#22 Příspěvek od **vyosek** » 05 lis 2012 09:50

Crack na windows nam tam zustal asi jako zapomenuta vanocni ozdoba ze

A proc jste proboha daval bod obnovy, to jsme se tady s tim nemuseli piplat

kodl74 · #23 Příspěvek od **kodl74** » 05 lis 2012 09:52

Omlouvám se

#24 Příspěvek od **vyosek** » 05 lis 2012 09:55

Ja spis nechapu proc, problem jsme zacali hned resit, uspesne a vy se pak rozhodnete si to obnovit

A co ten crack na W7??

kodl74 · #25 Příspěvek od **kodl74** » 05 lis 2012 10:01

Budu se snažit to řešit, ale opravdu sem o tom nevěděl. Kupoval sem to jako celek přes druhou osobu a doteťka bez problémů.Ten bod pomohl nebo ne ? Mám dat ještě log ? Ješte jednou se omlouvám ale opravdu sem to nevěděl.

#26 Příspěvek od **vyosek** » 05 lis 2012 10:04

v PC je crack n windows, to si poresete s danou osobou. Nelegalni systemy tu nepodporujeme

Ono se to tezko opravuje kdyz si delate co chcete, nase vcerejsi prace je s prominutim v k*deli

To byste jako vzorny navstevnik vedet mohl

Pokud si myslite ze je PC v poradku, tak nemame co resit, nota bene kdyz si ti opravujete jinak nez pisu...

kodl74 · #27 Příspěvek od **kodl74** » 05 lis 2012 10:29

Řešit to budu. Pc nevím jestli je v pořádku jen se to už neobjevuje. Prostě Nod mi ráno nahlásil že to tam je zase tak sem udělal ten bod obnovení, přiznávám chybu.

Dodám log RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by rodina Plachá at 2012-11-05 10:26:37
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 208 GB (69%) free of 300 GB
Total RAM: 3326 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:26:43, on 5.11.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winstep\Nexus.exe
D:\HTC Hodiny 3.0\Clock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\rodina Plachá\Documents\RSIT\RSIT.exe
C:\Program Files\trend micro\rodina Plachá.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [Clock Widget (HTC Home)] "D:\HTC Hodiny 3.0\Clock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)

--
End of file - 7167 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-06-19 453104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-06-19 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-30 98304]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-03-07 3117344]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"=C:\Program Files\GIGABYTE\ET6\ETCall.exe [2007-07-26 20480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nexus"=C:\Program Files\Winstep\Nexus.exe [2011-07-05 13283456]
"Clock Widget (HTC Home)"=D:\HTC Hodiny 3.0\Clock.exe [2011-05-25 1981952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-01-19 3477312]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2012-09-09 421776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^rodina Plachá^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PNotes.lnk]
D:\PNotes1\PNotes.exe [2011-11-12 934912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2012-11-04 23:19:29 ----A---- C:\ComboFix.txt
2012-11-04 23:06:00 ----D---- C:\Qoobox
2012-11-04 23:05:47 ----D---- C:\Windows\erdnt
2012-11-04 10:18:38 ----RSHD---- C:\Windows\system32\nivida
2012-10-27 14:38:13 ----D---- C:\Program Files\Mozilla Firefox
2012-10-26 15:49:22 ----D---- C:\Users\rodina Plachá\AppData\Roaming\SPORE
2012-10-26 13:27:31 ----D---- C:\MediaServer
2012-10-26 13:27:09 ----D---- C:\ProgramData\PDVD
2012-10-26 13:26:54 ----D---- C:\ProgramData\CyberLink
2012-10-26 13:25:27 ----D---- C:\ProgramData\Temp
2012-10-26 13:25:26 ----D---- C:\ProgramData\install_clap
2012-10-10 18:02:34 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Rovio
2012-10-10 08:43:16 ----A---- C:\Windows\system32\wintrust.dll
2012-10-10 08:43:13 ----A---- C:\Windows\system32\tzres.dll
2012-10-10 08:42:59 ----A---- C:\Windows\system32\KernelBase.dll
2012-10-10 08:42:59 ----A---- C:\Windows\system32\kernel32.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 08:42:58 ----A---- C:\Windows\system32\winsrv.dll
2012-10-10 08:42:58 ----A---- C:\Windows\system32\conhost.exe
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 08:42:48 ----A---- C:\Windows\system32\crypt32.dll
2012-10-10 08:42:47 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-10 08:42:47 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-10 08:42:41 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-10-10 08:42:40 ----A---- C:\Windows\system32\kerberos.dll
2012-10-10 08:42:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-10 08:42:34 ----A---- C:\Windows\system32\ntkrnlpa.exe

======List of files/folders modified in the last 1 months======

2012-11-05 10:26:42 ----D---- C:\Program Files\trend micro
2012-11-05 10:26:40 ----D---- C:\Windows\Temp
2012-11-05 09:49:03 ----RD---- C:\Program Files
2012-11-05 09:42:49 ----D---- C:\Windows\system32\config
2012-11-05 09:33:42 ----D---- C:\Windows\System32
2012-11-05 09:33:42 ----D---- C:\Windows\inf
2012-11-05 09:33:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-05 09:29:46 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Skype
2012-11-05 09:29:04 ----D---- C:\Windows\Tasks
2012-11-05 09:29:04 ----D---- C:\Windows\system32\wfp
2012-11-05 09:29:01 ----D---- C:\Windows\system32\wbem
2012-11-05 09:29:01 ----D---- C:\Windows
2012-11-05 09:28:19 ----D---- C:\Windows\system32\URTTEMP
2012-11-05 09:28:19 ----D---- C:\Windows\system32\Tasks
2012-11-05 09:28:19 ----D---- C:\Windows\system32\DriverStore
2012-11-05 09:28:19 ----D---- C:\Windows\system32\drivers\etc
2012-11-05 09:28:19 ----D---- C:\Windows\system32\drivers
2012-11-05 09:28:19 ----D---- C:\Windows\system32\cs-CZ
2012-11-05 09:28:19 ----D---- C:\Windows\system32\CodeIntegrity
2012-11-05 09:28:19 ----D---- C:\Windows\system32\catroot2
2012-11-05 09:28:18 ----D---- C:\Windows\AppCompat
2012-11-05 09:28:18 ----D---- C:\Users\rodina Plachá\AppData\Roaming\uTorrent
2012-11-05 09:28:17 ----SHD---- C:\$Recycle.Bin
2012-11-05 09:28:17 ----D---- C:\Program Files\Opera
2012-11-05 09:28:15 ----D---- C:\Windows\registration
2012-11-05 09:28:03 ----RD---- C:\Users
2012-11-05 09:28:03 ----HD---- C:\ProgramData
2012-11-05 09:25:36 ----SHD---- C:\System Volume Information
2012-11-04 23:21:34 ----D---- C:\torrent
2012-11-04 22:42:29 ----D---- C:\Windows\Prefetch
2012-11-04 22:36:21 ----D---- C:\rsit
2012-11-02 11:17:09 ----HD---- C:\Program Files\InstallShield Installation Information
2012-10-29 21:38:52 ----D---- C:\Virtuální hry
2012-10-28 20:41:52 ----D---- C:\Windows\Logs
2012-10-28 08:21:08 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-10-27 23:03:01 ----D---- C:\Windows\system32\catroot
2012-10-27 23:02:12 ----D---- C:\ProgramData\Sony Ericsson
2012-10-27 23:02:04 ----D---- C:\Program Files\Sony Ericsson
2012-10-26 15:41:34 ----D---- C:\Program Files\Electronic Arts
2012-10-26 14:30:50 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Mp3tag
2012-10-26 14:01:03 ----D---- C:\Záloha registru
2012-10-26 13:55:08 ----SHD---- C:\Windows\Installer
2012-10-26 13:55:08 ----D---- C:\Program Files\CyberLink
2012-10-26 13:55:06 ----D---- C:\Config.Msi
2012-10-26 13:35:19 ----D---- C:\Windows\pss
2012-10-26 13:33:17 ----D---- C:\Users\rodina Plachá\AppData\Roaming\CyberLink
2012-10-26 13:26:00 ----D---- C:\Windows\winsxs
2012-10-23 16:15:07 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Zoner
2012-10-23 16:15:05 ----D---- C:\Program Files\Zoner
2012-10-22 19:57:49 ----D---- C:\Program Files\Common Files\Steam
2012-10-22 19:57:47 ----D---- C:\Program Files\Steam
2012-10-21 19:44:02 ----RSD---- C:\Windows\Fonts
2012-10-11 15:27:36 ----D---- C:\Windows\rescache
2012-10-10 22:25:07 ----D---- C:\ProgramData\Microsoft Help
2012-10-10 22:23:00 ----D---- C:\Windows\debug
2012-10-10 22:22:59 ----A---- C:\Windows\system32\MRT.exe
2012-10-10 20:39:27 ----D---- C:\Program Files\Mp3tag
2012-10-09 14:32:07 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-10-06 10:46:43 ----D---- C:\ProgramData\boost_interprocess

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 50624]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-01-20 428088]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 169080]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 33656]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-12-18 281760]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-03-14 148504]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-12-18 25888]
R2 ntk_PowerDVD12;ntk_PowerDVD12; \??\C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [2012-06-20 121208]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-28 6472192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-28 228352]
R3 AODDriver;AODDriver; \??\C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys [2010-03-12 36864]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-11-05 17488]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 GVTDrv;GVTDrv; \??\C:\Windows\system32\Drivers\GVTDrv.sys [2012-11-05 24944]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-05-01 265496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2009-04-30 13976]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2687512]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ALSysIO;ALSysIO; \??\C:\Users\RODINA~1\AppData\Local\Temp\ALSysIO.sys []
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-28 6472192]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service; C:\Windows\system32\DRIVERS\AVerPola.sys [2011-09-20 523904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2012-08-12 17488]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2012-07-29 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2012-07-29 25200]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 LVHybrid;LVHybrid service; C:\Windows\system32\DRIVERS\LVHybrid.sys [2005-07-25 800000]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-07-09 44032]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-28 176128]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-09-19 90640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-09-19 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-09-19 295440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-03-07 913144]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2010-08-19 247152]
R2 Winstep Xtreme Service;Winstep Xtreme Service; C:\Program Files\Winstep\WsxService []
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 821648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-10-22 529744]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-11 1343400]

-----------------EOF-----------------

#28 Příspěvek od **vyosek** » 05 lis 2012 10:30

Zopakujte znovu ComboFix a pak OTL

kodl74 · #29 Příspěvek od **kodl74** » 05 lis 2012 19:00

ComboFix 12-11-04.01 - rodina Plachá 05.11.2012 18:48:02.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3326.2391 [GMT 1:00]
Spuštěný z: c:\users\rodina Plachß\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\h0zMgUiAj.dat
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\logishrd\LVPrcInj02.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-05 do 2012-11-05 )))))))))))))))))))))))))))))))
.
.
2012-11-05 17:53 . 2012-11-05 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-04 09:18 . 2012-11-04 22:13 -------- d-sh--r- c:\windows\system32\nivida
2012-11-02 11:41 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB22F52-AE35-4393-B6F3-8D0E214EF1B6}\mpengine.dll
2012-10-28 11:07 . 2012-10-28 11:07 -------- d-----w- c:\users\rodina Plachá\AppData\Local\ElevatedDiagnostics
2012-10-26 14:49 . 2012-10-26 14:49 -------- d-----w- c:\users\rodina Plachá\AppData\Roaming\SPORE
2012-10-26 12:33 . 2012-10-26 12:33 -------- d-----w- c:\users\rodina Plachá\AppData\Local\MediaShow
2012-10-26 12:27 . 2012-10-26 12:27 -------- d-----w- C:\MediaServer
2012-10-26 12:27 . 2012-10-26 12:27 -------- d-----w- c:\users\rodina Plachá\AppData\Local\MediaServer
2012-10-26 12:27 . 2012-10-26 12:27 -------- d-----w- c:\programdata\PDVD
2012-10-26 12:26 . 2012-11-05 08:28 -------- d-----w- c:\programdata\CyberLink
2012-10-26 12:25 . 2012-10-26 12:25 -------- d-----w- c:\programdata\install_clap
2012-10-10 17:02 . 2012-10-10 17:02 -------- d-----w- c:\users\rodina Plachá\AppData\Roaming\Rovio
2012-10-10 07:43 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 07:43 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-05 08:29 . 2011-02-10 15:55 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-11-05 08:29 . 2011-02-10 15:54 17488 ----a-w- c:\windows\gdrv.sys
2012-10-09 13:32 . 2012-04-12 08:25 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 13:32 . 2011-05-22 09:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-25 18:44 . 2011-03-13 13:32 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-07 15:04 . 2011-02-16 08:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 06:59 . 2012-09-22 22:38 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 22:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 22:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 22:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 22:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 22:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 10:41 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 10:41 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 10:41 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 10:41 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 07:49 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 11:01 . 2012-09-17 18:40 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2012-03-18 08:54 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-12 18:00 . 2011-02-11 14:04 17488 ----a-w- c:\windows\etdrv.sys
2012-10-27 13:38 . 2012-10-27 13:38 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nexus"="c:\program files\Winstep\Nexus.exe" [2011-07-05 13283456]
"Clock Widget (HTC Home)"="d:\htc hodiny 3.0\Clock.exe" [2011-05-25 1981952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^rodina Plachá^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PNotes.lnk]
path=c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PNotes.lnk
backup=c:\windows\pss\PNotes.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R3 ALSysIO;ALSysIO;c:\users\RODINA~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 LVHybrid;LVHybrid service;c:\windows\system32\DRIVERS\LVHybrid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/10/26 14:32];c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [x]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.240.178.250 192.168.0.1
FF - ProfilePath - c:\users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1286337246-397317185-390026832-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{21BB7A1C-8533-92DB-3761-4772D00C2C79}*]
"jaiohbaimlpcamdbgnaj"=hex:62,61,6f,68,00,00
"iaipelbodgkhldcimm"=hex:6b,61,64,69,6f,6e,70,6b,67,63,6f,6d,69,6e,6a,6f,68,68,
6b,6a,62,63,00,03
"hamnlbhcoonlgahe"=hex:6b,61,66,70,6d,6a,66,65,6d,63,62,70,67,62,6e,62,6e,6e,
66,69,67,6b,00,04
"jannkchcplbgjjfobfdi"=hex:6f,61,70,6e,68,6e,6d,6f,6e,6e,68,70,6b,68,63,6b,69,
68,66,70,6b,69,6e,6e,68,6a,6b,66,6b,64,00,00
"jaiohbaimlpcamdbgnmi"=hex:62,61,6d,68,00,00
"hagpkkjnmhcjaafl"=hex:6b,61,64,69,6f,6e,70,6b,6d,62,6a,6c,65,6f,6a,6f,66,61,
63,69,64,6f,00,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Winstep\WsxService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2012-11-05 18:59:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-05 17:59
ComboFix2.txt 2012-11-04 22:19
.
Před spuštěním: Volných bajtů: 217 746 522 112
Po spuštění: Volných bajtů: 217 358 856 192
.
- - End Of File - - 71FAA33AA1A29294AAABC09C4223795E

kodl74 · #30 Příspěvek od **kodl74** » 05 lis 2012 19:30

OTL logfile created on: 5.11.2012 19:03:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rodina Plachá\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,25 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 58,48% Memory free
6,49 Gb Paging File | 5,09 Gb Available in Paging File | 78,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,97 Gb Total Space | 202,51 Gb Free Space | 69,12% Space Free | Partition Type: NTFS
Drive D: | 303,19 Gb Total Space | 77,18 Gb Free Space | 25,45% Space Free | Partition Type: NTFS
Drive F: | 0,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: RODINAPLACHÁ-PC | User Name: rodina Plachá | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.11.05 19:02:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rodina Plachá\Desktop\OTL.exe
PRC - [2012.09.19 08:45:35 | 000,295,440 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012.09.19 08:45:30 | 000,078,352 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012.09.19 08:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012.03.07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012.03.07 14:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011.07.05 22:32:12 | 013,283,456 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\Nexus.exe
PRC - [2011.05.25 12:29:32 | 001,981,952 | ---- | M] () -- D:\HTC Hodiny 3.0\Clock.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\WsxService.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.28 21:51:26 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.09.28 21:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.14 09:09:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 09:08:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 09:08:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.13 20:31:26 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.13 20:29:09 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012.06.13 20:28:58 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012.06.13 20:28:50 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012.06.13 20:28:48 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.05.11 08:26:44 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
MOD - [2012.05.11 08:25:17 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012.05.11 08:25:15 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012.05.10 17:04:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 17:03:30 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 17:03:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 17:03:23 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 17:03:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.10 15:44:00 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012.05.10 15:41:38 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012.05.10 15:41:33 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.05.10 15:41:32 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.05.10 15:41:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.10 15:41:26 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.10 15:41:21 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011.05.25 12:29:32 | 001,981,952 | ---- | M] () -- D:\HTC Hodiny 3.0\Clock.exe
MOD - [2010.11.13 03:37:08 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 02:54:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.30 22:36:20 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.04.12 16:59:06 | 000,430,080 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

========== Services (SafeList) ==========

SRV - [2012.10.27 14:38:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.22 19:57:31 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.09 14:32:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.19 08:45:35 | 000,295,440 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012.09.19 08:45:30 | 000,078,352 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012.09.19 08:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012.03.07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.02.11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2011.02.11 14:51:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.09.28 21:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\RODINA~1\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\RODINA~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ap0p0wj1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\RODINA~1\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012.11.05 09:29:26 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.09.19 15:12:50 | 000,089,616 | ---- | M] (CyberLink Corp.) [2012/10/26 14:32:28] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({73526619-C24F-470B-9BED-53D455FBB5C6})
DRV - [2012.08.12 19:00:35 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2012.07.29 07:20:25 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.07.29 07:20:25 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.06.20 10:35:49 | 000,121,208 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys -- (ntk_PowerDVD12)
DRV - [2012.03.14 07:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012.03.14 07:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012.03.14 07:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012.03.14 07:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012.03.14 07:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2012.01.20 14:07:17 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.12.18 19:02:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.12.18 19:02:42 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.09.20 06:00:44 | 000,523,904 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerPola.sys -- (AVerPola)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.28 22:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.09.28 22:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.28 21:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009.10.26 22:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.05.01 00:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.04.30 23:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009.04.30 23:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.07.26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.07.25 23:04:04 | 000,800,000 | ---- | M] (Animation Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVHybrid.sys -- (LVHybrid)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\rodina Plachá\Desktop
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1286337246-397317185-390026832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8
FF - prefs.js..extensions.enabledAddons: notreal.ccoptions@environmentalchemistry.com:10.0.2
FF - prefs.js..extensions.enabledAddons: {2b6788a0-0ccd-11e1-be50-0800200c9a66}:2.3.3
FF - prefs.js..extensions.enabledItems: ALone-live@ya.ru:1.3.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 14:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 14:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.05.17 10:36:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 14:38:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 14:38:14 | 000,000,000 | ---D | M]

[2012.02.05 17:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Extensions
[2012.10.13 15:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions
[2012.07.10 16:49:38 | 000,000,000 | ---D | M] (8 Ultimo) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66}
[2012.08.04 20:17:55 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions\ALone-live@ya.ru
[2012.09.05 17:18:26 | 000,159,657 | ---- | M] () (No name found) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
[2012.07.25 17:34:37 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.05 17:08:20 | 001,073,809 | ---- | M] () (No name found) -- C:\Users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi
[2012.10.27 14:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\RODINA PLACHĂˇ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9TQJKM2.DEFAULT\EXTENSIONS\ALONE-LIVE@YA.RU
File not found (No name found) -- C:\USERS\RODINA PLACHĂˇ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9TQJKM2.DEFAULT\EXTENSIONS\NOTREAL.CCOPTIONS@ENVIRONMENTALCHEMISTRY.COM.XPI
[2012.10.27 14:38:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.25 11:49:42 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.04.25 11:49:42 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.12.13 01:09:23 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2012.04.25 11:49:42 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.04.25 11:49:42 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.04.25 11:49:42 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2012.11.05 18:55:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1286337246-397317185-390026832-1000..\Run: [Clock Widget (HTC Home)] D:\HTC Hodiny 3.0\Clock.exe ()
O4 - HKU\S-1-5-21-1286337246-397317185-390026832-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1286337246-397317185-390026832-1000..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe (Winstep Software Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1286337246-397317185-390026832-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1286337246-397317185-390026832-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.240.178.250 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BDEE68E-FC70-4DAC-B5AE-D8186D72C983}: DhcpNameServer = 62.240.178.250 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.08.10 20:03:37 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.11.05 18:55:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.11.05 18:47:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.05 18:47:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.05 18:47:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.05 18:47:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.05 10:44:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rodina Plachá\Desktop\OTL.exe
[2012.11.05 10:37:56 | 004,996,943 | R--- | C] (Swearware) -- C:\Users\rodina Plachá\Desktop\ComboFix.exe
[2012.11.05 09:45:33 | 000,000,000 | ---D | C] -- C:\Users\rodina Plachá\Desktop\Logy
[2012.11.04 23:06:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.04 23:05:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.04 10:18:38 | 000,000,000 | RHSD | C] -- C:\Windows\System32\nivida
[2012.10.31 13:37:46 | 000,000,000 | ---D | C] -- C:\Users\rodina Plachá\Desktop\Tungové války
[2011.04.24 09:28:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\rodina Plachá\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.11.05 19:05:20 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.11.05 19:03:12 | 000,014,224 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.05 19:03:12 | 000,014,224 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.05 19:02:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rodina Plachá\Desktop\OTL.exe
[2012.11.05 18:59:43 | 000,639,970 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.11.05 18:59:43 | 000,624,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.05 18:59:43 | 000,126,882 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.11.05 18:59:43 | 000,110,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.05 18:55:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.05 18:54:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.05 18:54:43 | 2615,320,576 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.05 18:40:57 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.05 10:38:11 | 004,996,943 | R--- | M] (Swearware) -- C:\Users\rodina Plachá\Desktop\ComboFix.exe
[2012.11.05 09:29:42 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2012.11.05 09:29:26 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

VIRY.CZ

Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják