zamrzá PC při změně wifi sítě

[had12]

ty dva skripty mám kvůli tomu, že máme zakázané používat internet po půl devátý večer (síť by mě odpojila až ve 21:00). A protože občas zapomenu notebook zapnutý a wifi se automaticky chce připojovat k internetu, tak mi naplánovaná úloha spustí skript, co zakáže rozhranní wifi. Ty problémy se seknutím se existovaly ale i v dobách, kdy jsem nepoužíval ještě tuhle "šílenost".

nakonec jsem se rozhodl dát na Vaše doporučení. Program jsem obnovil, vyexportoval z něj historii, o kterou mi především šlo a program jsem odinstaloval.

pokud jsem Vás moc nenaštval (což bych nerad) a chcete mi i nadále pomáhat, co můžu udělat dál?

[Márty84]

Ja nejsem nastvany
Akorat moc nechapu toto

že máme zakázané používat internet po půl devátý večer (síť by mě odpojila až ve 21:00)

Kdo to zakazuje a proc?

Vypnete trvale Windows Defender


Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[had12]

rektor - jsem totiž v semináři a rektor nám tu nastavil určitá pravidla a tohle je jedno z nich. Večer se vypíná internet, počítače, mobily, aby měl člověk čas a dispozici k odpočinku, modlitbě a četbě... a není to úplně špatný občas vyzkoušet, docela dobře to "restartuje člověka"

Defender vypnutý.

CF:

ComboFix 14-01-08.03 - Honza 12.01.2014 17:49:39.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4007.1663 [GMT 1:00]
Spuštěný z: d:\plocha\ComboFix.exe
Použité ovládací přepínače :: d:\plocha\CFScript.txt
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-12 do 2014-01-12 )))))))))))))))))))))))))))))))
.
.
2014-01-12 17:04 . 2014-01-12 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-12 12:47 . 2014-01-12 12:47 -------- d-----w- c:\users\Honza\AppData\Roaming\dvdcss
2014-01-08 13:24 . 2014-01-08 13:24 -------- d-----w- c:\users\Honza\AppData\Roaming\Intel
2014-01-08 13:24 . 2014-01-08 13:24 -------- d-----w- c:\users\Public\Roaming
2014-01-08 13:24 . 2014-01-08 13:24 -------- d-----w- c:\users\Honza\Roaming
2014-01-08 13:24 . 2014-01-08 13:24 -------- d-----w- c:\users\Default\Roaming
2014-01-08 13:23 . 2014-01-08 13:23 -------- d-----w- c:\programdata\Intel
2014-01-08 13:23 . 2014-01-08 13:23 -------- d-----w- c:\program files (x86)\Cisco
2014-01-08 13:23 . 2014-01-08 13:23 -------- d-----w- c:\program files\Intel
2014-01-08 13:23 . 2014-01-08 15:59 -------- d-----w- c:\programdata\Package Cache
2014-01-08 07:06 . 2014-01-08 07:06 -------- d-----w- c:\users\Honza\AppData\Local\Macromedia
2014-01-08 07:06 . 2014-01-08 07:06 -------- d-----w- c:\programdata\McAfee
2014-01-08 07:05 . 2014-01-08 07:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-08 07:05 . 2014-01-08 07:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-08 07:05 . 2014-01-08 07:05 -------- d-----w- c:\windows\SysWow64\Macromed
2014-01-08 07:05 . 2014-01-08 07:05 -------- d-----w- c:\windows\system32\Macromed
2014-01-05 12:49 . 2014-01-05 12:49 -------- d-----w- c:\users\Honza\AppData\Local\ESET
2014-01-05 12:29 . 2014-01-05 12:47 -------- d-----w- c:\program files\ESET
2013-12-30 21:37 . 2013-12-30 21:37 -------- d-----w- c:\users\Honza\AppData\Roaming\Mobile Atlas Creator
2013-12-29 22:00 . 2013-12-29 22:01 -------- d-----w- c:\program files (x86)\NirSoft
2013-12-29 10:08 . 2013-11-29 19:42 1806960 ----a-w- c:\windows\ampa.exe
2013-12-29 10:08 . 2013-11-29 09:31 17008 ----a-w- c:\windows\SysWow64\ampa.sys
2013-12-29 10:08 . 2013-11-29 09:31 17008 ----a-w- c:\windows\system32\ampa.sys
2013-12-28 22:07 . 2013-12-28 22:07 -------- d-----w- c:\users\Honza\AppData\Roaming\hpqLog
2013-12-28 21:50 . 2011-11-23 22:02 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-12-28 21:50 . 2011-11-23 22:02 648808 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-12-28 21:49 . 2011-09-22 09:49 13900 ----a-w- c:\windows\system32\RTNICVer.dll
2013-12-28 21:12 . 2013-12-28 21:12 -------- d-----w- c:\program files (x86)\Astroburn Lite
2013-12-28 21:12 . 2013-12-28 21:12 -------- d-----w- c:\programdata\Astroburn Lite
2013-12-28 21:12 . 2013-12-28 21:12 -------- d-----w- c:\users\Honza\AppData\Roaming\Astroburn Lite
2013-12-28 20:46 . 2013-12-29 13:05 -------- d-----w- c:\program files (x86)\EaseUS Partition Master 9.3.0
2013-12-28 17:00 . 2013-12-28 17:00 119808 ----a-r- c:\users\Honza\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-12-28 17:00 . 2013-12-28 17:00 -------- d-----w- c:\users\Honza\AppData\Local\Apps
2013-12-22 11:05 . 2013-12-22 11:05 -------- d-----w- c:\users\Honza\AppData\Roaming\Mikrotik
2013-12-18 12:07 . 2013-12-18 12:08 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-12-18 12:07 . 2013-12-18 12:07 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-12-17 09:56 . 2013-12-17 10:02 -------- d-----w- c:\program files\WhoCrashed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-12 08:56 . 2013-12-12 08:54 707354 ----a-w- c:\windows\unins000.exe
2013-11-28 10:01 . 2013-11-28 09:46 264 ----a-w- C:\wifi-on.cmd
2013-11-28 10:01 . 2013-11-28 09:46 263 ----a-w- C:\wifi-off.cmd
2013-11-08 16:46 . 2013-11-08 16:46 32896 ----a-w- c:\windows\SysWow64\drivers\kardelia.sys
2013-11-04 16:26 . 2013-11-04 16:26 165232 ---ha-w- c:\users\Honza\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2013-10-16 15:08 . 2013-10-16 15:08 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
.
c:\users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ApacheMonitor.exe – zástupce.lnk - c:\server\apache\bin\ApacheMonitor.exe [2013-9-15 35328]
mousemeter.cmd [2013-11-2 121]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-4-27 1218336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ampa;ampa;c:\windows\system32\ampa.sys;c:\windows\SYSNATIVE\ampa.sys [x]
R3 kardelia;Rootkit Unhooker Driver; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 Apache2.4;Apache2.4;c:\server\apache\bin\httpd.exe;c:\server\apache\bin\httpd.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NETwNv64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwNv64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwNv64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 06:59 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 13:42]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ceef5d72b20ab0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 13:42]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000Core.job
- c:\users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-04 18:40]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000UA1ceeb987bf4d477.job
- c:\users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-04 18:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-13 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-13 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-13 416024]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.23
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\xta9rqud.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\server\mysql\bin\mysqld\" --defaults-file=\"c:\server\mysql\my.ini\" MySQL"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\SAsrv.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\users\Honza\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2014-01-12 19:45:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-01-12 18:45
ComboFix2.txt 2014-01-12 14:27
.
Před spuštěním: Volných bajtů: 28 711 788 544
Po spuštění: Volných bajtů: 28 638 502 912
.
- - End Of File - - E3D83AFCB8BA08971DAD3FA332A03BCC
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

No, Defender vypnuty, ale ESET byl predtim i ted zapnuty, i kdyz se v navodu jasne pise, ze se ma antivir vypnout. Ta cervena barva je asi spatne videt


Dejte novy log z RSIT

[had12]

máte pravdu, omlouvám se. Zapomněl jsem ho vypnout před spuštěním CF, když pak zapípal CF, tak už jsem nikde možnost k vypnutí neměl. Je to velký problém?

nový RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Honza at 2014-01-13 14:22:35
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 27 GB (45%) free of 60 GB
Total RAM: 4007 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:22:37, on 13.1.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\server\apache\bin\ApacheMonitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Honza\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Honza.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - Startup: ApacheMonitor.exe – zástupce.lnk = C:\server\apache\bin\ApacheMonitor.exe
O4 - Startup: mousemeter.cmd
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2.4 - Apache Software Foundation - C:\server\apache\bin\httpd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\server\mysql\bin\mysqld (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9895 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-539d8e01-90e6-44a1-9992-8ba84c75073a -SystemEventPortName:HostProcess-155b40a2-31d7-49bc-b62b-3adc61413b3c -IoCancelEventPortName:HostProcess-81fda253-2bcb-4420-98bc-b7e59917ff43 -NonStateChangingEventPortName:HostProcess-022be1c9-56b5-47bf-b895-9d4d2e7177af -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d4096da4-f161-46de-a37e-98274a03b293
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service
"C:\server\apache\bin\httpd.exe" -k runservice
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
C:\Windows\system32\CxAudMsg64.exe
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\server\mysql\bin\mysqld" --defaults-file="C:\server\mysql\my.ini" MySQL
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe"
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe"
C:\server\apache\bin\httpd.exe -d C:/server/apache
C:\Windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\Windows\Explorer.EXE
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe"
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskeng.exe {41DC5BE7-FB90-4127-BA68-EA81937D290C}
"C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\\SRORest.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\server\apache\bin\ApacheMonitor.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2748.0.1079625866\290410065" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2361 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2748.2.1060678\1945390828" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2748.3.420802232\595429126" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2748.4.1486678567\1391070571" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2748.5.938023024\1134328462" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2748.6.1630770285\425605862" /prefetch:673131151
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\ThinkPad\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Honza\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" --lang=cs --channel="2748.9.1390996808\1331988173" /prefetch:-390060480
"C:\Users\Honza\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2748.12.1524834174\297741318" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2748.15.1988269575\660055147" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --disable-accelerated-video-decode --channel="2748.27.1026430098\1081943135" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2748.28.223567329\202625252" --ppapi-flash-args --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\totalcmd\TOTALCMD64.EXE"
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "D:\Filmy\Vraždy-v-Midsomeru-46---Hon-na-lišku.avi"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2748.42.1725026296\1264436169" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2748.43.1683169930\736969800" /prefetch:673131151
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"D:\Plocha\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1ceef5d72b20ab0.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000UA1ceeb987bf4d477.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-02-11 4220304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-04-26 310912]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-05-05 2785064]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-04-13 168216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-04-13 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-04-13 416024]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5618456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ApacheMonitor.exe – zástupce.lnk - C:\server\apache\bin\ApacheMonitor.exe
mousemeter.cmd

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-04-10 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-02-11 4220304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - C:\Windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2014-01-12 19:48:08 ----SHD---- C:\$RECYCLE.BIN
2014-01-12 19:46:24 ----A---- C:\ComboFix.txt
2014-01-12 14:42:58 ----A---- C:\Windows\zip.exe
2014-01-12 14:42:58 ----A---- C:\Windows\SWSC.exe
2014-01-12 14:42:58 ----A---- C:\Windows\SWREG.exe
2014-01-12 14:42:58 ----A---- C:\Windows\sed.exe
2014-01-12 14:42:58 ----A---- C:\Windows\PEV.exe
2014-01-12 14:42:58 ----A---- C:\Windows\NIRCMD.exe
2014-01-12 14:42:58 ----A---- C:\Windows\MBR.exe
2014-01-12 14:42:58 ----A---- C:\Windows\grep.exe
2014-01-12 14:42:41 ----D---- C:\Qoobox
2014-01-12 14:42:29 ----D---- C:\Windows\erdnt
2014-01-12 13:47:01 ----D---- C:\Users\Honza\AppData\Roaming\dvdcss
2014-01-12 11:28:58 ----A---- C:\Windows\system32\drivers\WUDFRd.sys.bak
2014-01-12 11:28:58 ----A---- C:\Windows\system32\drivers\WUDFPf.sys.bak
2014-01-12 11:28:58 ----A---- C:\Windows\system32\drivers\ws2ifsl.sys.bak
2014-01-12 11:28:57 ----A---- C:\Windows\system32\drivers\wmilib.sys.bak
2014-01-12 11:28:57 ----A---- C:\Windows\system32\drivers\wmiacpi.sys.bak
2014-01-12 11:28:57 ----A---- C:\Windows\system32\drivers\winusb.sys.bak
2014-01-12 11:28:57 ----A---- C:\Windows\system32\drivers\wimmount.sys.bak
2014-01-12 11:28:57 ----A---- C:\Windows\system32\drivers\wfplwf.sys.bak
2014-01-12 11:28:57 ----A---- C:\Windows\system32\drivers\WdfLdr.sys.bak
2014-01-12 11:28:57 ----A---- C:\Windows\system32\drivers\Wdf01000.sys.bak
2014-01-12 11:28:57 ----A---- C:\Windows\system32\drivers\wd.sys.bak
2014-01-12 11:28:57 ----A---- C:\Windows\system32\drivers\watchdog.sys.bak
2014-01-12 11:28:56 ----A---- C:\Windows\system32\drivers\wanarp.sys.bak
2014-01-12 11:28:56 ----A---- C:\Windows\system32\drivers\wacompen.sys.bak
2014-01-12 11:28:56 ----A---- C:\Windows\system32\drivers\vwifimp.sys.bak
2014-01-12 11:28:56 ----A---- C:\Windows\system32\drivers\vwififlt.sys.bak
2014-01-12 11:28:56 ----A---- C:\Windows\system32\drivers\vwifibus.sys.bak
2014-01-12 11:28:56 ----A---- C:\Windows\system32\drivers\vsmraid.sys.bak
2014-01-12 11:28:55 ----A---- C:\Windows\system32\drivers\volsnap.sys.bak
2014-01-12 11:28:55 ----A---- C:\Windows\system32\drivers\volmgrx.sys.bak
2014-01-12 11:28:55 ----A---- C:\Windows\system32\drivers\volmgr.sys.bak
2014-01-12 11:28:55 ----A---- C:\Windows\system32\drivers\vmx86.sys.bak
2014-01-12 11:28:55 ----A---- C:\Windows\system32\drivers\vmnetuserif.sys.bak
2014-01-12 11:28:54 ----A---- C:\Windows\system32\drivers\vmnetbridge.sys.bak
2014-01-12 11:28:54 ----A---- C:\Windows\system32\drivers\vmnetadapter.sys.bak
2014-01-12 11:28:54 ----A---- C:\Windows\system32\drivers\vmnet.sys.bak
2014-01-12 11:28:54 ----A---- C:\Windows\system32\drivers\VMkbd.sys.bak
2014-01-12 11:28:54 ----A---- C:\Windows\system32\drivers\vmci.sys.bak
2014-01-12 11:28:54 ----A---- C:\Windows\system32\drivers\videoprt.sys.bak
2014-01-12 11:28:54 ----A---- C:\Windows\system32\drivers\viaide.sys.bak
2014-01-12 11:28:54 ----A---- C:\Windows\system32\drivers\vhdmp.sys.bak
2014-01-12 11:28:53 ----A---- C:\Windows\system32\drivers\vgapnp.sys.bak
2014-01-12 11:28:53 ----A---- C:\Windows\system32\drivers\vga.sys.bak
2014-01-12 11:28:53 ----A---- C:\Windows\system32\drivers\vdrvroot.sys.bak
2014-01-12 11:28:53 ----A---- C:\Windows\system32\drivers\usbvideo.sys.bak
2014-01-12 11:28:53 ----A---- C:\Windows\system32\drivers\usbuhci.sys.bak
2014-01-12 11:28:53 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS.bak
2014-01-12 11:28:53 ----A---- C:\Windows\system32\drivers\usbrpm.sys.bak
2014-01-12 11:28:52 ----A---- C:\Windows\system32\drivers\usbprint.sys.bak
2014-01-12 11:28:52 ----A---- C:\Windows\system32\drivers\usbport.sys.bak
2014-01-12 11:28:52 ----A---- C:\Windows\system32\drivers\usbohci.sys.bak
2014-01-12 11:28:52 ----A---- C:\Windows\system32\drivers\usbhub.sys.bak
2014-01-12 11:28:52 ----A---- C:\Windows\system32\drivers\usbehci.sys.bak
2014-01-12 11:28:51 ----A---- C:\Windows\system32\drivers\usbd.sys.bak
2014-01-12 11:28:51 ----A---- C:\Windows\system32\drivers\usbcir.sys.bak
2014-01-12 11:28:51 ----A---- C:\Windows\system32\drivers\usbccgp.sys.bak
2014-01-12 11:28:51 ----A---- C:\Windows\system32\drivers\USBCAMD2.sys.bak
2014-01-12 11:28:51 ----A---- C:\Windows\system32\drivers\usb8023.sys.bak
2014-01-12 11:28:51 ----A---- C:\Windows\system32\drivers\umpass.sys.bak
2014-01-12 11:28:51 ----A---- C:\Windows\system32\drivers\umbus.sys.bak
2014-01-12 11:28:50 ----A---- C:\Windows\system32\drivers\ULIAGPKX.SYS.bak
2014-01-12 11:28:50 ----A---- C:\Windows\system32\drivers\udfs.sys.bak
2014-01-12 11:28:50 ----A---- C:\Windows\system32\drivers\UAGP35.SYS.bak
2014-01-12 11:28:50 ----A---- C:\Windows\system32\drivers\tunnel.sys.bak
2014-01-12 11:28:50 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys.bak
2014-01-12 11:28:50 ----A---- C:\Windows\system32\drivers\tssecsrv.sys.bak
2014-01-12 11:28:50 ----A---- C:\Windows\system32\drivers\termdd.sys.bak
2014-01-12 11:28:50 ----A---- C:\Windows\system32\drivers\tdx.sys.bak
2014-01-12 11:28:49 ----A---- C:\Windows\system32\drivers\tdtcp.sys.bak
2014-01-12 11:28:49 ----A---- C:\Windows\system32\drivers\tdpipe.sys.bak
2014-01-12 11:28:49 ----A---- C:\Windows\system32\drivers\tdi.sys.bak
2014-01-12 11:28:49 ----A---- C:\Windows\system32\drivers\tcpipreg.sys.bak
2014-01-12 11:28:49 ----A---- C:\Windows\system32\drivers\tcpip.sys.bak
2014-01-12 11:28:49 ----A---- C:\Windows\system32\drivers\tape.sys.bak
2014-01-12 11:28:48 ----A---- C:\Windows\system32\drivers\SynTP.sys.bak
2014-01-12 11:28:48 ----A---- C:\Windows\system32\drivers\swenum.sys.bak
2014-01-12 11:28:48 ----A---- C:\Windows\system32\drivers\stream.sys.bak
2014-01-12 11:28:48 ----A---- C:\Windows\system32\drivers\storport.sys.bak
2014-01-12 11:28:48 ----A---- C:\Windows\system32\drivers\stexstor.sys.bak
2014-01-12 11:28:48 ----A---- C:\Windows\system32\drivers\srvnet.sys.bak
2014-01-12 11:28:48 ----A---- C:\Windows\system32\drivers\srv2.sys.bak
2014-01-12 11:28:47 ----A---- C:\Windows\system32\drivers\srv.sys.bak
2014-01-12 11:28:47 ----A---- C:\Windows\system32\drivers\spsys.sys.bak
2014-01-12 11:28:47 ----A---- C:\Windows\system32\drivers\spldr.sys.bak
2014-01-12 11:28:47 ----A---- C:\Windows\system32\drivers\smiifx64.sys.bak
2014-01-12 11:28:47 ----A---- C:\Windows\system32\drivers\smclib.sys.bak
2014-01-12 11:28:47 ----A---- C:\Windows\system32\drivers\smb.sys.bak
2014-01-12 11:28:47 ----A---- C:\Windows\system32\drivers\sisraid4.sys.bak
2014-01-12 11:28:47 ----A---- C:\Windows\system32\drivers\sisraid2.sys.bak
2014-01-12 11:28:46 ----A---- C:\Windows\system32\drivers\sfloppy.sys.bak
2014-01-12 11:28:46 ----A---- C:\Windows\system32\drivers\sffp_sd.sys.bak
2014-01-12 11:28:46 ----A---- C:\Windows\system32\drivers\sffp_mmc.sys.bak
2014-01-12 11:28:46 ----A---- C:\Windows\system32\drivers\sffdisk.sys.bak
2014-01-12 11:28:46 ----A---- C:\Windows\system32\drivers\sermouse.sys.bak
2014-01-12 11:28:46 ----A---- C:\Windows\system32\drivers\serial.sys.bak
2014-01-12 11:28:46 ----A---- C:\Windows\system32\drivers\serenum.sys.bak
2014-01-12 11:28:46 ----A---- C:\Windows\system32\drivers\secdrv.sys.bak
2014-01-12 11:28:45 ----A---- C:\Windows\system32\drivers\scsiport.sys.bak
2014-01-12 11:28:45 ----A---- C:\Windows\system32\drivers\scfilter.sys.bak
2014-01-12 11:28:45 ----A---- C:\Windows\system32\drivers\sbp2port.sys.bak
2014-01-12 11:28:45 ----A---- C:\Windows\system32\drivers\Rt64win7.sys.bak
2014-01-12 11:28:45 ----A---- C:\Windows\system32\drivers\rspndr.sys.bak
2014-01-12 11:28:45 ----A---- C:\Windows\system32\drivers\rootmdm.sys.bak
2014-01-12 11:28:45 ----A---- C:\Windows\system32\drivers\RNDISMP.sys.bak
2014-01-12 11:28:45 ----A---- C:\Windows\system32\drivers\rmcast.sys.bak
2014-01-12 11:28:44 ----A---- C:\Windows\system32\drivers\rfcomm.sys.bak
2014-01-12 11:28:44 ----A---- C:\Windows\system32\drivers\rdyboost.sys.bak
2014-01-12 11:28:44 ----A---- C:\Windows\system32\drivers\rdpwd.sys.bak
2014-01-12 11:28:44 ----A---- C:\Windows\system32\drivers\RDPREFMP.sys.bak
2014-01-12 11:28:44 ----A---- C:\Windows\system32\drivers\RDPENCDD.sys.bak
2014-01-12 11:28:44 ----A---- C:\Windows\system32\drivers\RDPCDD.sys.bak
2014-01-12 11:28:44 ----A---- C:\Windows\system32\drivers\rdpbus.sys.bak
2014-01-12 11:28:43 ----A---- C:\Windows\system32\drivers\rdbss.sys.bak
2014-01-12 11:28:43 ----A---- C:\Windows\system32\drivers\rassstp.sys.bak
2014-01-12 11:28:43 ----A---- C:\Windows\system32\drivers\raspptp.sys.bak
2014-01-12 11:28:43 ----A---- C:\Windows\system32\drivers\raspppoe.sys.bak
2014-01-12 11:28:43 ----A---- C:\Windows\system32\drivers\rasl2tp.sys.bak
2014-01-12 11:28:43 ----A---- C:\Windows\system32\drivers\rasacd.sys.bak
2014-01-12 11:28:43 ----A---- C:\Windows\system32\drivers\qwavedrv.sys.bak
2014-01-12 11:28:43 ----A---- C:\Windows\system32\drivers\ql40xx.sys.bak
2014-01-12 11:28:42 ----A---- C:\Windows\system32\drivers\ql2300.sys.bak
2014-01-12 11:28:42 ----A---- C:\Windows\system32\drivers\processr.sys.bak
2014-01-12 11:28:42 ----A---- C:\Windows\system32\drivers\portcls.sys.bak
2014-01-12 11:28:42 ----A---- C:\Windows\system32\drivers\PEAuth.sys.bak
2014-01-12 11:28:42 ----A---- C:\Windows\system32\drivers\pcw.sys.bak
2014-01-12 11:28:41 ----A---- C:\Windows\system32\drivers\pcmcia.sys.bak
2014-01-12 11:28:41 ----A---- C:\Windows\system32\drivers\pciidex.sys.bak
2014-01-12 11:28:41 ----A---- C:\Windows\system32\drivers\pciide.sys.bak
2014-01-12 11:28:41 ----A---- C:\Windows\system32\drivers\pci.sys.bak
2014-01-12 11:28:40 ----A---- C:\Windows\system32\drivers\partmgr.sys.bak
2014-01-12 11:28:40 ----A---- C:\Windows\system32\drivers\parport.sys.bak
2014-01-12 11:28:40 ----A---- C:\Windows\system32\drivers\pacer.sys.bak
2014-01-12 11:28:40 ----A---- C:\Windows\system32\drivers\ohci1394.sys.bak
2014-01-12 11:28:40 ----A---- C:\Windows\system32\drivers\nwifi.sys.bak
2014-01-12 11:28:40 ----A---- C:\Windows\system32\drivers\NV_AGP.SYS.bak
2014-01-12 11:28:39 ----A---- C:\Windows\system32\drivers\nvstor.sys.bak
2014-01-12 11:28:39 ----A---- C:\Windows\system32\drivers\nvraid.sys.bak
2014-01-12 11:28:39 ----A---- C:\Windows\system32\drivers\null.sys.bak
2014-01-12 11:28:39 ----A---- C:\Windows\system32\drivers\ntfs.sys.bak
2014-01-12 11:28:38 ----A---- C:\Windows\system32\drivers\nsiproxy.sys.bak
2014-01-12 11:28:38 ----A---- C:\Windows\system32\drivers\npfs.sys.bak
2014-01-12 11:28:38 ----A---- C:\Windows\system32\drivers\npf.sys.bak
2014-01-12 11:28:38 ----A---- C:\Windows\system32\drivers\nfrd960.sys.bak
2014-01-12 11:28:37 ----A---- C:\Windows\system32\drivers\NETwNv64.sys.bak
2014-01-12 11:28:37 ----A---- C:\Windows\system32\drivers\netio.sys.bak
2014-01-12 11:28:37 ----A---- C:\Windows\system32\drivers\netbt.sys.bak
2014-01-12 11:28:37 ----A---- C:\Windows\system32\drivers\netbios.sys.bak
2014-01-12 11:28:37 ----A---- C:\Windows\system32\drivers\ndproxy.sys.bak
2014-01-12 11:28:37 ----A---- C:\Windows\system32\drivers\ndiswan.sys.bak
2014-01-12 11:28:36 ----A---- C:\Windows\system32\drivers\ndisuio.sys.bak
2014-01-12 11:28:36 ----A---- C:\Windows\system32\drivers\ndistapi.sys.bak
2014-01-12 11:28:36 ----A---- C:\Windows\system32\drivers\ndiscap.sys.bak
2014-01-12 11:28:36 ----A---- C:\Windows\system32\drivers\ndis.sys.bak
2014-01-12 11:28:36 ----A---- C:\Windows\system32\drivers\mup.sys.bak
2014-01-12 11:28:36 ----A---- C:\Windows\system32\drivers\MTConfig.sys.bak
2014-01-12 11:28:36 ----A---- C:\Windows\system32\drivers\mstee.sys.bak
2014-01-12 11:28:36 ----A---- C:\Windows\system32\drivers\mssmbios.sys.bak
2014-01-12 11:28:35 ----A---- C:\Windows\system32\drivers\msrpc.sys.bak
2014-01-12 11:28:35 ----A---- C:\Windows\system32\drivers\mspqm.sys.bak
2014-01-12 11:28:35 ----A---- C:\Windows\system32\drivers\mspclock.sys.bak
2014-01-12 11:28:35 ----A---- C:\Windows\system32\drivers\mskssrv.sys.bak
2014-01-12 11:28:35 ----A---- C:\Windows\system32\drivers\msiscsi.sys.bak
2014-01-12 11:28:35 ----A---- C:\Windows\system32\drivers\msisadrv.sys.bak
2014-01-12 11:28:35 ----A---- C:\Windows\system32\drivers\mshidkmdf.sys.bak
2014-01-12 11:28:35 ----A---- C:\Windows\system32\drivers\msfs.sys.bak
2014-01-12 11:28:34 ----A---- C:\Windows\system32\drivers\msdsm.sys.bak
2014-01-12 11:28:34 ----A---- C:\Windows\system32\drivers\msahci.sys.bak
2014-01-12 11:28:34 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys.bak
2014-01-12 11:28:34 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys.bak
2014-01-12 11:28:34 ----A---- C:\Windows\system32\drivers\mrxsmb.sys.bak
2014-01-12 11:28:34 ----A---- C:\Windows\system32\drivers\mrxdav.sys.bak
2014-01-12 11:28:34 ----A---- C:\Windows\system32\drivers\mpsdrv.sys.bak
2014-01-12 11:28:33 ----A---- C:\Windows\system32\drivers\mpio.sys.bak
2014-01-12 11:28:33 ----A---- C:\Windows\system32\drivers\mountmgr.sys.bak
2014-01-12 11:28:33 ----A---- C:\Windows\system32\drivers\mouhid.sys.bak
2014-01-12 11:28:33 ----A---- C:\Windows\system32\drivers\mouclass.sys.bak
2014-01-12 11:28:33 ----A---- C:\Windows\system32\drivers\monitor.sys.bak
2014-01-12 11:28:32 ----A---- C:\Windows\system32\drivers\modem.sys.bak
2014-01-12 11:28:32 ----A---- C:\Windows\system32\drivers\MegaSR.sys.bak
2014-01-12 11:28:32 ----A---- C:\Windows\system32\drivers\megasas.sys.bak
2014-01-12 11:28:32 ----A---- C:\Windows\system32\drivers\mcd.sys.bak
2014-01-12 11:28:32 ----A---- C:\Windows\system32\drivers\luafv.sys.bak
2014-01-12 11:28:32 ----A---- C:\Windows\system32\drivers\lsi_scsi.sys.bak
2014-01-12 11:28:32 ----A---- C:\Windows\system32\drivers\lsi_sas2.sys.bak
2014-01-12 11:28:31 ----A---- C:\Windows\system32\drivers\lsi_sas.sys.bak
2014-01-12 11:28:31 ----A---- C:\Windows\system32\drivers\lsi_fc.sys.bak
2014-01-12 11:28:31 ----A---- C:\Windows\system32\drivers\lltdio.sys.bak
2014-01-12 11:28:31 ----A---- C:\Windows\system32\drivers\ksthunk.sys.bak
2014-01-12 11:28:31 ----A---- C:\Windows\system32\drivers\ksecpkg.sys.bak
2014-01-12 11:28:31 ----A---- C:\Windows\system32\drivers\ksecdd.sys.bak
2014-01-12 11:28:31 ----A---- C:\Windows\system32\drivers\ks.sys.bak
2014-01-12 11:28:30 ----A---- C:\Windows\system32\drivers\kbdhid.sys.bak
2014-01-12 11:28:30 ----A---- C:\Windows\system32\drivers\kbdclass.sys.bak
2014-01-12 11:28:30 ----A---- C:\Windows\system32\drivers\isapnp.sys.bak
2014-01-12 11:28:30 ----A---- C:\Windows\system32\drivers\irenum.sys.bak
2014-01-12 11:28:30 ----A---- C:\Windows\system32\drivers\irda.sys.bak
2014-01-12 11:28:30 ----A---- C:\Windows\system32\drivers\ipnat.sys.bak
2014-01-12 11:28:30 ----A---- C:\Windows\system32\drivers\IPMIDrv.sys.bak
2014-01-12 11:28:29 ----A---- C:\Windows\system32\drivers\ipfltdrv.sys.bak
2014-01-12 11:28:29 ----A---- C:\Windows\system32\drivers\intelppm.sys.bak
2014-01-12 11:28:29 ----A---- C:\Windows\system32\drivers\intelide.sys.bak
2014-01-12 11:28:29 ----A---- C:\Windows\system32\drivers\IntcDAud.sys.bak
2014-01-12 11:28:28 ----A---- C:\Windows\system32\drivers\iirsp.sys.bak
2014-01-12 11:28:27 ----A---- C:\Windows\system32\drivers\igdkmd64.sys.bak
2014-01-12 11:28:27 ----A---- C:\Windows\system32\drivers\ibmpmdrv.sys.bak
2014-01-12 11:28:26 ----A---- C:\Windows\system32\drivers\iaStorV.sys.bak
2014-01-12 11:28:26 ----A---- C:\Windows\system32\drivers\i8042prt.sys.bak
2014-01-12 11:28:26 ----A---- C:\Windows\system32\drivers\hwpolicy.sys.bak
2014-01-12 11:28:26 ----A---- C:\Windows\system32\drivers\http.sys.bak
2014-01-12 11:28:26 ----A---- C:\Windows\system32\drivers\HpSAMD.sys.bak
2014-01-12 11:28:26 ----A---- C:\Windows\system32\drivers\hidusb.sys.bak
2014-01-12 11:28:26 ----A---- C:\Windows\system32\drivers\hidparse.sys.bak
2014-01-12 11:28:25 ----A---- C:\Windows\system32\drivers\hidir.sys.bak
2014-01-12 11:28:25 ----A---- C:\Windows\system32\drivers\hidclass.sys.bak
2014-01-12 11:28:25 ----A---- C:\Windows\system32\drivers\hidbth.sys.bak
2014-01-12 11:28:25 ----A---- C:\Windows\system32\drivers\hidbatt.sys.bak
2014-01-12 11:28:25 ----A---- C:\Windows\system32\drivers\HECIx64.sys.bak
2014-01-12 11:28:25 ----A---- C:\Windows\system32\drivers\HdAudio.sys.bak
2014-01-12 11:28:25 ----A---- C:\Windows\system32\drivers\hdaudbus.sys.bak
2014-01-12 11:28:25 ----A---- C:\Windows\system32\drivers\hcw85cir.sys.bak
2014-01-12 11:28:24 ----A---- C:\Windows\system32\drivers\hcmon.sys.bak
2014-01-12 11:28:24 ----A---- C:\Windows\system32\drivers\GAGP30KX.SYS.bak
2014-01-12 11:28:23 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS.bak
2014-01-12 11:28:23 ----A---- C:\Windows\system32\drivers\fvevol.sys.bak
2014-01-12 11:28:23 ----A---- C:\Windows\system32\drivers\fsdepends.sys.bak
2014-01-12 11:28:23 ----A---- C:\Windows\system32\drivers\fs_rec.sys.bak
2014-01-12 11:28:23 ----A---- C:\Windows\system32\drivers\fltMgr.sys.bak
2014-01-12 11:28:23 ----A---- C:\Windows\system32\drivers\flpydisk.sys.bak
2014-01-12 11:28:23 ----A---- C:\Windows\system32\drivers\filetrace.sys.bak
2014-01-12 11:28:23 ----A---- C:\Windows\system32\drivers\fileinfo.sys.bak
2014-01-12 11:28:22 ----A---- C:\Windows\system32\drivers\fdc.sys.bak
2014-01-12 11:28:22 ----A---- C:\Windows\system32\drivers\fastfat.sys.bak
2014-01-12 11:28:22 ----A---- C:\Windows\system32\drivers\exfat.sys.bak
2014-01-12 11:28:22 ----A---- C:\Windows\system32\drivers\evbda.sys.bak
2014-01-12 11:28:21 ----A---- C:\Windows\system32\drivers\errdev.sys.bak
2014-01-12 11:28:21 ----A---- C:\Windows\system32\drivers\epfwwfp.sys.bak
2014-01-12 11:28:21 ----A---- C:\Windows\system32\drivers\EpfwLWF.sys.bak
2014-01-12 11:28:21 ----A---- C:\Windows\system32\drivers\epfw.sys.bak
2014-01-12 11:28:21 ----A---- C:\Windows\system32\drivers\elxstor.sys.bak
2014-01-12 11:28:21 ----A---- C:\Windows\system32\drivers\ehdrv.sys.bak
2014-01-12 11:28:20 ----A---- C:\Windows\system32\drivers\edevmon.sys.bak
2014-01-12 11:28:20 ----A---- C:\Windows\system32\drivers\eamonm.sys.bak
2014-01-12 11:28:20 ----A---- C:\Windows\system32\drivers\dxgmms1.sys.bak
2014-01-12 11:28:20 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys.bak
2014-01-12 11:28:20 ----A---- C:\Windows\system32\drivers\dxg.sys.bak
2014-01-12 11:28:20 ----A---- C:\Windows\system32\drivers\dxapi.sys.bak
2014-01-12 11:28:19 ----A---- C:\Windows\system32\drivers\dumpfve.sys.bak
2014-01-12 11:28:19 ----A---- C:\Windows\system32\drivers\Dumpata.sys.bak
2014-01-12 11:28:19 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys.bak
2014-01-12 11:28:19 ----A---- C:\Windows\system32\drivers\drmkaud.sys.bak
2014-01-12 11:28:19 ----A---- C:\Windows\system32\drivers\drmk.sys.bak
2014-01-12 11:28:19 ----A---- C:\Windows\system32\drivers\Diskdump.sys.bak
2014-01-12 11:28:19 ----A---- C:\Windows\system32\drivers\disk.sys.bak
2014-01-12 11:28:19 ----A---- C:\Windows\system32\drivers\discache.sys.bak
2014-01-12 11:28:19 ----A---- C:\Windows\system32\drivers\dfsc.sys.bak
2014-01-12 11:28:18 ----A---- C:\Windows\system32\drivers\crcdisk.sys.bak
2014-01-12 11:28:18 ----A---- C:\Windows\system32\drivers\crashdmp.sys.bak
2014-01-12 11:28:18 ----A---- C:\Windows\system32\drivers\CompositeBus.sys.bak
2014-01-12 11:28:18 ----A---- C:\Windows\system32\drivers\compbatt.sys.bak
2014-01-12 11:28:18 ----A---- C:\Windows\system32\drivers\cng.sys.bak
2014-01-12 11:28:17 ----A---- C:\Windows\system32\drivers\CHDRT64.sys.bak
2014-01-12 11:28:17 ----A---- C:\Windows\system32\drivers\cmdide.sys.bak
2014-01-12 11:28:17 ----A---- C:\Windows\system32\drivers\CmBatt.sys.bak
2014-01-12 11:28:17 ----A---- C:\Windows\system32\drivers\Classpnp.sys.bak
2014-01-12 11:28:17 ----A---- C:\Windows\system32\drivers\circlass.sys.bak
2014-01-12 11:28:17 ----A---- C:\Windows\system32\drivers\cdrom.sys.bak
2014-01-12 11:28:16 ----A---- C:\Windows\system32\drivers\cdfs.sys.bak
2014-01-12 11:28:16 ----A---- C:\Windows\system32\drivers\bxvbda.sys.bak
2014-01-12 11:28:16 ----A---- C:\Windows\system32\drivers\btwrchid.sys.bak
2014-01-12 11:28:16 ----A---- C:\Windows\system32\drivers\btwl2cap.sys.bak
2014-01-12 11:28:16 ----A---- C:\Windows\system32\drivers\btwavdt.sys.bak
2014-01-12 11:28:16 ----A---- C:\Windows\system32\drivers\btwaudio.sys.bak
2014-01-12 11:28:16 ----A---- C:\Windows\system32\drivers\btwampfl.sys.bak
2014-01-12 11:28:15 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS.bak
2014-01-12 11:28:15 ----A---- C:\Windows\system32\drivers\bthport.sys.bak
2014-01-12 11:28:15 ----A---- C:\Windows\system32\drivers\bthpan.sys.bak
2014-01-12 11:28:15 ----A---- C:\Windows\system32\drivers\bthmodem.sys.bak
2014-01-12 11:28:15 ----A---- C:\Windows\system32\drivers\bthenum.sys.bak
2014-01-12 11:28:15 ----A---- C:\Windows\system32\drivers\BrUsbSer.sys.bak
2014-01-12 11:28:15 ----A---- C:\Windows\system32\drivers\BrUsbMdm.sys.bak
2014-01-12 11:28:15 ----A---- C:\Windows\system32\drivers\BrSerWdm.sys.bak
2014-01-12 11:28:14 ----A---- C:\Windows\system32\drivers\BrSerId.sys.bak
2014-01-12 11:28:14 ----A---- C:\Windows\system32\drivers\bridge.sys.bak
2014-01-12 11:28:14 ----A---- C:\Windows\system32\drivers\BrFiltUp.sys.bak
2014-01-12 11:28:14 ----A---- C:\Windows\system32\drivers\BrFiltLo.sys.bak
2014-01-12 11:28:14 ----A---- C:\Windows\system32\drivers\bowser.sys.bak
2014-01-12 11:28:14 ----A---- C:\Windows\system32\drivers\blbdrive.sys.bak
2014-01-12 11:28:14 ----A---- C:\Windows\system32\drivers\beep.sys.bak
2014-01-12 11:28:14 ----A---- C:\Windows\system32\drivers\battc.sys.bak
2014-01-12 11:28:14 ----A---- C:\Windows\system32\drivers\b57nd60a.sys.bak
2014-01-12 11:28:13 ----A---- C:\Windows\system32\drivers\ataport.sys.bak
2014-01-12 11:28:13 ----A---- C:\Windows\system32\drivers\atapi.sys.bak
2014-01-12 11:28:13 ----A---- C:\Windows\system32\drivers\asyncmac.sys.bak
2014-01-12 11:28:13 ----A---- C:\Windows\system32\drivers\arcsas.sys.bak
2014-01-12 11:28:13 ----A---- C:\Windows\system32\drivers\arc.sys.bak
2014-01-12 11:28:13 ----A---- C:\Windows\system32\drivers\appid.sys.bak
2014-01-12 11:28:13 ----A---- C:\Windows\system32\drivers\amdxata.sys.bak
2014-01-12 11:28:13 ----A---- C:\Windows\system32\drivers\amdsbs.sys.bak
2014-01-12 11:28:12 ----A---- C:\Windows\system32\drivers\amdsata.sys.bak
2014-01-12 11:28:12 ----A---- C:\Windows\system32\drivers\amdppm.sys.bak
2014-01-12 11:28:12 ----A---- C:\Windows\system32\drivers\amdk8.sys.bak
2014-01-12 11:28:12 ----A---- C:\Windows\system32\drivers\amdide.sys.bak
2014-01-12 11:28:12 ----A---- C:\Windows\system32\drivers\aliide.sys.bak
2014-01-12 11:28:12 ----A---- C:\Windows\system32\drivers\AGP440.sys.bak
2014-01-12 11:28:11 ----A---- C:\Windows\system32\drivers\agilevpn.sys.bak
2014-01-12 11:28:11 ----A---- C:\Windows\system32\drivers\afd.sys.bak
2014-01-12 11:28:11 ----A---- C:\Windows\system32\drivers\adpu320.sys.bak
2014-01-12 11:28:10 ----A---- C:\Windows\system32\drivers\adpahci.sys.bak
2014-01-12 11:28:10 ----A---- C:\Windows\system32\drivers\adp94xx.sys.bak
2014-01-12 11:28:10 ----A---- C:\Windows\system32\drivers\acpipmi.sys.bak
2014-01-12 11:28:10 ----A---- C:\Windows\system32\drivers\acpi.sys.bak
2014-01-12 11:28:10 ----A---- C:\Windows\system32\drivers\5U877.sys.bak
2014-01-12 11:28:10 ----A---- C:\Windows\system32\drivers\1394ohci.sys.bak
2014-01-12 11:28:09 ----A---- C:\Windows\system32\drivers\1394bus.sys.bak
2014-01-08 14:24:40 ----D---- C:\Users\Honza\AppData\Roaming\Intel
2014-01-08 14:23:49 ----D---- C:\ProgramData\Intel
2014-01-08 14:23:49 ----D---- C:\Program Files (x86)\Cisco
2014-01-08 14:23:16 ----D---- C:\Program Files\Intel
2014-01-08 14:23:08 ----D---- C:\ProgramData\Package Cache
2014-01-08 09:00:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-01-08 08:06:22 ----D---- C:\Users\Honza\AppData\Roaming\Macromedia
2014-01-08 08:06:22 ----D---- C:\Users\Honza\AppData\Roaming\Adobe
2014-01-08 08:06:01 ----D---- C:\ProgramData\McAfee
2014-01-08 08:05:58 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-01-08 08:05:56 ----D---- C:\Windows\SYSWOW64\Macromed
2014-01-08 08:05:53 ----D---- C:\Windows\system32\Macromed
2014-01-05 13:49:12 ----D---- C:\Users\Honza\AppData\Roaming\ESET
2014-01-05 13:47:25 ----D---- C:\ProgramData\ESET
2014-01-05 13:29:25 ----D---- C:\Program Files\ESET
2013-12-30 22:37:25 ----D---- C:\Users\Honza\AppData\Roaming\Mobile Atlas Creator
2013-12-29 23:00:25 ----D---- C:\Program Files (x86)\NirSoft
2013-12-29 11:08:57 ----A---- C:\Windows\SYSWOW64\ampa.sys
2013-12-29 11:08:57 ----A---- C:\Windows\system32\ampa.sys
2013-12-29 11:08:57 ----A---- C:\Windows\ampa.exe
2013-12-28 23:07:39 ----D---- C:\Users\Honza\AppData\Roaming\hpqLog
2013-12-28 22:50:08 ----A---- C:\Windows\system32\RtNicProp64.dll
2013-12-28 22:50:08 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2013-12-28 22:49:31 ----A---- C:\Windows\system32\RTNICVer.dll
2013-12-28 22:12:20 ----D---- C:\Program Files (x86)\Astroburn Lite
2013-12-28 22:12:10 ----D---- C:\Users\Honza\AppData\Roaming\Astroburn Lite
2013-12-28 22:12:10 ----D---- C:\ProgramData\Astroburn Lite
2013-12-28 21:46:17 ----D---- C:\Program Files (x86)\EaseUS Partition Master 9.3.0
2013-12-22 12:05:03 ----D---- C:\Users\Honza\AppData\Roaming\Mikrotik
2013-12-18 13:07:53 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-12-18 13:07:30 ----D---- C:\Program Files\Microsoft Visual Studio 8
2013-12-17 10:56:11 ----D---- C:\Program Files\WhoCrashed

======List of files/folders modified in the last 1 months======

2014-01-13 14:22:37 ----D---- C:\Windows\Prefetch
2014-01-13 14:22:36 ----D---- C:\Program Files\trend micro
2014-01-13 14:13:58 ----D---- C:\Windows\Temp
2014-01-13 14:13:20 ----D---- C:\Users\Honza\AppData\Roaming\vlc
2014-01-13 08:17:50 ----D---- C:\Windows\System32
2014-01-13 08:17:49 ----D---- C:\Windows\inf
2014-01-13 08:17:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-13 08:15:53 ----A---- C:\Windows\SYSWOW64\log.txt
2014-01-13 08:13:41 ----D---- C:\ProgramData\VMware
2014-01-12 19:47:30 ----D---- C:\Windows\system32\drivers
2014-01-12 19:20:55 ----D---- C:\Windows
2014-01-12 19:20:55 ----A---- C:\Windows\system.ini
2014-01-12 19:20:11 ----D---- C:\Windows\system32\drivers\etc
2014-01-12 18:06:11 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-12 17:51:41 ----D---- C:\Windows\SYSWOW64\drivers
2014-01-12 17:51:41 ----D---- C:\Windows\SysWOW64
2014-01-12 17:51:41 ----D---- C:\Windows\AppPatch
2014-01-12 17:51:40 ----D---- C:\Program Files (x86)\Common Files
2014-01-12 17:12:50 ----D---- C:\Program Files (x86)\winometer
2014-01-12 15:54:05 ----RD---- C:\Program Files (x86)
2014-01-12 14:53:12 ----D---- C:\ProgramData
2014-01-12 12:45:32 ----D---- C:\Windows\system32\Tasks
2014-01-12 12:17:15 ----D---- C:\Windows\system32\config
2014-01-12 12:05:59 ----SHD---- C:\System Volume Information
2014-01-08 17:00:15 ----D---- C:\Windows\Tasks
2014-01-08 17:00:15 ----D---- C:\Windows\system32\wfp
2014-01-08 17:00:15 ----D---- C:\Program Files\Common Files\Intel
2014-01-08 17:00:13 ----D---- C:\Windows\system32\wbem
2014-01-08 16:59:38 ----D---- C:\Windows\system32\DriverStore
2014-01-08 16:59:38 ----D---- C:\Windows\system32\catroot2
2014-01-08 16:59:37 ----D---- C:\Users\Honza\AppData\Roaming\PSpad
2014-01-08 16:59:37 ----D---- C:\Users\Honza\AppData\Roaming\GHISLER
2014-01-08 16:59:34 ----D---- C:\Windows\registration
2014-01-08 16:59:32 ----D---- C:\Windows\system32\catroot
2014-01-08 16:59:30 ----RD---- C:\Program Files
2014-01-08 16:59:30 ----D---- C:\ProgramData\MySQL
2014-01-08 16:51:50 ----D---- C:\Windows\system32\NDF
2014-01-08 08:06:22 ----SD---- C:\Users\Honza\AppData\Roaming\Microsoft
2014-01-05 13:48:22 ----SHD---- C:\Windows\Installer
2014-01-04 18:08:21 ----D---- C:\Users\Honza\AppData\Roaming\foobar2000
2014-01-01 22:29:35 ----D---- C:\Program Files (x86)\Counter Strike Source
2013-12-30 22:53:35 ----D---- C:\Windows\system32\drivers\UMDF
2013-12-29 16:38:38 ----D---- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
2013-12-29 11:11:18 ----D---- C:\Windows\Logs
2013-12-28 22:49:52 ----D---- C:\Program Files (x86)\Realtek
2013-12-28 22:49:47 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-12-22 12:14:32 ----D---- C:\Users\Honza\AppData\Roaming\VMware
2013-12-21 22:38:08 ----D---- C:\Users\Honza\AppData\Roaming\YouTube Downloader
2013-12-18 15:45:52 ----D---- C:\Windows\Microsoft.NET
2013-12-18 15:45:51 ----RSD---- C:\Windows\assembly
2013-12-18 13:10:51 ----D---- C:\ProgramData\Microsoft Help
2013-12-18 13:10:23 ----SD---- C:\ProgramData\Microsoft
2013-12-18 13:07:53 ----D---- C:\Program Files (x86)\Microsoft Office
2013-12-18 13:07:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-12-17 11:08:06 ----D---- C:\Windows\Minidump
2013-12-16 11:06:29 ----D---- C:\Windows\SYSWOW64\GroupPolicy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 62136]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-16 283064]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 239320]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 44120]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-09-17 220232]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2010-09-21 38448]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
R2 vmci;VMware vmci; \??\C:\Windows\system32\drivers\vmci.sys [2010-09-21 80944]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-09-20 45104]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2010-09-21 30256]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2010-09-21 68656]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [2010-08-19 32816]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-04-27 150568]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2011-04-27 164392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-04-27 21544]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2011-03-24 1576064]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2011-02-01 39024]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-04-10 12223936]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNv64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETwNv64.sys [2011-01-06 8300032]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-11-23 648808]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-05-05 1439792]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2010-09-21 31792]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S3 ampa;ampa; \??\C:\Windows\system32\ampa.sys [2013-11-29 17008]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 kardelia;Rootkit Unhooker Driver; C:\Windows\system32\drivers\kardelia.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-09-20 20016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2009-02-15 660768]
R2 Apache2.4;Apache2.4; C:\server\apache\bin\httpd.exe [2013-02-23 22016]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-04-27 968480]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-16 198784]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-09-12 1337752]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2011-02-01 45928]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
R2 MySQL;MySQL; C:\server\mysql\bin\mysqld --defaults-file=C:\server\mysql\my.ini MySQL []
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 SROSVC;Screen Reading Optimizer Service Program; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-03-05 446800]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 144232]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [2010-09-21 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2010-09-21 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2010-09-21 404016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 116648]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-01-08 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ufad-ws60;VMware Agent Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [2010-08-19 191024]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Márty84]

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[had12]

Vyskočilo chybové hlášení: Cannot create file D:\Plocha\cmd.bat, viz screen. Potvrdil jsem OK. Mám zkusit OTL pustit ještě jednou? Napadá mě, že se možná mohl skript omylem vložit dvakrát za sebou do toho okna..?

[had12]

...vypadá to, že program vytuhnul. Pořád nic nedělá... mám ho ukončit?

[Márty84]

Obcas se to stane, ze OTL tuhle chybku vyhodi

Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

[had12]

OTL logfile created on: 13.1.2014 19:47:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Plocha
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,91 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 37,63% Memory free
7,82 Gb Paging File | 5,11 Gb Available in Paging File | 65,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 26,39 Gb Free Space | 45,12% Space Free | Partition Type: NTFS
Drive D: | 407,17 Gb Total Space | 88,30 Gb Free Space | 21,69% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 4,21 Gb Free Space | 0,90% Space Free | Partition Type: NTFS

Computer Name: HAD | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.01.13 15:24:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Plocha\OTL.exe
PRC - [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.10.29 10:46:44 | 000,064,008 | ---- | M] (Google) -- C:\Users\Honza\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013.10.01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.10.01 13:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2013.10.01 13:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013.02.23 12:38:50 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\server\apache\bin\httpd.exe
PRC - [2013.02.23 12:38:18 | 000,035,328 | ---- | M] (Apache Software Foundation) -- C:\server\apache\bin\ApacheMonitor.exe
PRC - [2012.03.05 09:20:28 | 000,446,800 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
PRC - [2011.05.26 11:43:14 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.04.04 02:27:22 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011.03.29 05:41:10 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.02.22 04:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 04:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.07 04:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010.09.21 02:58:52 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010.09.21 02:58:22 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.09.21 02:58:18 | 000,404,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.09.21 01:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.04.07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 06:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009.02.15 23:26:58 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2013.12.04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013.12.04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013.12.04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013.12.04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013.12.04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013.12.04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV:64bit: - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011.04.27 22:41:18 | 000,968,480 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011.04.20 02:04:40 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011.04.04 02:27:22 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011.03.29 05:41:10 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011.02.01 06:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010.12.16 23:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.04.07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014.01.08 09:00:22 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.02.23 12:38:50 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\server\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2013.01.16 07:47:36 | 009,730,048 | ---- | M] () [Auto | Running] -- C:\server\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2012.03.05 09:20:28 | 000,446,800 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe -- (SROSVC)
SRV - [2011.02.22 04:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 04:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.07 04:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010.09.21 02:58:52 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.09.21 02:58:22 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.09.21 02:58:18 | 000,404,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.09.21 01:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.15 23:26:58 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.11.29 10:31:28 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:64bit: - [2013.10.16 16:08:07 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.09.17 15:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.09.17 15:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013.09.17 15:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013.09.17 15:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013.09.17 15:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011.11.23 23:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.05 12:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.04.27 16:50:38 | 000,436,776 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.04.27 16:50:32 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.04.27 16:50:32 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.04.27 16:50:32 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.04.27 16:50:32 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.04.10 10:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.24 07:36:20 | 001,576,064 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.04 17:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011.02.01 06:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011.01.06 05:25:04 | 008,300,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNv64.sys -- (NETwNv64)
DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 04:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 04:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.19 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 22:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.21 02:59:58 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.09.21 02:59:50 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.09.21 02:57:50 | 000,031,792 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.09.21 02:57:40 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.09.21 01:42:38 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.09.20 23:18:14 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.09.20 23:18:14 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.09.07 06:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.11.29 10:31:28 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2013.11.08 17:46:48 | 000,032,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\kardelia.sys -- (kardelia)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2163525019-3852196789-3982623038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-2163525019-3852196789-3982623038-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2163525019-3852196789-3982623038-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2163525019-3852196789-3982623038-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Honza\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Honza\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Honza\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Honza\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Honza\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2014.01.05 13:47:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014.01.05 13:47:26 | 000,000,000 | ---D | M]

[2013.10.02 13:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Extensions
[2013.10.02 13:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\xta9rqud.default\extensions
[2014.01.08 09:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014.01.08 09:00:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://mail.google.com/mail/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - Extension: Dokumenty Google = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0\
CHR - Extension: WOT = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.2.0_0\
CHR - Extension: WOT = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.2.1_0\
CHR - Extension: WOT = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.2.2_0\
CHR - Extension: WOT = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.3.1_0\
CHR - Extension: WOT = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.1_0\
CHR - Extension: WOT = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.3_0\
CHR - Extension: WOT = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.4_0\
CHR - Extension: WOT = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.5_0\
CHR - Extension: YouTube = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Adblock Plus = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Adblock Plus = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\
CHR - Extension: Adblock Plus = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Adblock Plus = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail Offline = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: AdBlock = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: AdBlock = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: AdBlock = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0\
CHR - Extension: AdBlock = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: AdBlock = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: AdBlock = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: AdBlock = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
CHR - Extension: Firebug Console = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jodfpogckhbcjamkfgjeicoiphpligka\0.1.0.8_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014.01.12 19:20:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - Startup: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ApacheMonitor.exe – zástupce.lnk = C:\server\apache\bin\ApacheMonitor.exe (Apache Software Foundation)
O4 - Startup: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousemeter.cmd ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2163525019-3852196789-3982623038-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2163525019-3852196789-3982623038-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3AD6555-171B-4CC6-BA94-16B938EA8ADF}: DhcpNameServer = 192.168.1.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9FB0C42-BDD8-4011-96BE-79C5DB13F5BF}: DhcpNameServer = 192.168.1.23
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.25 23:44:41 | 000,000,000 | R--D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.06.25 23:44:41 | 000,000,000 | R--D | M] - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.01.13 15:24:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Plocha\OTL.exe
[2014.01.12 19:48:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.01.12 15:12:59 | 000,000,000 | ---D | C] -- D:\Plocha\aaa
[2014.01.12 14:42:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.01.12 14:42:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.01.12 14:42:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.01.12 14:42:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.01.12 14:42:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.01.12 14:39:26 | 005,162,489 | R--- | C] (Swearware) -- D:\Plocha\ComboFix.exe
[2014.01.12 13:47:01 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Roaming\dvdcss
[2014.01.12 11:28:57 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys.bak
[2014.01.12 11:28:57 | 000,042,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys.bak
[2014.01.12 11:28:57 | 000,016,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wmilib.sys.bak
[2014.01.12 11:28:55 | 000,068,656 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys.bak
[2014.01.12 11:28:55 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys.bak
[2014.01.12 11:28:54 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\videoprt.sys.bak
[2014.01.12 11:28:54 | 000,080,944 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys.bak
[2014.01.12 11:28:54 | 000,045,104 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys.bak
[2014.01.12 11:28:54 | 000,031,792 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys.bak
[2014.01.12 11:28:54 | 000,024,112 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys.bak
[2014.01.12 11:28:54 | 000,020,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys.bak
[2014.01.12 11:28:53 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys.bak
[2014.01.12 11:28:52 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys.bak
[2014.01.12 11:28:51 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys.bak
[2014.01.12 11:28:51 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys.bak
[2014.01.12 11:28:51 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys.bak
[2014.01.12 11:28:50 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys.bak
[2014.01.12 11:28:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tape.sys.bak
[2014.01.12 11:28:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys.bak
[2014.01.12 11:28:48 | 001,439,792 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys.bak
[2014.01.12 11:28:48 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys.bak
[2014.01.12 11:28:48 | 000,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys.bak
[2014.01.12 11:28:48 | 000,024,656 | ---- | C] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys.bak
[2014.01.12 11:28:47 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys.bak
[2014.01.12 11:28:47 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\smclib.sys.bak
[2014.01.12 11:28:47 | 000,015,472 | ---- | C] (Lenovo Group Limited) -- C:\Windows\SysNative\drivers\smiifx64.sys.bak
[2014.01.12 11:28:45 | 000,648,808 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2014.01.12 11:28:45 | 000,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys.bak
[2014.01.12 11:28:45 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys.bak
[2014.01.12 11:28:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys.bak
[2014.01.12 11:28:45 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rootmdm.sys.bak
[2014.01.12 11:28:42 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys.bak
[2014.01.12 11:28:41 | 000,048,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pciidex.sys.bak
[2014.01.12 11:28:38 | 000,035,344 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys.bak
[2014.01.12 11:28:37 | 008,300,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\NETwNv64.sys.bak
[2014.01.12 11:28:37 | 000,376,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys.bak
[2014.01.12 11:28:32 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014.01.12 11:28:32 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mcd.sys.bak
[2014.01.12 11:28:30 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\irda.sys.bak
[2014.01.12 11:28:29 | 000,317,440 | ---- | C] (Intel(R) Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys.bak
[2014.01.12 11:28:27 | 012,223,936 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys.bak
[2014.01.12 11:28:27 | 000,039,024 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys.bak
[2014.01.12 11:28:26 | 000,078,720 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys.bak
[2014.01.12 11:28:26 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys.bak
[2014.01.12 11:28:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys.bak
[2014.01.12 11:28:25 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys.bak
[2014.01.12 11:28:25 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014.01.12 11:28:24 | 000,038,448 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys.bak
[2014.01.12 11:28:23 | 000,288,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2014.01.12 11:28:23 | 000,023,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys.bak
[2014.01.12 11:28:22 | 003,286,016 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys.bak
[2014.01.12 11:28:21 | 000,220,232 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\epfw.sys.bak
[2014.01.12 11:28:21 | 000,168,256 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\ehdrv.sys.bak
[2014.01.12 11:28:21 | 000,062,136 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\epfwwfp.sys.bak
[2014.01.12 11:28:21 | 000,044,120 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\EpfwLWF.sys.bak
[2014.01.12 11:28:20 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys.bak
[2014.01.12 11:28:20 | 000,239,320 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\eamonm.sys.bak
[2014.01.12 11:28:20 | 000,239,296 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\edevmon.sys.bak
[2014.01.12 11:28:20 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys.bak
[2014.01.12 11:28:20 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxapi.sys.bak
[2014.01.12 11:28:19 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys.bak
[2014.01.12 11:28:19 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys.bak
[2014.01.12 11:28:19 | 000,055,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys.bak
[2014.01.12 11:28:19 | 000,028,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys.bak
[2014.01.12 11:28:19 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys.bak
[2014.01.12 11:28:18 | 000,039,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys.bak
[2014.01.12 11:28:17 | 001,576,064 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\drivers\CHDRT64.sys.bak
[2014.01.12 11:28:17 | 000,179,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys.bak
[2014.01.12 11:28:16 | 000,468,480 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys.bak
[2014.01.12 11:28:16 | 000,436,776 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys.bak
[2014.01.12 11:28:16 | 000,164,392 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys.bak
[2014.01.12 11:28:16 | 000,150,568 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys.bak
[2014.01.12 11:28:16 | 000,039,976 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys.bak
[2014.01.12 11:28:16 | 000,021,544 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys.bak
[2014.01.12 11:28:14 | 000,270,848 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys.bak
[2014.01.12 11:28:14 | 000,028,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys.bak
[2014.01.12 11:28:13 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014.01.12 11:28:13 | 000,155,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys.bak
[2014.01.12 11:28:13 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys.bak
[2014.01.12 11:28:12 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys.bak
[2014.01.12 11:28:10 | 000,166,016 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\SysNative\drivers\5U877.sys.bak
[2014.01.12 11:28:09 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394bus.sys.bak
[2014.01.12 11:27:16 | 000,000,000 | ---D | C] -- D:\Plocha\RK_Quarantine
[2014.01.10 21:05:59 | 000,000,000 | ---D | C] -- D:\Plocha\odchod-ze-seminare
[2014.01.08 14:24:40 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Roaming\Intel
[2014.01.08 14:24:29 | 000,000,000 | ---D | C] -- C:\Users\Honza\Roaming
[2014.01.08 14:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2014.01.08 14:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2014.01.08 14:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014.01.08 14:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.01.08 09:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.01.08 08:06:22 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Roaming\Macromedia
[2014.01.08 08:06:22 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Local\Macromedia
[2014.01.08 08:06:22 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Roaming\Adobe
[2014.01.08 08:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014.01.08 08:05:58 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.01.08 08:05:58 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.01.08 08:05:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2014.01.08 08:05:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014.01.05 13:49:12 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Roaming\ESET
[2014.01.05 13:49:12 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Local\ESET
[2014.01.05 13:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014.01.05 13:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014.01.05 13:41:40 | 001,581,384 | ---- | C] (ESET) -- D:\Plocha\eset_smart_security_live_installer_.exe
[2014.01.05 13:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.12.30 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Roaming\Mobile Atlas Creator
[2013.12.29 23:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2013.12.29 15:02:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2013.12.28 23:07:39 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Roaming\hpqLog
[2013.12.28 22:50:08 | 000,648,808 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.12.28 22:49:31 | 000,013,900 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNICVer.dll
[2013.12.28 22:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astroburn Lite
[2013.12.28 22:12:10 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Roaming\Astroburn Lite
[2013.12.28 22:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Astroburn Lite
[2013.12.28 21:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS Partition Master 9.3.0
[2013.12.28 18:00:02 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013.12.28 18:00:01 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Local\Apps
[2013.12.22 12:05:03 | 000,000,000 | ---D | C] -- C:\Users\Honza\AppData\Roaming\Mikrotik
[2013.12.19 22:30:45 | 000,005,632 | ---- | C] (Dixcart Technical Solutions) -- D:\Plocha\sudo.exe
[2013.12.19 11:46:54 | 000,000,000 | ---D | C] -- D:\Plocha\Bat_To_Exe_Converter
[2013.12.18 13:09:02 | 000,000,000 | ---D | C] -- D:\Dokumenty\Visual Studio 2005
[2013.12.18 13:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.12.18 13:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2013.12.18 13:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2013.12.17 10:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2013.12.17 10:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2013.12.17 10:55:37 | 002,657,280 | ---- | C] (Resplendence Software Projects Sp. ) -- D:\Plocha\whocrashedSetup.exe
[47 D:\Plocha\*.tmp files -> D:\Plocha\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.01.13 19:50:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000UA1ceeb987bf4d477.job
[2014.01.13 19:49:33 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.01.13 18:58:19 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1ceef5d72b20ab0.job
[2014.01.13 18:50:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000Core.job
[2014.01.13 15:24:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Plocha\OTL.exe
[2014.01.13 14:17:52 | 000,019,506 | ---- | M] () -- D:\Plocha\prst.jpg
[2014.01.13 13:58:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.13 08:20:57 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.13 08:20:57 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.13 08:17:50 | 000,668,628 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014.01.13 08:17:50 | 000,654,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.01.13 08:17:50 | 000,140,818 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014.01.13 08:17:50 | 000,121,790 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.01.13 08:17:49 | 001,583,348 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.01.13 08:16:33 | 000,000,123 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousemeter.cmd
[2014.01.13 08:13:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.13 08:13:23 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.12 19:20:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014.01.12 17:12:31 | 000,035,312 | ---- | M] () -- D:\Dokumenty\WinOMeterHistory.woh
[2014.01.12 17:12:19 | 000,078,146 | ---- | M] () -- D:\Dokumenty\WinOMeterHistory.csv
[2014.01.12 14:39:48 | 005,162,489 | R--- | M] (Swearware) -- D:\Plocha\ComboFix.exe
[2014.01.12 11:28:58 | 000,016,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wmilib.sys.bak
[2014.01.12 11:28:57 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys.bak
[2014.01.12 11:28:57 | 000,042,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys.bak
[2014.01.12 11:28:55 | 000,068,656 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys.bak
[2014.01.12 11:28:55 | 000,030,256 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys.bak
[2014.01.12 11:28:54 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\videoprt.sys.bak
[2014.01.12 11:28:54 | 000,080,944 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys.bak
[2014.01.12 11:28:54 | 000,045,104 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys.bak
[2014.01.12 11:28:54 | 000,031,792 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys.bak
[2014.01.12 11:28:54 | 000,024,112 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys.bak
[2014.01.12 11:28:54 | 000,020,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys.bak
[2014.01.12 11:28:53 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys.bak
[2014.01.12 11:28:52 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys.bak
[2014.01.12 11:28:51 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys.bak
[2014.01.12 11:28:51 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys.bak
[2014.01.12 11:28:51 | 000,007,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys.bak
[2014.01.12 11:28:50 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys.bak
[2014.01.12 11:28:49 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tape.sys.bak
[2014.01.12 11:28:49 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys.bak
[2014.01.12 11:28:48 | 001,439,792 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys.bak
[2014.01.12 11:28:48 | 000,189,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys.bak
[2014.01.12 11:28:48 | 000,068,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys.bak
[2014.01.12 11:28:48 | 000,024,656 | ---- | M] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys.bak
[2014.01.12 11:28:47 | 000,426,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys.bak
[2014.01.12 11:28:47 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\smclib.sys.bak
[2014.01.12 11:28:47 | 000,015,472 | ---- | M] (Lenovo Group Limited) -- C:\Windows\SysNative\drivers\smiifx64.sys.bak
[2014.01.12 11:28:46 | 000,171,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys.bak
[2014.01.12 11:28:45 | 000,648,808 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2014.01.12 11:28:45 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys.bak
[2014.01.12 11:28:45 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys.bak
[2014.01.12 11:28:45 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rootmdm.sys.bak
[2014.01.12 11:28:42 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys.bak
[2014.01.12 11:28:41 | 000,048,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pciidex.sys.bak
[2014.01.12 11:28:38 | 008,300,032 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\NETwNv64.sys.bak
[2014.01.12 11:28:38 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys.bak
[2014.01.12 11:28:37 | 000,376,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys.bak
[2014.01.12 11:28:32 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014.01.12 11:28:32 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mcd.sys.bak
[2014.01.12 11:28:30 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\irda.sys.bak
[2014.01.12 11:28:29 | 000,317,440 | ---- | M] (Intel(R) Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys.bak
[2014.01.12 11:28:28 | 012,223,936 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys.bak
[2014.01.12 11:28:27 | 000,039,024 | ---- | M] (Lenovo.) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys.bak
[2014.01.12 11:28:26 | 000,078,720 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys.bak
[2014.01.12 11:28:26 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys.bak
[2014.01.12 11:28:25 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys.bak
[2014.01.12 11:28:25 | 000,056,344 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys.bak
[2014.01.12 11:28:25 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014.01.12 11:28:24 | 000,038,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys.bak
[2014.01.12 11:28:23 | 000,288,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2014.01.12 11:28:23 | 000,023,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys.bak
[2014.01.12 11:28:22 | 003,286,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys.bak
[2014.01.12 11:28:21 | 000,220,232 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\epfw.sys.bak
[2014.01.12 11:28:21 | 000,168,256 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\ehdrv.sys.bak
[2014.01.12 11:28:21 | 000,062,136 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\epfwwfp.sys.bak
[2014.01.12 11:28:21 | 000,044,120 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\EpfwLWF.sys.bak
[2014.01.12 11:28:20 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys.bak
[2014.01.12 11:28:20 | 000,239,320 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\eamonm.sys.bak
[2014.01.12 11:28:20 | 000,239,296 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\edevmon.sys.bak
[2014.01.12 11:28:20 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys.bak
[2014.01.12 11:28:20 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxapi.sys.bak
[2014.01.12 11:28:19 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys.bak
[2014.01.12 11:28:19 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys.bak
[2014.01.12 11:28:19 | 000,055,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys.bak
[2014.01.12 11:28:19 | 000,028,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys.bak
[2014.01.12 11:28:19 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys.bak
[2014.01.12 11:28:18 | 000,039,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys.bak
[2014.01.12 11:28:17 | 001,576,064 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\SysNative\drivers\CHDRT64.sys.bak
[2014.01.12 11:28:17 | 000,179,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys.bak
[2014.01.12 11:28:16 | 000,468,480 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys.bak
[2014.01.12 11:28:16 | 000,436,776 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys.bak
[2014.01.12 11:28:16 | 000,164,392 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys.bak
[2014.01.12 11:28:16 | 000,150,568 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys.bak
[2014.01.12 11:28:16 | 000,039,976 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys.bak
[2014.01.12 11:28:16 | 000,021,544 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys.bak
[2014.01.12 11:28:14 | 000,270,848 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys.bak
[2014.01.12 11:28:14 | 000,028,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys.bak
[2014.01.12 11:28:13 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014.01.12 11:28:13 | 000,155,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys.bak
[2014.01.12 11:28:13 | 000,027,008 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys.bak
[2014.01.12 11:28:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys.bak
[2014.01.12 11:28:10 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) -- C:\Windows\SysNative\drivers\5U877.sys.bak
[2014.01.12 11:28:10 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394bus.sys.bak
[2014.01.12 11:22:54 | 003,810,304 | ---- | M] () -- D:\Plocha\RogueKiller.exe
[2014.01.12 11:19:10 | 000,001,406 | ---- | M] () -- D:\Plocha\Had-scanner.cd
[2014.01.08 18:43:25 | 000,007,590 | ---- | M] () -- C:\Users\Honza\AppData\Local\Resmon.ResmonCfg
[2014.01.08 15:30:51 | 000,009,046 | ---- | M] () -- D:\Plocha\ESET-Remover.cd
[2014.01.08 13:58:15 | 000,832,273 | ---- | M] () -- D:\Plocha\RSITx64.exe
[2014.01.08 08:05:58 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.01.08 08:05:58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.01.05 13:41:42 | 001,581,384 | ---- | M] (ESET) -- D:\Plocha\eset_smart_security_live_installer_.exe
[2014.01.02 16:01:04 | 000,003,584 | ---- | M] () -- C:\Users\Honza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.12.30 22:53:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.12.28 18:00:02 | 000,002,306 | ---- | M] () -- D:\Plocha\Windows 7 USB DVD Download Tool.lnk
[2013.12.26 15:59:12 | 000,008,713 | ---- | M] () -- D:\Plocha\Profile-manager.cd
[2013.12.23 10:16:37 | 000,220,881 | ---- | M] () -- D:\Plocha\prani.jpg
[2013.12.21 21:30:37 | 1286,402,424 | ---- | M] () -- D:\Plocha\Marián Kuffa - O pokání.mp4
[2013.12.17 10:56:13 | 000,000,738 | ---- | M] () -- D:\Plocha\WhoCrashed.lnk
[2013.12.17 10:55:45 | 002,657,280 | ---- | M] (Resplendence Software Projects Sp. ) -- D:\Plocha\whocrashedSetup.exe
[2013.12.15 16:53:41 | 000,000,000 | ---- | M] () -- D:\Plocha\LogAnalyZer.ini
[47 D:\Plocha\*.tmp files -> D:\Plocha\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.01.13 15:28:06 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.01.13 14:17:52 | 000,019,506 | ---- | C] () -- D:\Plocha\prst.jpg
[2014.01.12 17:12:19 | 000,078,146 | ---- | C] () -- D:\Dokumenty\WinOMeterHistory.csv
[2014.01.12 14:42:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.01.12 14:42:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.01.12 14:42:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.01.12 14:42:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.01.12 14:42:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.01.12 11:22:50 | 003,810,304 | ---- | C] () -- D:\Plocha\RogueKiller.exe
[2014.01.12 11:12:39 | 000,001,406 | ---- | C] () -- D:\Plocha\Had-scanner.cd
[2014.01.08 13:58:12 | 000,832,273 | ---- | C] () -- D:\Plocha\RSITx64.exe
[2014.01.02 16:01:04 | 000,003,584 | ---- | C] () -- C:\Users\Honza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.12.30 22:53:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.12.29 11:08:57 | 001,806,960 | ---- | C] () -- C:\Windows\ampa.exe
[2013.12.29 11:08:57 | 000,017,008 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2013.12.29 11:08:57 | 000,017,008 | ---- | C] () -- C:\Windows\SysNative\ampa.sys
[2013.12.28 22:50:08 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013.12.28 18:00:02 | 000,002,306 | ---- | C] () -- D:\Plocha\Windows 7 USB DVD Download Tool.lnk
[2013.12.23 10:02:10 | 000,220,881 | ---- | C] () -- D:\Plocha\prani.jpg
[2013.12.21 21:16:08 | 1286,402,424 | ---- | C] () -- D:\Plocha\Marián Kuffa - O pokání.mp4
[2013.12.19 10:43:25 | 000,008,713 | ---- | C] () -- D:\Plocha\Profile-manager.cd
[2013.12.18 13:09:00 | 000,001,387 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2005 Express Edition.lnk
[2013.12.17 10:56:13 | 000,000,738 | ---- | C] () -- D:\Plocha\WhoCrashed.lnk
[2013.12.12 09:54:27 | 000,707,354 | ---- | C] () -- C:\Windows\unins000.exe
[2013.12.12 09:54:27 | 000,002,570 | ---- | C] () -- C:\Windows\unins000.dat
[2013.11.26 14:31:25 | 000,000,600 | ---- | C] () -- C:\Users\Honza\AppData\Local\PUTTY.RND
[2013.11.21 13:49:21 | 000,000,877 | ---- | C] () -- C:\Users\Honza\AppData\Local\recently-used.xbel
[2013.11.08 17:46:24 | 000,032,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\kardelia.sys
[2013.11.01 11:52:58 | 000,004,096 | -H-- | C] () -- C:\Users\Honza\AppData\Local\keyfile3.drm
[2013.10.02 07:22:39 | 000,007,590 | ---- | C] () -- C:\Users\Honza\AppData\Local\Resmon.ResmonCfg
[2013.09.15 17:57:13 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013.09.15 14:34:31 | 001,604,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.09.15 13:47:06 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.03.09 00:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.20 04:27:26 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 03:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.12.28 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Astroburn Lite
[2013.11.13 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Audacity
[2013.12.03 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\calibre
[2013.12.29 16:38:38 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2014.01.05 13:49:12 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\ESET
[2014.01.04 18:08:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\foobar2000
[2013.09.15 17:57:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Foxit Software
[2014.01.08 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GHISLER
[2013.09.28 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\IrfanView
[2013.10.24 08:28:19 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Jurecek Radek
[2013.12.22 12:05:03 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Mikrotik
[2013.12.30 22:37:26 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Mobile Atlas Creator
[2013.09.15 18:20:17 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Philipp Winterberg
[2013.10.04 09:04:34 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\TeamViewer
[2013.10.18 10:17:36 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Wireshark
[2013.12.21 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\YouTube Downloader

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,019,696 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.09.15 14:42:29 | 000,000,946 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.11.04 19:40:18 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000Core.job
[2013.11.27 18:45:38 | 000,000,962 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000UA1ceeb987bf4d477.job
[2013.12.02 13:53:07 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ceef5d72b20ab0.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 04:24:28 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 04:24:28 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 03:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 03:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 00:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 00:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 00:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\erdnt\cache86\explorer.exe
[2010.11.20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 04:33:36 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 04:33:36 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.11.20 04:33:58 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\erdnt\cache64\tcpip.sys
[2010.11.20 04:33:58 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.11.20 04:33:58 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[7 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.10.16 16:15:38 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\ABBYY
[2014.01.08 08:06:22 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Adobe
[2013.12.28 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Astroburn Lite
[2013.11.13 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Audacity
[2013.12.03 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\calibre
[2013.12.29 16:38:38 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2014.01.12 13:47:01 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\dvdcss
[2014.01.05 13:49:12 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\ESET
[2014.01.04 18:08:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\foobar2000
[2013.09.15 17:57:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Foxit Software
[2014.01.08 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GHISLER
[2013.12.28 23:07:39 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\hpqLog
[2013.09.15 13:45:03 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Identities
[2014.01.08 14:24:40 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Intel
[2013.09.28 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\IrfanView
[2013.10.24 08:28:19 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Jurecek Radek
[2014.01.08 08:06:22 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Macromedia
[2013.11.18 10:03:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Malwarebytes
[2009.07.14 16:36:31 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Media Center Programs
[2014.01.08 08:06:22 | 000,000,000 | --SD | M] -- C:\Users\Honza\AppData\Roaming\Microsoft
[2013.12.22 12:05:03 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Mikrotik
[2013.12.30 22:37:26 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Mobile Atlas Creator
[2013.11.10 08:46:00 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Mozilla
[2013.09.15 18:20:17 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Philipp Winterberg
[2014.01.08 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\PSpad
[2013.11.06 10:59:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Skype
[2013.10.04 09:04:34 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\TeamViewer
[2014.01.13 17:41:46 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\vlc
[2013.12.22 12:14:32 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\VMware
[2013.10.18 10:17:36 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Wireshark
[2013.12.21 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\YouTube Downloader

< %APPDATA%\*.exe /s >
[2013.10.24 08:28:14 | 000,709,138 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Jurecek Radek\RJ Tools\unins000.exe
[2013.09.15 15:22:38 | 000,010,134 | R--- | M] () -- C:\Users\Honza\AppData\Roaming\Microsoft\Installer\{A02153E8-8DF8-42E6-B7BF-D88EEA33565F}\ARPPRODUCTICON.exe
[2013.12.28 18:00:02 | 000,119,808 | R--- | M] () -- C:\Users\Honza\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014.01.13 13:58:00 | 000,000,946 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.01.13 19:58:00 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ceef5d72b20ab0.job
[2014.01.13 18:50:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000Core.job
[2014.01.13 19:50:00 | 000,000,962 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000UA1ceeb987bf4d477.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.01.13 08:15:53 | 000,000,018 | ---- | M] () -- C:\Windows\system32\log.txt

< %SYSTEMDRIVE%\*.exe >

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2013.04.03 15:08:12 | 000,000,077 | ---- | M] () -- \Dokumenty\skola\moralka-prace\fleshka---zaloha\odvirovani\VT_Uploader.txt
[2013.03.27 20:31:30 | 000,083,968 | ---- | M] () -- \Dokumenty\skola\moralka-prace\fleshka---zaloha\odvirovani\VT_UploaderZ.exe
[2013.02.16 15:22:20 | 000,905,728 | ---- | M] () -- \downloads_prebrat\SRDownloader.exe
[2013.03.21 22:20:40 | 007,827,872 | ---- | M] () -- \downloads_prebrat\VideoDownloaderInstaller.exe
[2012.07.06 22:42:26 | 000,019,422 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\backend\src\config\configTransformer\Loader.java
[2012.07.06 22:42:26 | 000,000,485 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\backend\src\config\configTransformer\LoaderException.java
[2012.07.06 22:42:26 | 000,003,268 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\backend\src\telnetd\util\PropertiesLoader.java
[2012.07.06 22:42:20 | 000,004,593 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\frontend\src\psimulator\dataLayer\language\LanguageLoader.java
[2012.07.06 22:42:21 | 000,001,836 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\frontend\src\psimulator\dataLayer\Singletons\ImageFactory\BufferedImageLoader.java
[2012.07.06 22:42:15 | 000,007,016 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\swingTelnet\de\mud\jta\PluginLoader.java
[2012.07.06 22:42:16 | 000,017,448 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\swingTelnet\doc\source\de\mud\jta\PluginLoader.html
[2012.07.06 22:42:17 | 000,007,426 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\swingTelnet\doc\source\de\mud\jta\class-use\PluginLoader.html

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2013.10.13 20:49:36 | 000,001,743 | ---- | M] () -- \Download\jquery-ui-1.10.3.custom\jquery-ui-1.10.3.custom\development-bundle\demos\selectable\serialize.html
[2012.07.06 22:42:14 | 000,000,827 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\shared\Serializer\AbstractNetworkSerializer.java
[2012.07.06 22:42:14 | 000,003,689 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\shared\Serializer\NetworkModelSerializer.java
[2012.07.06 22:42:14 | 000,003,125 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\shared\Serializer\NetworkModelSerializerXML.java
[2012.07.06 22:42:15 | 000,002,934 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\shared\SimulatorEvents\Serializer\SimulatorEventsSerializer.java
[2012.07.06 22:42:15 | 000,003,513 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\shared\SimulatorEvents\Serializer\SimulatorEventsSerializerXML.java
[2012.07.06 22:42:16 | 000,013,513 | ---- | M] () -- \downloads_prebrat\psimulator2_2012-05-16\src\swingTelnet\doc\source\serialized-form.html

< *w7lxe* /s >

< End of report >

[had12]

a druhý:

OTL Extras logfile created on: 13.1.2014 19:47:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Plocha
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,91 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 37,63% Memory free
7,82 Gb Paging File | 5,11 Gb Available in Paging File | 65,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 26,39 Gb Free Space | 45,12% Space Free | Partition Type: NTFS
Drive D: | 407,17 Gb Total Space | 88,30 Gb Free Space | 21,69% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 4,21 Gb Free Space | 0,90% Space Free | Partition Type: NTFS

Computer Name: HAD | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2163525019-3852196789-3982623038-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1735A61C-17C0-4192-BAF6-85B1EBE56E3D}" = rport=139 | protocol=6 | dir=out | app=system |
"{179A93E5-3662-4839-BDF9-F562BD4A161F}" = rport=138 | protocol=17 | dir=out | app=system |
"{3FF8E60B-1D44-4EED-B735-6E18AEB99089}" = lport=139 | protocol=6 | dir=in | app=system |
"{4EFB6431-8EA6-49CB-A083-853D4B82A8AF}" = lport=3306 | protocol=6 | dir=in | name=mysql server |
"{4F9962C1-5D11-4C57-ADA7-FA518D27A9C0}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A9FF505-9914-4943-B2F8-A5DA19A2EBD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8AFA6310-B939-4235-830D-6710F778E9E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D1C589C-0691-43B9-8D25-63E8B2B8EC80}" = lport=137 | protocol=17 | dir=in | app=system |
"{9EF5F9A4-37DD-437F-80FA-21B7FA1B80AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A71D979A-7221-4344-B73A-B3A5C080DBC0}" = rport=445 | protocol=6 | dir=out | app=system |
"{B847E08D-1098-464E-A63C-6CE89CE8BD75}" = lport=138 | protocol=17 | dir=in | app=system |
"{C0DB18BE-04D0-4ADE-A59F-2F5FA76FD1F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{C5840FCF-CE2E-4862-8F83-2646F1575361}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9010D9B-9232-4658-95C6-356CEDE487F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCC4EEF9-D3C2-4EE9-995C-77B8BF616FFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B68BDC-972E-46C4-A3D3-15852B61683B}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{1830253D-B791-4516-ACD0-0396AC30FB0E}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{1B4B50AE-ABF2-4057-9374-7FEB23E18E9C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{22CF003A-E3F9-4168-923B-D671E9210F35}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{230DA26C-794A-4AE3-BC26-01C291226789}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{385B6B83-8559-4200-BA8E-04FEF7360653}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{54E0581C-8E74-43B7-8520-F9CD00DB14D2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5A160BAA-3674-43EA-B4E9-5623C5627074}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{652D5FB6-E3D6-4B84-A61F-7865C9647F4F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6AFF9CFF-F63A-4E40-83AD-DF8B18659287}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{86801324-62DA-4978-952E-9E9CC17DF893}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8B12606F-01B5-4F52-92BE-F9212B08CAC8}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{9A8AD151-6633-4A8D-9123-F5FEF057D1A8}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{AED9F385-C357-4B2D-B7CA-39FDB477F53E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{B27C1C12-5909-4A75-A12A-08398C4DB2E7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B42DDB08-6B37-48F3-BFF9-48079FF6C961}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{CA270707-15F2-4454-97B8-CE383BCF2BFD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DAB8FB5D-62F3-46F9-A570-DB5DAA436905}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{E0A75C77-0314-46F9-BF06-A4E6AC2D43C0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{E8D29E9A-F019-4BB8-B4AF-808732F62498}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2010
"{94186311-E456-6757-02D9-8E6E0B54A38A}" = AMD Catalyst Install Manager
"{99D0C2CF-C95A-4EDD-9245-C213EDEFCDF2}" = MySQL Server 5.5
"{B1920A83-25A3-4DBB-B1F5-2395BD05370E}" = ESET Smart Security
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"GIMP-2_is1" = GIMP 2.8.6
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"Recuva" = Recuva
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"WhoCrashed_is1" = WhoCrashed 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1" = gpedt.msc 1.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B86600-BC3B-4D4E-8510-DF2E920C1957}" = calibre
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0015-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{2304F942-79D2-46F7-A512-269A7F5B7EFC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{A162C5E6-7778-4D5B-9F0A-38F0122DD859}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0405-1000-0000000FF1CE}_Office14.PROPLUSR_{AB90513B-B892-41B5-8F8B-1D356A449652}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-002C-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{8148DB19-71B1-4415-8B26-DF5B9E873FC3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{EEF3E2C0-135B-44DC-BEDD-7F01CFBEFF46}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91A29166-4E1B-4664-B70B-4C4A3B6B3372}" = Lenovo Screen Reading Optimizer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AlphaChess" = AlphaChess 3
"Astroburn Lite" = Astroburn Lite
"Audacity_is1" = Audacity 2.0.4
"DAEMON Tools Lite" = DAEMON Tools Lite
"Davar3" = Davar3 (remove all files)
"foobar2000" = foobar2000 v0.9.4.5
"FormatFactory" = FormatFactory 2.60
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"IrfanView" = IrfanView (remove only)
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"Mozilla Firefox 26.0 (x86 cs)" = Mozilla Firefox 26.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PSPad editor_is1" = PSPad editor
"RarZilla Free Unrar" = RarZilla Free Unrar
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.8
"VMware_Workstation" = VMware Workstation
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2163525019-3852196789-3982623038-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
"RJ Tools_is1" = RJ Tools

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8.1.2014 11:54:43 | Computer Name = had | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> AH00526:
Syntax error on line 244 of C:/server/apache/conf/httpd.conf: .

Error - 8.1.2014 11:54:43 | Computer Name = had | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> DocumentRoot
must be a directory .

Error - 8.1.2014 12:00:25 | Computer Name = had | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> AH00526:
Syntax error on line 244 of C:/server/apache/conf/httpd.conf: .

Error - 8.1.2014 12:00:25 | Computer Name = had | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> DocumentRoot
must be a directory .

Error - 8.1.2014 13:26:14 | Computer Name = had | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> AH00526:
Syntax error on line 244 of C:/server/apache/conf/httpd.conf: .

Error - 8.1.2014 13:26:14 | Computer Name = had | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> DocumentRoot
must be a directory .

Error - 12.1.2014 6:25:03 | Computer Name = had | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> AH00548:
NameVirtualHost has no effect and will be removed in the next release C:/server/apache/conf/extra/httpd-vhosts.conf:19
.

Error - 12.1.2014 13:06:24 | Computer Name = had | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> AH00548:
NameVirtualHost has no effect and will be removed in the next release C:/server/apache/conf/extra/httpd-vhosts.conf:19
.

Error - 13.1.2014 3:13:36 | Computer Name = had | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> AH00548:
NameVirtualHost has no effect and will be removed in the next release C:/server/apache/conf/extra/httpd-vhosts.conf:19
.

Error - 13.1.2014 3:13:36 | Computer Name = had | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> AH00558:
httpd.exe: Could not reliably determine the server's fully qualified domain name,
using ::1. Set the 'ServerName' directive globally to suppress this message
.

[ System Events ]
Error - 12.1.2014 9:46:35 | Computer Name = had | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 12.1.2014 9:52:20 | Computer Name = had | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 12.1.2014 9:52:40 | Computer Name = had | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 12.1.2014 10:01:59 | Computer Name = had | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 12.1.2014 12:49:29 | Computer Name = had | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 12.1.2014 12:49:29 | Computer Name = had | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 12.1.2014 12:51:32 | Computer Name = had | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 12.1.2014 13:05:14 | Computer Name = had | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 12.1.2014 15:56:41 | Computer Name = had | Source = DCOM | ID = 10010
Description =

Error - 13.1.2014 11:37:13 | Computer Name = had | Source = bowser | ID = 8003
Description =


< End of report >

[Márty84]

Vypnete antivir, at nebrani programu v praci.
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
gupdate
gupdatem

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1ceef5d72b20ab0.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000UA1ceeb987bf4d477.job

:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2163525019-3852196789-3982623038-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
[47 D:\Plocha\*.tmp files -> D:\Plocha\*.tmp -> ]
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[7 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] /64

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[had12]

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Honza
->Temp folder emptied: 2371 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19580499 bytes
->Google Chrome cache emptied: 338210902 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9784 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 75368 bytes
RecycleBin emptied: 2391612494 bytes

Total Files Cleaned = 2 622,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Honza
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA1ceef5d72b20ab0.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2163525019-3852196789-3982623038-1000UA1ceeb987bf4d477.job moved successfully.
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2163525019-3852196789-3982623038-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
D:\Plocha\~WRL0002.tmp deleted successfully.
D:\Plocha\~WRL0004.tmp deleted successfully.
D:\Plocha\~WRL0101.tmp deleted successfully.
D:\Plocha\~WRL0209.tmp deleted successfully.
D:\Plocha\~WRL0413.tmp deleted successfully.
D:\Plocha\~WRL0766.tmp deleted successfully.
D:\Plocha\~WRL0767.tmp deleted successfully.
D:\Plocha\~WRL0773.tmp deleted successfully.
D:\Plocha\~WRL0778.tmp deleted successfully.
D:\Plocha\~WRL1050.tmp deleted successfully.
D:\Plocha\~WRL1134.tmp deleted successfully.
D:\Plocha\~WRL1165.tmp deleted successfully.
D:\Plocha\~WRL1223.tmp deleted successfully.
D:\Plocha\~WRL1343.tmp deleted successfully.
D:\Plocha\~WRL1432.tmp deleted successfully.
D:\Plocha\~WRL1455.tmp deleted successfully.
D:\Plocha\~WRL1473.tmp deleted successfully.
D:\Plocha\~WRL1726.tmp deleted successfully.
D:\Plocha\~WRL1776.tmp deleted successfully.
D:\Plocha\~WRL1894.tmp deleted successfully.
D:\Plocha\~WRL1960.tmp deleted successfully.
D:\Plocha\~WRL2009.tmp deleted successfully.
D:\Plocha\~WRL2065.tmp deleted successfully.
D:\Plocha\~WRL2130.tmp deleted successfully.
D:\Plocha\~WRL2233.tmp deleted successfully.
D:\Plocha\~WRL2304.tmp deleted successfully.
D:\Plocha\~WRL2410.tmp deleted successfully.
D:\Plocha\~WRL2475.tmp deleted successfully.
D:\Plocha\~WRL2505.tmp deleted successfully.
D:\Plocha\~WRL2584.tmp deleted successfully.
D:\Plocha\~WRL2695.tmp deleted successfully.
D:\Plocha\~WRL2896.tmp deleted successfully.
D:\Plocha\~WRL2977.tmp deleted successfully.
D:\Plocha\~WRL3086.tmp deleted successfully.
D:\Plocha\~WRL3145.tmp deleted successfully.
D:\Plocha\~WRL3225.tmp deleted successfully.
D:\Plocha\~WRL3301.tmp deleted successfully.
D:\Plocha\~WRL3338.tmp deleted successfully.
D:\Plocha\~WRL3340.tmp deleted successfully.
D:\Plocha\~WRL3567.tmp deleted successfully.
D:\Plocha\~WRL3579.tmp deleted successfully.
D:\Plocha\~WRL3621.tmp deleted successfully.
D:\Plocha\~WRL3750.tmp deleted successfully.
D:\Plocha\~WRL3855.tmp deleted successfully.
D:\Plocha\~WRL3928.tmp deleted successfully.
D:\Plocha\~WRL4003.tmp deleted successfully.
D:\Plocha\~WRL4075.tmp deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\Temp\ib50CD.tmp deleted successfully.
C:\Windows\Temp\ib50CE.tmp deleted successfully.
C:\Windows\Temp\ib50CF.tmp deleted successfully.
C:\Windows\Temp\ib50EF.tmp deleted successfully.
C:\Windows\Temp\ib519C.tmp deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 01142014_112958

Files\Folders moved on Reboot...
C:\Users\Honza\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2256.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[had12]

zatím TFC a pokračuju dál...

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Honza
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 58110 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 58134706 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8390 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 165888 bytes
Process complete!

Total Files Cleaned = 56,00 mb