VIRY.CZ

ADWCleaner je rychly, tak ten kdyztak udelejte jeste dnes, pc by se mohlo trochu ulevit

Tak první:
# AdwCleaner v4.002 - Report created 29/10/2014 at 20:53:31
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : anetqua - ANETQUA-PC
# Running from : C:\Users\anetqua\Desktop\adwcleaner_4.002.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16448


-\\ Mozilla Firefox v


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [6933 octets] - [29/10/2014 19:16:08]
AdwCleaner[R1].txt - [6993 octets] - [29/10/2014 19:27:04]
AdwCleaner[R2].txt - [1434 octets] - [29/10/2014 19:43:24]
AdwCleaner[R3].txt - [1058 octets] - [29/10/2014 20:50:30]
AdwCleaner[S0].txt - [7221 octets] - [29/10/2014 19:33:27]
AdwCleaner[S1].txt - [1371 octets] - [29/10/2014 20:43:05]
AdwCleaner[S2].txt - [974 octets] - [29/10/2014 20:53:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1033 octets] ##########

No jo, ale vy jste to spustila vickrat a dala jste log az z toho posledniho, takze nevidim, co vsechno smazal. Ale to je fuk. Tak ted to OTLko a ctete pozorne a jedte presne podle navodu

Vy všechno poznáte Já to udělala víckrát protože jsem to omylem zavřela a pak už jsem nevěděla jak to najít ) A podle té cesty mi to nic nenašlo... Holt ženská no )

No neco malo poznam, delm to uz nejaky ten patek To nevadi, vsak to zvladnem

OTL logfile created on: 29.10.2014 20:57:44 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\anetqua\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,90 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 56,95% Memory free
5,80 Gb Paging File | 4,48 Gb Available in Paging File | 77,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,54 Gb Total Space | 375,43 Gb Free Space | 53,75% Space Free | Partition Type: NTFS
Drive E: | 1863,00 Gb Total Space | 863,51 Gb Free Space | 46,35% Space Free | Partition Type: NTFS

Computer Name: ANETQUA-PC | User Name: anetqua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.10.29 20:49:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\anetqua\Desktop\OTL (1).exe
PRC - [2014.10.22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014.10.01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014.10.01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014.10.01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014.07.14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014.07.14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013.06.07 15:51:02 | 000,774,680 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
PRC - [2013.01.22 13:55:12 | 000,456,696 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
PRC - [2012.09.13 14:24:48 | 001,009,288 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\szninstall.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014.10.22 05:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014.10.22 05:04:51 | 001,042,760 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014.10.22 05:04:49 | 000,211,272 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014.10.22 05:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2013.01.22 13:55:12 | 000,456,696 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2013.01.21 14:16:00 | 000,891,896 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
MOD - [2012.09.13 14:45:58 | 000,058,424 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\bin\libfoxloader.dll
MOD - [2012.09.13 14:24:48 | 001,009,288 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\szninstall.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\ \...\‮ﯹ๛\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\ \...\???\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\GoogleUpdate.exe <] -- (‮etadpug)
SRV - [2014.10.01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.10.01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.07.14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014.07.14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.14 12:43:00 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\anetqua\AppData\Local\Temp\7zS71DA\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2014.10.29 20:55:00 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014.10.01 11:11:24 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014.10.01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.08.22 11:36:14 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011.09.08 00:46:56 | 001,117,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKCU\..\SearchScopes\{2F1C6F00-11F4-43E1-BC03-EC4B5A22800A}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
IE - HKCU\..\SearchScopes\{39A7923A-7B4F-4B8F-BC38-A8890749BB8B}: "URL" = http://www.firmy.cz/phr/{searchTerms}?s ... arch_12454
IE - HKCU\..\SearchScopes\{508763A8-8E40-466B-A3BE-77CD27C5469C}: "URL" = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKCU\..\SearchScopes\{6796AE63-7C96-4F03-B909-F1AAD2DAC0DA}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_12454
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcs} ... arch_12454
IE - HKCU\..\SearchScopes\{8B08CBAF-8B26-431C-96D6-40086A53093C}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
IE - HKCU\..\SearchScopes\{ACC85DD2-0036-4C94-AF41-6758B5BD4B43}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
IE - HKCU\..\SearchScopes\{F7053CD9-0330-4FD9-AA53-D9D28BA8E267}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_12454
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bea614400-e918-4741-9a97-7a972ff7c30b%7D:2.5.15
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: File not found


[2013.04.10 11:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anetqua\AppData\Roaming\Mozilla\Extensions
[2014.10.29 19:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2013.12.07 19:25:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions
[2013.04.10 18:13:44 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2013.12.07 19:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions\staged

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: No name found = C:\Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlmdkpemkkigkgelegknllpmfclakkk\1.0.0.5_0\
CHR - Extension: No name found = C:\Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mncjblqSrv] C:\Windows\System32\mncjblq.vbe ()
O4 - HKLM..\Run: [mncyaaeciSrv] C:\Windows\System32\mncyaaeci.vbe ()
O4 - HKLM..\Run: [msiambgSrv] C:\Windows\inf\msiambg.vbe ()
O4 - HKLM..\Run: [MSStp] C:\Windows\inf\msstp.vbe ()
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [cz.seznam.software.autoupdate] C:\Users\anetqua\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKCU..\Run: [cz.seznam.software.szndesktop] C:\Users\anetqua\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found
O4 - HKCU..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe (ZONER software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3212083974 = 50 4B 03 04 C2 39 B7 F8 06 83 74 BF B5 11 00 00 00 40 00 00 E2 69 F6 3D 73 59 4F 62 02 C9 69 42 80 CC 96 A2 8B BD 63 51 6F E3 C2 D5 F7 A2 FF 87 AC 3A 99 0C 3E C3 B2 ED 7B 07 71 62 37 A0 DF B1 DF B6 51 F6 7E 31 CB 2E 76 49 F9 8D 5E 55 E9 B2 5B 1A 57 97 94 98 9B 17 6C 35 7B DC C1 12 26 BD 6E CB 7D E8 A6 3E A2 16 5F 6B 31 EA D6 B0 A2 A9 6A 6E 9D 04 B9 B3 9F 19 4E F5 2D 48 B0 88 D4 B6 59 7F 68 5A 70 FF 69 12 91 4F 86 D8 23 56 81 74 7D A2 6C FD 83 22 3D 3D 24 88 72 C5 10 95 48 46 34 EB F9 76 E4 59 5F 73 4B D3 5C AF 42 B3 8D CF 9E 87 8A F0 BE 0A 5E 84 B2 29 40 F7 21 E8 BB CD CB AA 3E 53 60 73 59 25 2D B1 6C 0D 6C 38 A1 42 26 1B B4 89 6D 12 A4 8C 00 6C C3 C2 1F DF 71 7C 15 5B 2A F0 37 5D 25 45 EE 28 6C 2A EC B2 95 52 06 EF 25 C8 2D C6 86 F7 EB 83 BB 30 72 E9 4E 1E 59 25 4B 11 A2 E3 62 8E 1D 98 E1 77 37 5B 54 E6 82 A1 C7 7F 98 6E 19 07 FF CB 78 4A CC AC B1 24 18 97 51 D7 EB BA FC 91 D3 A1 27 F1 34 A8 5E 27 F8 C2 01 D9 08 2F 62 1F 5F FF AC 09 D2 AA B9 4A 62 F9 0B D7 4D 6C 96 A8 DB 6D 42 E4 E9 83 16 44 9D 20 2A 4E 24 85 76 73 E2 A5 0B 7D FD 9D 5A F7 2A 21 A1 9A 92 2A CC 96 75 BA 93 3A 1C 6A D4 E0 A1 14 70 FB B8 2E ED 7A 79 C5 CA 2D BB 0B EC 5B 2B 43 BA A3 73 73 D3 EF 49 47 26 D7 CF 4A 4A A8 A3 D6 A5 C2 06 CE D4 91 48 C0 10 0B FA 96 B7 07 BE 91 B8 55 15 1D 8D A8 E0 72 3D D1 30 33 25 01 1B 39 51 C9 DF 7B 10 E9 B1 53 BC ED 98 37 6C 4D 75 17 F2 E0 E2 3A 98 69 14 B2 B0 F9 78 45 44 41 C4 7B 57 97 D9 24 CE 9C D1 86 D7 4D 30 80 99 EE 52 F2 26 E9 2D E6 B5 0E 4A 06 91 F7 5C FA 9C E7 33 49 4B 8C AF AE B4 BE 4C 65 F6 C9 DF FA 34 A3 C2 ED 9D 14 F5 84 41 64 BE 79 B7 A9 04 95 29 03 50 17 7B 03 AE FA 77 7F F5 19 B6 24 E3 C7 5C 21 92 60 AC 44 7B BA 9A 6D B5 6F 34 B3 40 A5 F7 58 37 FA B3 C3 38 31 A3 BC 39 C2 91 4A EB 87 A3 95 45 BD 7E D5 24 50 EB 7E 94 D5 38 0E 2B AB CE 3F 8E E6 E3 CD C9 D4 ED 54 D9 88 9D 9D BD 0D C8 79 CA A2 B1 21 04 8A 30 8A 7F 87 32 52 DA D2 4E A8 F8 91 1E A0 A3 B2 02 DE 93 0A 9F C8 82 CF 13 49 FF E2 29 01 6B 2E BF D7 82 1B 89 86 D3 1D EC CB C2 96 BA 54 FD 6D 86 4C 91 5F 1D 77 AC 07 34 D9 6F E0 BA 43 A6 69 FA B1 28 02 6C 7F 90 E9 E1 E0 A7 04 7F 5A 23 78 E4 DE 09 66 EB 6C 21 7B 34 83 19 4B 2B 21 A3 FA 8A 1C BE F1 D6 6A 3F C8 A5 C8 63 BC EA 61 57 98 1A 11 44 9B AE 33 57 F3 28 75 01 CB 9C 24 E0 AF B1 56 F5 DD FD 68 55 CD 8B 7B 43 FE AB D9 41 2C 1C 20 8B 5D E2 33 0C 46 9A 59 DE 5B 49 0C C0 6B FD 5A 49 00 CB 12 1E B9 67 BC 71 85 A9 F0 01 12 A5 B1 E8 D8 02 8C A0 2B 0F 2B 19 4A F0 3C C1 E1 72 B7 0C 9B 88 64 3E 3C 06 4B 54 06 CF 18 4A D9 EB A2 67 36 EF 6F EB 30 DA C8 BA 40 09 33 A3 2A 3C 03 23 0B D7 32 FC BE 16 C4 B3 BD CC 0B 50 16 16 CE 95 6D 96 8B 8D A6 8B 4A 9A 64 23 86 01 E8 1E 78 09 59 61 58 04 31 36 1A 4D D9 FE 96 3D 3C EB A5 C2 1B BA 41 6C 1C C9 D9 4B B8 42 C2 5B 2F D1 2C 8B F4 2C 35 94 82 72 96 5A 3F EC F6 E9 B9 2D 32 D7 E8 4A 40 2A 0B 62 14 A4 12 A2 34 27 E4 85 2C E6 07 FD 9F 7F F8 55 9B BB 96 A9 AE 57 7D F0 C1 9D 10 85 87 D3 72 47 0B E0 D3 E2 7E D6 1F EB 44 2C 2D 65 E5 5B AC 81 C2 78 6C F6 B8 37 EE BC 1B 5A F3 56 34 B2 9F D5 D9 63 47 B5 F9 C7 47 C8 A9 A8 3E 7C B3 C1 88 D9 04 2F 08 FB D4 ED EE BD 65 DE 7C 04 B2 75 B7 FD 74 06 7A 0A E3 03 37 52 AA 55 A4 5A 05 35 58 11 41 6E A4 A5 10 15 11 E9 93 05 B7 00 BD 44 74 2C BD 6A 92 72 B5 CF 40 01 50 5C 40 57 86 6B 57 E4 DE 5E F0 EE 9F 88 B4 19 86 A8 01 19 C9 62 59 49 72 01 1F C0 C3 9B 4A 74 B7 47 47 F5 11 6D 89 6A 0E BC BB 43 87 68 56 72 89 9A F5 4B 80 AE 07 00 89 71 EA 1C 99 7A 89 8E 33 AA B7 69 E4 E5 2F BB EC 97 EB F1 99 CE 76 45 4B AD BD 4E AB 27 2F 1D 1C AA BB 3B 49 B3 AA FC 1E 67 D0 9E E8 FE B0 58 0E 41 4E B4 5F 3F 0C 25 FE 88 87 23 12 FE C2 34 1E 7A 61 00 B2 E0 4E D2 5F CE 13 A1 46 09 8D CE 98 44 6B 2F 38 75 EC B2 69 A8 86 79 56 98 61 9D 33 7D A6 12 F1 9B F8 D4 FE 30 28 E7 9A 26 54 81 28 D1 59 5A F0 BF 98 FF 32 0D C7 3D 87 3F 05 EB D0 7C 87 CA E2 8D F0 67 C0 0D E3 E5 3C C7 7E 80 1E 13 04 19 2C A7 BF 78 AB 28 DB 40 56 43 28 A1 08 F9 F0 DD D8 E1 B0 BA EC CF 16 BF 1D EB 3C C5 C4 B5 F5 14 0F 6B 8A 25 6E 91 28 C2 03 41 8A A3 D9 3E 3F 08 07 89 77 66 7D C0 2D 83 0B B6 86 9D E9 2F 29 A6 5A C6 D2 68 9D 0A 5A 90 88 7A 86 43 11 9D C9 A6 8B 5B 00 BD 59 D4 5D A9 D7 ED 5D AE 6E E6 DA 61 19 24 3F 77 F5 1B 26 32 00 F9 0A BB B6 1C CE 9A 95 17 81 EA 20 12 A2 C8 D7 20 09 06 43 9B 08 E7 E7 6C F9 C9 53 6B 2E 6B 56 0A FD 7C BA A5 04 47 91 EE 17 DE D4 5A DF D9 D3 59 DA C0 A9 F4 ED 15 BF 2C B2 EA 9B 12 B7 CB 11 B5 97 CF 2E 6E 75 0A 6C 63 6F E2 C4 B1 44 F6 FF 43 CC FF DD AE 78 7B E1 60 B0 A8 B4 28 2B 35 A6 AE EC E1 65 81 4E 95 CE 7A DB E4 16 EF 4E 51 86 0C B4 F5 D5 0A F2 A8 6A A4 EE 60 2A 30 AA 54 85 0E 0C B4 A3 8D C3 A1 C7 11 B5 D0 3B 6A 53 EE 10 2A C6 8E 55 3D 11 E5 FB 3D 0A 8E 0E F3 42 66 26 3C A4 A3 E0 B7 6C 55 A9 2F 75 F9 21 CD 61 A5 36 3E 5D B7 73 78 74 D5 7C 65 3D 63 45 72 60 B6 7B 1D F3 30 82 7B 29 21 C2 9F DA 00 45 BB E7 40 4E 40 98 50 39 F7 DB 15 3F 52 B2 C9 41 A5 6E 92 2D CF B6 0B 89 DB EE 32 7E D6 F5 C1 E4 38 27 0F 76 6A 6E D1 73 0F C5 81 A4 AE BC FE 3B 77 26 B2 7D 6B 09 2C F5 A0 B6 95 41 96 CB 4C C2 78 8B 87 22 33 8E E1 89 D9 E2 26 92 59 5F 0D 5B 33 3B 0F 71 5C B8 D9 4A 08 AF B6 31 DB B1 BE 79 A7 73 E8 F1 A4 EA F7 22 0C 24 22 2D DA 43 1B 91 D9 17 5D FA 0C 6A E8 1E 8C 4C 87 9D 64 44 6C F5 6F AE FE 14 87 CA 67 39 A7 76 AE E4 2E F8 BE 40 A6 12 F9 5C DE 3B 1F EE AC 1E 1E 41 A2 4C 92 ED 8B 01 52 E2 47 23 9E 5A 8B C9 03 67 9C A8 C7 B9 46 59 AD 5B 1D 10 55 1F 46 0D 92 4F B6 08 82 FC 90 50 8C 37 23 42 0F 86 F4 CF 10 03 87 E8 08 13 3C C4 29 88 3C 0E 3A CE 91 65 1C 07 5C D1 9D 10 6E 0B 43 7B 03 63 04 8C A1 FE AA F9 29 B8 7A ED 90 AF DE 28 1E DC A0 FA 0C C7 B5 A7 F0 38 07 FA 5A C4 1B 1E D7 31 30 EA C1 11 7C 63 1C 18 18 14 2F 24 D4 20 F6 77 6C B5 3D 4D 03 26 B9 FC 30 08 C3 CA 03 FC 64 9D 87 D3 7F A6 17 B7 4F 28 65 C7 52 98 BE D5 4B 7D 8D C6 76 E2 21 03 74 D8 BF 19 4A E2 FE DA 62 B4 79 89 33 C7 64 CC DD F8 45 33 07 21 FC 21 E6 8C 06 95 CA 73 28 51 03 E2 2A E6 8D A4 40 32 6D FE F9 A8 0D 17 D0 A7 C3 F9 20 E7 B0 AA 80 6E E9 B7 54 9E D9 87 8B 6C FB 50 5A C6 9E 8E 8D 3C FA 71 86 75 76 4C FB 03 86 1D 32 AF AA E1 D9 18 BE 87 F6 A9 AC 0D 81 5C 57 AD 3E 16 7D 64 2F 5F CD DC 25 D4 BA 3A C3 E6 7C 26 A4 DE AA 17 79 7B 3C 06 54 F2 71 EA AA 44 2A 71 CB E1 93 72 AD CB DE 3D F8 B3 FE 49 1E 5A 76 A7 9D 12 91 A0 DE 31 7F FB F9 27 F4 27 82 FA 48 27 0F 2C 96 95 63 B1 83 A4 B0 11 2F 34 97 DD 3C 2A 42 3E C8 34 98 BD BA AC 92 89 10 A9 FB 7F E5 78 8E 45 4C 02 7A 28 F4 A9 1A F2 BF 09 E2 61 F8 5B 0E EE 4F 79 29 E6 3C 40 62 49 6C B0 95 34 BB 6D 03 FF 69 ED 29 15 D0 EA 21 5B 4F B3 D1 04 4E 86 EB 87 DF B4 89 8B CB D5 0E 5C 4D DF BD B8 3B 94 10 E1 AD F9 14 46 C4 3C 95 9E 0E 34 1D 67 A5 A7 EF 87 12 58 6D E3 B8 B9 C5 B6 F8 0F 42 F2 35 BF 68 90 0E BF E6 30 4B B0 D9 F6 74 08 B7 62 01 EC 26 18 0B 4B D7 65 00 DE 4F 0D F8 6D F4 A0 63 AE CE CC A6 9D DF 8A 16 2B 67 A4 B9 80 0F A7 57 0D 5B 55 1A C2 70 3A DC 0F FC ED 00 65 0A 96 CD 81 EC 41 87 B9 0C 6B 21 40 CE 99 C1 93 7C 40 58 7E A7 28 99 89 7E 62 81 15 BC AB 73 B3 D9 F4 25 86 0B 10 9A 67 34 7B 8A 12 1F 65 D0 96 8D 56 A3 DD E6 B8 17 1C EA 61 B0 8A E5 68 B9 D0 3C 39 89 77 CE 86 F7 50 55 23 0E F3 70 CA BF 67 C9 CF 97 C3 22 37 19 55 54 03 F3 E0 BD 2A F0 E1 E8 74 2D EC B0 5F AD B0 22 7F 15 D4 0E E2 D6 DC 5A 49 FE 1E 6B C9 E6 CE DD E7 42 94 C3 BB 6F D5 C5 FE DF AD 67 2D F1 DF FD 21 9B D8 BC 1E C3 91 58 EA B5 07 99 87 55 F5 53 44 1D 01 CD 26 A5 50 1F 6F B2 DB 4F 35 97 51 0F 85 B9 3A 54 25 14 C8 01 3E ED BB FC 91 3D CC E8 B2 0A 57 59 66 5B DF D9 91 9E B2 2A 89 16 3D 86 56 38 6D 85 7C 5B FC 7C 24 1C 1D 72 6C D9 4A B0 F9 2D 5B 0F EF CF 1D 4A BD D2 6F BC 6C 17 A4 CC AC F2 D3 1E 5E 71 30 59 DE 93 C5 9D 3B 8D 3E 8D 03 B5 D6 63 F9 DF AD B0 3E 09 3C B8 4F CF 50 0A 1F 0E 2E 5B A1 C9 D8 1D B1 2C C7 99 C6 53 9A F0 CC 35 68 2D 95 CB 78 9C 74 5A 45 2B D8 B3 8E 6C F0 8E 05 79 DA 1A B4 3A D0 85 8D 03 05 F9 61 B1 5A 79 C1 09 0F 48 67 04 0E A2 BD 36 CF 65 12 AA B4 4C E5 A1 09 8E FE 03 91 34 F2 3B F0 57 77 7F EF 3E 68 E4 58 27 B0 48 79 24 CA D4 E5 F0 B1 C3 B4 F5 A0 E3 85 3B 39 64 0E B0 78 2D 78 88 8F E9 2C 3B 68 62 4E 84 FF 6A 5E DE D8 7B E6 2D 34 CE 85 8F 34 E5 FF FB BA 75 F0 14 DF 0F 64 89 88 B5 1A 72 DE 1F F5 4D 5C 7A 4B 8E CB 10 C5 E9 EF 51 DE 98 C0 1E F8 C4 06 F9 82 4A 0C 15 A2 9E 16 B5 A5 3E 36 43 B0 06 5A 42 63 EC AE 50 D2 CB 97 6D 3D 2E A6 25 5A 65 F1 C6 CC 86 16 7F 17 84 A2 7B 83 20 37 DB 4C E1 E2 62 47 53 34 F3 B2 43 0F 86 C7 A2 44 56 EE A8 2A B6 78 AB A9 1B B4 C0 CC 82 C8 77 B8 0B 6D 35 74 00 72 57 27 2C 3E 12 6C 17 A8 B3 6A A8 AA 94 31 FF 01 BF 65 8F 82 D8 15 3E DD EA 68 04 CD C5 64 A3 F5 E9 96 7B 08 FE EB 82 3D 3D B9 35 6A 4A CD D8 0E 88 3C A5 8A 1C 66 1D 01 D1 45 F8 0A 3A B6 7E 80 36 C0 BA E1 BB 7B C4 32 04 EB 0C F3 82 14 BC 74 A9 AE F0 36 A3 1D 5A 9C 55 2D 93 A2 5C 0E 84 05 7B CE 54 37 B1 63 46 80 D0 4A 77 47 2D 63 14 32 D2 BA A7 A3 AC D6 42 20 EF CF 9E 78 48 F8 FD 98 01 BE F7 56 1A 47 0A 18 22 03 21 60 EB 59 ED C0 F9 77 88 2D CE 4F B2 87 2D 89 D2 7F F0 76 DB A7 4A 96 72 F8 69 09 95 65 79 C2 88 53 FA 8D E7 00 2C C8 45 8D 09 25 6D 42 A3 9F 1A 4B DB 6B 56 D3 6D 51 48 8E 73 68 68 6E 54 C1 BB BF FF 48 88 4E 0D 53 6B E3 62 E5 9B D7 F1 83 29 A4 B8 2A ED 39 6E 4F 92 86 5F 59 4D 0D A3 8F 7C AC E7 A4 60 3A F6 0C 1A 53 BD FD 19 47 60 94 AA C6 E4 A8 F3 1F C1 25 7D 48 D0 3B B0 EF 51 5D 84 60 B9 44 15 32 C8 B5 04 3D 05 31 D5 88 1A DB 6D 99 7B B1 84 FD 8C AF 4D 8E 6C 75 9C 3F 71 43 B9 E3 2B C7 A0 EC 62 34 B6 8A DF 41 11 CA 1D 13 67 21 43 8E 5E 6D 71 25 D4 80 CE 98 2D 84 AE A7 70 3B 40 10 CD 27 86 7D 6D DC 5E 0C 97 03 85 19 6F 02 0E 48 ED DB 24 C5 69 72 F9 E6 1E 6C C2 9C 17 12 55 15 83 82 8F 89 95 34 AA CF FF C6 6F 99 99 9E A2 BA 27 31 D5 2A 7F D2 FA 26 2A 22 B0 75 DA 52 A5 AA 58 F5 B4 1A A9 CD C9 18 14 06 71 7F 3F 75 E7 C4 75 09 01 21 96 68 38 12 52 36 E4 DC 62 91 AE 38 74 96 8E 82 08 B9 83 AA DB 03 CA 60 AC D9 35 E6 DA 1B 82 94 07 F7 0A 77 34 0E 44 39 F2 2F DC 2F C4 21 8D E0 F2 5D 2F 88 6C 0A AE B6 93 C2 B2 3D B0 EA B9 95 3B F8 06 C2 17 3E 0B C9 D0 D7 EF 0E 76 37 75 BC 14 32 FF 48 D6 03 5B 12 14 29 4C 81 B7 1C D9 8C 42 83 10 14 09 0C D9 9C B7 49 29 AE 85 3F 88 13 2E 55 91 04 D4 FE A9 8A D4 0F 17 DA 41 00 A9 09 A6 98 1B AD 9E FB 24 0A 79 52 09 27 AA 12 23 2A 56 F4 D8 89 3B FF 92 BF C2 BD 42 CF 3D C0 9B DC 48 4D FD BA 3A 10 C6 09 18 61 04 CE 33 E3 02 4F 44 00 0B E3 48 14 FF 5D C9 87 2D 44 B4 15 7F B3 A6 65 5B 98 5F 6C C5 EF 45 86 F2 AB FE E1 2D CB DB 90 18 1B 39 6F 95 FE 32 13 F0 94 D1 F3 DD 3D 7F ED 80 0F 4E D2 12 90 F6 13 B6 20 48 E0 FC 1F 13 28 D9 F8 7A 56 53 B4 89 D3 6F 72 7B E9 D7 55 52 3D EF 04 72 F1 C1 D5 AC 90 EE 66 53 79 FF 39 D0 6E 86 3C 24 48 90 F5 33 3A 0B 89 B9 20 22 C1 A8 19 80 29 FE 5F 8C 20 3B 3D D2 11 D4 39 89 58 EE 19 01 08 DD 50 B7 85 0E 20 D8 AB E2 B9 27 D5 3D 28 F3 B8 CA 26 BE 81 BC 6B 83 C0 E2 B3 B1 DD A2 80 66 C6 38 60 CE A8 9D F8 27 08 EF 21 D4 D3 6B 84 66 3E 87 B4 38 5A 3E 37 BD 3F F1 EB 2B F6 41 84 C4 47 23 49 06 69 AF 4D A0 92 D4 5B A2 1A 56 9A 35 2E 51 3D 9A 9B 43 E9 CD 4B 81 20 55 82 26 26 EF C5 5F 95 00 09 23 2B 8B 3B B2 D6 3D 44 A8 B0 BD 9B D4 E8 4C 5A 72 44 96 A2 32 6F 63 C9 7D BC B2 35 36 6E C0 CF 60 96 B5 F4 98 8D 07 3C 34 BD 3A 08 41 30 CE A8 D6 EE 22 E5 42 B4 11 C1 E1 85 99 66 7B 3F D6 DD E0 66 9A D8 2C 85 A1 C1 0C A5 86 22 13 CB 1B B2 77 E6 C4 F6 56 4F 20 A9 BC EA 1B 48 17 05 04 C4 72 35 D7 8E D0 A0 44 19 87 C8 C1 7D 90 D7 B5 6C F4 87 C4 67 33 BA 4A 68 48 FE C4 2B 97 CE 40 48 F3 C6 D9 C4 93 32 2F 05 2E F9 3F 02 F1 42 B3 94 0A 10 92 1B D1 5C 91 1E 7A 97 AA 4A 20 DC 38 3C 62 CD 28 8D 25 2B A9 37 B3 F6 07 61 E6 65 35 68 A0 12 41 BB 57 36 64 DE 04 81 1C F3 F5 9B 4C 2D 7E 8A 6C 55 DA 16 F4 68 38 34 56 AA 75 16 97 69 73 97 C2 A5 E5 AB FA 0F 10 99 D8 04 47 D4 9D A5 09 AA 13 47 F3 94 3E E9 BA A1 FD AD 2A 0E 69 41 0B 34 25 3A D4 99 12 82 D0 E9 52 26 0F 52 AB 9F 02 A3 D0 0B 37 09 8C F6 03 54 42 4F 86 20 66 E4 5E 92 AC 47 5C 99 A0 0E 73 80 76 6E 58 9A BF 66 27 16 19 14 27 95 CF 7A 7F BD 13 8A 6C C5 BD 7E 13 51 22 34 1D 1F 06 EB 5B 43 6C 59 BE 0A DE DC 71 BC 03 D7 C6 3C 16 75 1A D5 6C 69 E3 6D EC FE 9E 82 14 C7 19 FC DF 2E 9F E2 DC 97 1F 03 C1 C2 AD 6B 6D 36 8F E8 B1 1D 03 89 65 0C 73 D1 C7 E7 37 08 14 5F A0 59 92 A1 50 E6 A9 09 65 6E A7 86 E2 44 BD F1 CD 71 F4 B0 FD 05 B1 33 5D 70 31 82 FF A9 D9 6C 99 10 82 97 B1 FE 32 7A 83 BF 4F 69 D2 A9 C3 D1 EB 73 A9 DD 8C EE 2B 32 20 90 4A C3 10 11 FD 64 07 A5 BA 42 7F AC B4 62 27 FD ED B1 3D 1C A6 44 3D ED 3D C3 B6 CF 06 A5 9D C9 B9 22 6F BF 35 73 34 AB F5 84 12 60 5F D2 06 E7 B6 12 5F A1 9E 5D 68 F7 57 83 FA 08 20 5B 05 C0 A1 2D 18 30 06 83 17 F6 10 59 58 C4 EB 37 BC B1 BE AE 6A 40 1C 26 76 41 AA 58 27 4A 41 0D 76 B4 D2 A0 3E 41 80 20 86 9B 68 86 BB 81 96 47 61 B3 FC D8 EA 68 05 0A D6 CF F9 96 49 CD E8 FA 53 F0 4B 0C 96 E2 71 C0 B0 92 E2 4D 81 EA 2D 72 37 75 79 9E 71 3E A9 DA 69 67 EF 57 AA AF E1 C6 73 2F 2F 04 75 56 02 7F 02 1C 65 FC 20 C1 C3 BC B3 92 AC F8 FF 7A 9E 14 D9 72 8A 5A AA CD 25 5F C3 86 6B 04 1E 9C 96 DC F5 92 08 3D 78 C9 E4 05 DD D7 99 1D 2E 25 36 D2 EB 1B A0 F0 EC E3 DF B6 A3 4C 26 65 CF AC 2D 18 50 FD 47 8F 61 7F DD 4E 9D D4 49 2C 55 3B D3 75 CF D3 3F 47 44 D6 42 00 6F 3A 52 16 A1 FF 7D 73 64 3E D7 51 CA EC DF DC B5 62 47 AA 2F 66 FB CB 83 15 DA AA 86 00 6A 99 E0 35 0A 72 D5 D5 26 0D 6B B7 7A C5 3C DD 7A BA CB 85 95 86 C2 79 B7 FA CD F0 76 C9 22 AC 27 F3 E9 07 FB 3B 4E C9 77 CA 63 4A 28 DF 06 41 62 16 52 22 DC CE 67 4D AB 60 A4 E9 D4 8E 7F CE A2 67 AB B1 F8 E0 A2 01 2A A6 DB 53 2A 4C E7 4F BA F5 83 E2 C2 92 FA 1B 56 BE 58 5D 14 EE 07 3C DA FE 3F C0 C1 90 50 E6 98 EC 41 B9 D2 7F 5D B4 1A 77 92 08 11 8A 5D 3F 8F 74 33 3B 2A D2 FE 3C EE 27 3B BF EA 48 5E AD 81 7E FF ED F1 26 0C 1A 12 50 70 58 9B 6F 0F 31 98 4E D4 98 CB D2 73 E8 4A 71 8F 54 C8 2C BC 27 47 E6 78 F8 43 7D DE 23 C9 EA 3C 87 78 23 03 4B 7C 70 73 1C 2D 01 CC 09 D1 1D 33 64 E7 94 5B 64 80 B9 B4 16 AC B5 4C D1 19 4B 46 C6 D2 E1 47 61 9A C1 C1 FA 91 5A F8 0A 50 98 64 72 47 EB CF 04 49 63 4F 69 C9 6A FC 74 0B CE 61 99 32 28 18 3D 98 D0 F8 54 06 D8 FF D9 34 [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.254 10.0.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74002344-1745-420F-B17C-011C88F63E9D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78C67ABF-0237-4E33-97EB-930DD91E3F39}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8F2CF52-17B5-40B7-BDEB-3173E8832485}: DhcpNameServer = 192.168.200.254 10.0.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEA06DB5-6F74-4ED1-A081-1EE718B850FE}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.02.23 10:07:48 | 000,000,182 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{25807173-8b4d-11e3-9f7d-002713cdd4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{25807173-8b4d-11e3-9f7d-002713cdd4cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{975cab3b-0b87-11e2-b402-002713cdd4cd}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.10.29 20:49:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\anetqua\Desktop\OTL (1).exe
[2014.10.29 19:16:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.10.28 11:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.10.28 11:14:52 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.10.28 11:14:51 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.10.28 11:14:51 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.10.28 11:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014.10.20 19:05:24 | 000,000,000 | ---D | C] -- C:\Users\anetqua\Desktop\recepty
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.10.29 21:03:30 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.10.29 20:59:50 | 000,625,936 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014.10.29 20:59:50 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.10.29 20:59:50 | 000,120,008 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014.10.29 20:59:50 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.10.29 20:59:48 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.10.29 20:59:48 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.10.29 20:57:38 | 000,000,003 | ---- | M] () -- C:\Users\anetqua\stut
[2014.10.29 20:55:15 | 000,001,994 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 5520 series (Copy 1).lnk
[2014.10.29 20:55:00 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014.10.29 20:54:59 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.10.29 20:54:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.10.29 20:54:27 | 2337,484,800 | -HS- | M] () -- C:\hiberfil.sys
[2014.10.29 20:49:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\anetqua\Desktop\OTL (1).exe
[2014.10.29 20:45:47 | 000,000,062 | ---- | M] () -- C:\Users\anetqua\rgut
[2014.10.29 20:32:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.10.29 20:23:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.10.29 19:14:54 | 001,998,336 | ---- | M] () -- C:\Users\anetqua\Desktop\adwcleaner_4.002.exe
[2014.10.28 15:52:58 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.10.28 11:15:00 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.10.01 11:11:24 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.10.01 11:11:14 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.10.01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.10.29 21:03:30 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.10.29 19:14:47 | 001,998,336 | ---- | C] () -- C:\Users\anetqua\Desktop\adwcleaner_4.002.exe
[2014.10.28 11:15:00 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.06.17 10:47:59 | 000,020,480 | ---- | C] () -- C:\Users\anetqua\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.05.11 20:35:10 | 000,000,218 | ---- | C] () -- C:\Users\anetqua\.recently-used.xbel
[2014.03.25 20:34:18 | 000,972,814 | --S- | C] () -- C:\Windows\System32\dcgmncyaaeci.exe
[2014.03.25 20:34:17 | 010,236,928 | --S- | C] () -- C:\Windows\System32\acumncyaaeci.exe
[2014.03.17 19:25:48 | 000,000,003 | ---- | C] () -- C:\Users\anetqua\stut
[2014.03.17 19:23:44 | 000,000,062 | ---- | C] () -- C:\Users\anetqua\rgut
[2014.03.17 17:38:44 | 000,972,814 | --S- | C] () -- C:\Windows\System32\dcgmncjblq.exe
[2014.03.17 17:38:43 | 010,236,928 | --S- | C] () -- C:\Windows\System32\acumncjblq.exe
[2014.03.17 17:38:43 | 000,192,512 | --S- | C] () -- C:\Windows\System32\libidn-11.dll
[2014.03.17 17:38:43 | 000,133,632 | --S- | C] () -- C:\Windows\System32\librtmp.dll
[2014.03.17 17:38:43 | 000,100,864 | --S- | C] () -- C:\Windows\System32\zlib1.dll
[2014.03.17 17:38:42 | 000,538,126 | --S- | C] () -- C:\Windows\System32\libcurl-4.dll
[2013.09.04 16:02:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.07.04 07:45:28 | 000,000,132 | ---- | C] () -- C:\Users\anetqua\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2013.04.15 23:38:19 | 000,000,368 | ---- | C] () -- C:\Users\anetqua\.jalbum-sharing.xml

========== ZeroAccess Check ==========

[2013.04.10 15:55:58 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB48746$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9Z78MWQM\t.cxt.ms\lso.swf\u.sol
[2012.11.02 15:18:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-3333944425-1612272945-1818888091-1000\$RL40BEU\___Psi\SBT\Fotosraz 6_10\L.Mikyskova
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014.06.17 10:39:20 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\AnvSoft
[2012.09.25 07:03:24 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Ashampoo
[2013.09.10 16:26:17 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\AVG2013
[2014.03.24 18:35:47 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\BSplayer
[2012.09.28 17:01:57 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\BSplayer Pro
[2013.02.15 13:32:15 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014.03.24 09:36:55 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\DAEMON Tools Lite
[2012.10.03 09:01:56 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\GHISLER
[2012.11.10 09:44:01 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\GO Games
[2013.05.02 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\jAlbum
[2012.09.16 19:06:38 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Opera
[2014.07.23 15:54:55 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\SeaApple
[2014.10.29 21:00:12 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Seznam.cz
[2014.07.23 15:55:34 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Software Informer
[2013.12.08 12:03:53 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.05.18 08:58:02 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\TeamViewer
[2013.08.28 10:05:27 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\TuneUp Software
[2014.01.08 16:46:21 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Zoner
[2014.03.20 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\{28a8f263-0a12-e7e9-4337-e12c28a8f263}

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 05:53:46 | 000,032,548 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013.04.15 12:44:29 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.04.15 21:30:14 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.04.15 21:30:16 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\f2f739a8d939cb0fdc769a3446af420a\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\SoftwareDistribution\Download\f2f739a8d939cb0fdc769a3446af420a\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SoftwareDistribution\Download\f2f739a8d939cb0fdc769a3446af420a\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\f2f739a8d939cb0fdc769a3446af420a\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2011.11.17 08:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\SoftwareDistribution\Download\58ed98c2fe59878703e028563a2637f4\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2011.11.17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\SoftwareDistribution\Download\58ed98c2fe59878703e028563a2637f4\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011.11.17 06:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\SoftwareDistribution\Download\58ed98c2fe59878703e028563a2637f4\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2011.11.17 06:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\SoftwareDistribution\Download\58ed98c2fe59878703e028563a2637f4\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014.10.01 11:09:16 | 000,761,656 | ---- | M] (MalwareBytes) MD5=C0AFB3C7E6C7CA3F6E42FF242BBBCB1F -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 05:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.04.25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2011.04.25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011.04.25 05:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014.10.01 11:09:16 | 000,761,656 | ---- | M] (MalwareBytes) MD5=C0AFB3C7E6C7CA3F6E42FF242BBBCB1F -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\04edea0e898ff8f83bd8f66c447c353c\*.tmp files -> C:\Windows\SoftwareDistribution\Download\04edea0e898ff8f83bd8f66c447c353c\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\04f916c5ef03037217eb8604680bc44b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\04f916c5ef03037217eb8604680bc44b\*.tmp -> ]
[36 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\avg_a09956\ProgData\*.tmp files -> C:\Windows\Temp\avg_a09956\ProgData\*.tmp -> ]
[1 C:\Windows\Temp\avg_a09956\ProgFiles\AVG Secure Search\*.tmp files -> C:\Windows\Temp\avg_a09956\ProgFiles\AVG Secure Search\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.06.15 17:24:16 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Adobe
[2013.12.08 12:03:54 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Adobe Mini Bridge CS5.1
[2014.06.17 10:39:20 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\AnvSoft
[2012.09.25 07:03:24 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Ashampoo
[2013.09.10 16:26:17 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\AVG2013
[2014.03.24 18:35:47 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\BSplayer
[2012.09.28 17:01:57 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\BSplayer Pro
[2013.02.15 13:32:15 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014.03.24 09:36:55 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\DAEMON Tools Lite
[2012.10.03 09:01:56 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\GHISLER
[2012.11.10 09:44:01 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\GO Games
[2013.09.04 16:04:16 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\HpUpdate
[2012.09.16 15:21:10 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Identities
[2013.05.02 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\jAlbum
[2012.09.21 08:23:50 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Macromedia
[2013.08.28 16:38:14 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Malwarebytes
[2009.07.14 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Media Center Programs
[2014.03.23 19:16:46 | 000,000,000 | --SD | M] -- C:\Users\anetqua\AppData\Roaming\Microsoft
[2013.04.10 11:14:11 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Mozilla
[2012.09.16 19:06:38 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Opera
[2014.07.23 15:54:55 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\SeaApple
[2014.10.29 21:00:12 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Seznam.cz
[2014.10.30 04:05:54 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Skype
[2014.07.23 15:55:34 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Software Informer
[2013.12.08 12:03:53 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.05.18 08:58:02 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\TeamViewer
[2013.08.28 10:05:27 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\TuneUp Software
[2014.06.28 19:23:03 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\WinRAR
[2014.01.08 16:46:21 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\Zoner
[2014.03.20 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\anetqua\AppData\Roaming\{28a8f263-0a12-e7e9-4337-e12c28a8f263}

< %APPDATA%\*.exe /s >
[2009.08.11 20:21:26 | 000,087,552 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 20:21:30 | 000,090,112 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 13:52:04 | 000,697,690 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 16:01:52 | 001,185,871 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 09:42:54 | 000,113,152 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 09:45:10 | 000,358,400 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 09:42:06 | 000,137,728 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 14:30:22 | 000,042,305 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2011.05.02 07:27:34 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\anetqua\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2014.03.23 19:16:46 | 000,010,134 | R--- | M] () -- C:\Users\anetqua\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2014.03.25 20:35:53 | 000,786,492 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Microsoft\Windows\Templates\cryptedcybertoirrent.exe
[2014.03.25 20:35:57 | 015,823,872 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Microsoft\Windows\Templates\Office 2010 Toolkit.exe
[2014.03.25 20:35:54 | 000,107,008 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe
[2012.09.13 14:24:48 | 001,009,288 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\szninstall.exe
[2012.09.14 13:06:28 | 002,515,592 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.02.13 15:16:08 | 000,942,080 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\bin\chromeUpdatePref.exe
[2013.02.04 14:53:30 | 000,055,808 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2013.01.22 13:55:12 | 000,456,696 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013.01.22 13:54:46 | 000,092,152 | ---- | M] () -- C:\Users\anetqua\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2014.10.30 04:05:41 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys

< %systemroot%\system32\*.* /3 >
[2014.10.29 20:59:48 | 000,014,192 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.10.29 20:59:48 | 000,014,192 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.10.29 20:59:50 | 000,120,008 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2014.10.29 20:59:50 | 000,104,412 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014.10.29 20:59:50 | 000,625,936 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2014.10.29 20:59:50 | 000,610,094 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014.10.29 20:59:50 | 001,454,084 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AdobeBridge" =
"cz.seznam.software.autoupdate" = "C:\Users\anetqua\AppData\Roaming\Seznam.cz\szninstall.exe" -c -- [2012.09.13 14:24:48 | 001,009,288 | ---- | M] ()
"cz.seznam.software.szndesktop" = "C:\Users\anetqua\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -- [2013.01.22 13:54:46 | 000,092,152 | ---- | M] ()
"Rainlendar2" = C:\Program Files\Rainlendar2\Rainlendar2.exe
"Google Update" = Reg Error: Value error. -- File not found
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2014.07.24 18:55:56 | 021,653,096 | R--- | M] (Skype Technologies S.A.)
"EA Core" = "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
"Zoner Photo Studio Autoupdate" = C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE -- [2013.06.07 15:51:02 | 000,774,680 | ---- | M] (ZONER software)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.10.29 21:03:30 | 000,000,512 | ---- | M] () MD5=C9202EDB26D666F995171C8576DC8F3F -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2420 \Users\anetqua\AppData\Local\Temp\*.tmp files -> \Users\anetqua\AppData\Local\Temp\*.tmp -> ]
[2014.03.22 07:54:00 | 006,586,527 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\Temp1_Adobe_Illustrator_CS5.1_CRACK.zip\Adobe_Illustrator_CS5.1_CRACK.exe
[2014.05.12 09:14:38 | 006,988,025 | ---- | M] () -- \Users\anetqua\Downloads\Adobe_Illustrator_CS5.1_CRACK.zip
[2013.08.19 21:28:34 | 003,143,148 | ---- | M] () -- \Users\anetqua\Downloads\Crack-na-age-of-empires-3.rar
[2012.09.17 21:48:04 | 1262,385,962 | ---- | M] () -- \Users\anetqua\Downloads\FULL-Adobe-Photoshop-CS5-+-100%-working-crack-&-ČEŠTINA-+-návod.rar
[2014.03.24 09:09:50 | 004,944,747 | ---- | M] () -- \Users\anetqua\Downloads\Simisims3-TS3-Domácí-Mazlíčci-Crack.rar
[2012.04.12 21:32:25 | 000,315,178 | ---- | M] () -- \Users\anetqua\Downloads\FULL Adobe Photoshop CS5 + 100% working crack & ČEŠTINA + návod\Adobe Photoshop CS5.1 - CRACK - 32bit&64bit\ADBE_CRACK - 32bit.rar
[2012.04.12 21:32:24 | 000,377,747 | ---- | M] () -- \Users\anetqua\Downloads\FULL Adobe Photoshop CS5 + 100% working crack & ČEŠTINA + návod\Adobe Photoshop CS5.1 - CRACK - 32bit&64bit\ADBE_CRACK - 64bit.rar
[2014.02.22 14:16:38 | 000,395,744 | ---- | M] () -- \Users\anetqua\Pictures\2014-upravene\BILLYSHOP\grafiky\pitbul\american-flag-cracked.jpg
[2011.01.14 17:31:04 | 000,000,156 | ---- | M] () -- \Users\Public\StarStableOnline\Data\Cracked_wall.pmt
[2013.04.02 15:52:50 | 000,005,753 | ---- | M] () -- \Users\Public\StarStableOnline\Data\Cracked_wall.pte
[2011.01.14 17:31:04 | 000,000,162 | ---- | M] () -- \Users\Public\StarStableOnline\Data\Cracked_wall_2.pmt
[2013.04.02 15:52:50 | 000,005,757 | ---- | M] () -- \Users\Public\StarStableOnline\Data\Cracked_wall_2.pte
[2013.01.15 19:00:20 | 000,000,186 | ---- | M] () -- \Users\Public\StarStableOnline\Data\CrackEffectTexture1.pmt
[2013.01.15 19:37:42 | 000,022,180 | ---- | M] () -- \Users\Public\StarStableOnline\Data\CrackEffectTexture1.pte
[2013.01.15 18:59:18 | 000,000,168 | ---- | M] () -- \Users\Public\StarStableOnline\Data\CrackTexture1.pmt
[2013.01.15 18:59:18 | 000,087,664 | ---- | M] () -- \Users\Public\StarStableOnline\Data\CrackTexture1.pte
[2013.01.15 19:15:16 | 000,000,168 | ---- | M] () -- \Users\Public\StarStableOnline\Data\CrackTexture2.pmt
[2013.08.22 10:44:14 | 000,087,644 | ---- | M] () -- \Users\Public\StarStableOnline\Data\CrackTexture2.pte
[2013.08.20 11:31:14 | 000,000,165 | ---- | M] () -- \Users\Public\StarStableOnline\Data\DialogIcon_PandorianCrack.pmt
[2013.08.20 11:31:14 | 000,065,797 | ---- | M] () -- \Users\Public\StarStableOnline\Data\DialogIcon_PandorianCrack.pte
[2011.12.26 18:12:42 | 000,152,882 | ---- | M] () -- \Users\Public\StarStableOnline\Data\Fireworks_Crackers.pso
[2013.07.12 13:53:42 | 000,006,303 | ---- | M] () -- \Users\Public\StarStableOnline\Data\FO_Cracks.pxo
[2013.01.15 18:59:18 | 000,054,639 | ---- | M] () -- \Users\Public\StarStableOnline\Data\MysticValleyCrack1.pme
[2013.01.15 19:37:42 | 000,001,005 | ---- | M] () -- \Users\Public\StarStableOnline\Data\MysticValleyCrack1_Effect.pme
[2013.01.15 19:05:58 | 000,030,143 | ---- | M] () -- \Users\Public\StarStableOnline\Data\MysticValleyCrack1_Effect2.pme
[2013.01.15 19:37:46 | 000,002,145 | ---- | M] () -- \Users\Public\StarStableOnline\Data\MysticValleyCrack1_Effect3.pme
[2013.08.22 10:44:14 | 000,075,055 | ---- | M] () -- \Users\Public\StarStableOnline\Data\MysticValleyCrack2.pme
[2013.07.12 13:28:20 | 000,004,133 | ---- | M] () -- \Users\Public\StarStableOnline\Data\MysticValleyCrack2_Lod.pme
[2013.01.15 19:23:48 | 000,004,955 | ---- | M] () -- \Users\Public\StarStableOnline\Data\MysticValleyCrack_Col.pco

< *keygen* /s >
[2014.03.25 20:35:20 | 000,001,623 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.lnk
[2014.03.25 20:35:20 | 000,001,623 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.lnk
[2014.03.25 20:32:46 | 019,189,530 | ---- | M] () -- \Users\anetqua\Downloads\Microsoft-Office-2010-Pro-Plus-x64-&-x86-Activator-and-Keygen.zip
[2014.03.25 20:33:38 | 018,806,257 | ---- | M] () -- \Users\anetqua\Downloads\office 2010 activator\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.exe

< *AntiWPA* /s >

< *loader* /s >
[2013.08.22 11:36:13 | 000,019,497 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif.vir
[2011.03.02 20:35:42 | 005,299,048 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\Photodownloader.exe
[2011.03.02 17:57:10 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2011.03.02 17:57:10 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2011.03.02 17:57:10 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\de_de\Photodownloader.ini
[2011.03.02 17:57:10 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\en_us\Photodownloader.ini
[2011.03.02 17:57:10 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\es_es\Photodownloader.ini
[2011.03.02 17:57:10 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2011.03.02 17:57:12 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2011.03.02 17:57:12 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\it_it\Photodownloader.ini
[2011.03.02 17:57:12 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2011.03.02 17:57:12 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2011.03.02 17:57:12 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2011.03.02 17:57:12 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\no_no\Photodownloader.ini
[2011.03.02 17:57:12 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2011.03.02 17:57:12 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2011.03.02 17:57:14 | 000,000,308 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2011.03.02 17:57:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2012.02.22 23:45:00 | 000,078,336 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop Lightroom 4\Support\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_BinaryLoader_4.4.3.dll
[2012.02.22 23:45:00 | 000,155,136 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop Lightroom 4\Support\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader2_4.4.3.dll
[2012.02.22 23:45:00 | 000,117,248 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop Lightroom 4\Support\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader_4.4.3.dll
[2010.03.24 19:12:34 | 000,249,680 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2010.03.24 19:12:34 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2009.10.06 05:08:30 | 000,145,082 | ---- | M] () -- \Program Files\HP\HP Deskjet 5520 series\Bin\HelpViewer\Resources\Loader.gif
[2013.01.21 15:03:44 | 000,030,608 | ---- | M] () -- \Program Files\Seznam.cz\distribution\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2013.08.21 07:01:29 | 000,003,062 | ---- | M] () -- \Program Files\Windows Defender\cs-CZ\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAZWMTS\remote.loader[1].js
[2013.08.21 07:01:30 | 000,120,580 | ---- | M] () -- \Program Files\Windows Defender\cs-CZ\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAZWMTS\sayt_loader_libs[1].js
[2013.08.21 07:01:29 | 000,003,062 | ---- | M] () -- \Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAZWMTS\remote.loader[1].js
[2013.08.21 07:01:30 | 000,120,580 | ---- | M] () -- \Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAZWMTS\sayt_loader_libs[1].js
[2011.12.06 12:06:24 | 000,429,568 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 13:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Facebook\ZPSPluginLoader.exe
[2011.12.06 12:06:40 | 000,444,416 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 13:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Flickr\ZPSPluginLoader.exe
[2011.03.08 16:09:04 | 000,194,048 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 13:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Picasa\ZPSPluginLoader.exe
[2011.12.19 15:12:24 | 000,102,792 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Program32\8bfLoader.exe
[2011.12.19 15:12:36 | 000,016,776 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Program32\WICLoader.exe
[2013.03.05 10:11:10 | 000,432,128 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSPluginLoader.exe
[2013.02.06 16:42:00 | 000,323,584 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\en\ZPSFacebookUploader.resources.dll
[2013.03.05 13:03:44 | 000,443,904 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 14:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSPluginLoader.exe
[2011.12.06 13:06:40 | 000,323,584 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\en\ZPSFlickrUploader.resources.dll
[2013.03.05 12:34:20 | 000,192,512 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPluginLoader.exe
[2013.02.06 16:20:12 | 000,323,584 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\en\ZPSPicasaUploader.resources.dll
[2013.06.07 15:50:44 | 000,103,960 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\8bfLoader.exe
[2013.06.07 15:50:52 | 000,017,944 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\WICLoader.exe
[2013.08.21 11:36:29 | 000,000,673 | ---- | M] () -- \Users\Anetka 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGGAELH9\loader.white[1].gif
[2013.08.21 10:34:51 | 000,006,494 | ---- | M] () -- \Users\Anetka 1\AppData\Local\Temp\avg_a01260\ProgData\AVG Secure Search\FireFoxExt\15.4.0.5\modules\skin\ajax-loader.gif
[2013.08.21 10:34:52 | 000,000,729 | ---- | M] () -- \Users\Anetka 1\AppData\Local\Temp\avg_a01260\ProgData\AVG Secure Search\FireFoxExt\15.4.0.5\modules\skin\loader.gif
[2013.08.21 10:34:52 | 000,019,497 | ---- | M] () -- \Users\Anetka 1\AppData\Local\Temp\avg_a01260\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2013.08.21 10:34:28 | 000,006,494 | ---- | M] () -- \Users\Anetka 1\AppData\Local\Temp\avg_a02532\ProgData\AVG Secure Search\FireFoxExt\15.1.0.2\modules\skin\ajax-loader.gif
[2013.08.21 10:34:28 | 000,000,729 | ---- | M] () -- \Users\Anetka 1\AppData\Local\Temp\avg_a02532\ProgData\AVG Secure Search\FireFoxExt\15.1.0.2\modules\skin\loader.gif
[2013.08.21 10:34:28 | 000,019,497 | ---- | M] () -- \Users\Anetka 1\AppData\Local\Temp\avg_a02532\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2012.09.13 14:45:58 | 000,058,424 | ---- | M] () -- \Users\Anetka 1\AppData\Roaming\Seznam.cz\bin\libfoxloader.dll
[2012.08.07 13:39:12 | 000,000,165 | ---- | M] () -- \Users\Anetka 1\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2012.08.13 18:05:28 | 000,000,235 | ---- | M] () -- \Users\Anetka 1\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_0_0.install.bat
[2012.08.13 18:05:26 | 000,000,130 | ---- | M] () -- \Users\Anetka 1\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_0_0.uninstall.bat
[2014.04.18 20:53:14 | 000,001,870 | ---- | M] () -- \Users\anetqua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09QNG1GC\AdLoader[1].htm
[2014.03.17 19:24:50 | 000,001,870 | ---- | M] () -- \Users\anetqua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIX9FBPX\AdLoader[1].htm
[2014.05.11 08:24:44 | 000,001,870 | ---- | M] () -- \Users\anetqua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3IRHGSG\AdLoader[1].htm
[2014.07.09 18:30:05 | 000,017,912 | ---- | M] () -- \Users\anetqua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC7JDJVB\AdLoader-3b8e790904fffcf74f96367cd382e261.min[1].js
[2014.10.27 18:53:37 | 000,018,715 | ---- | M] () -- \Users\anetqua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC7JDJVB\AdLoader-a5fa12058ddb9a8919d6906ba95d7c57.min[1].js
[2014.08.17 08:17:44 | 000,018,544 | ---- | M] () -- \Users\anetqua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK2Q9EKK\AdLoader-0ee9685baf8ff395a7119d551063e2d4.min[1].js
[2014.07.09 18:30:05 | 000,001,980 | ---- | M] () -- \Users\anetqua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK2Q9EKK\AdLoader[1].htm
[2014.10.27 18:53:36 | 000,001,980 | ---- | M] () -- \Users\anetqua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK2Q9EKK\AdLoader[2].htm
[2014.10.27 18:53:50 | 000,001,980 | ---- | M] () -- \Users\anetqua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK2Q9EKK\AdLoader[3].htm
[2014.10.28 18:57:13 | 000,001,980 | ---- | M] () -- \Users\anetqua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW8ZANI0\AdLoader[1].htm
[2014.07.01 10:46:16 | 000,072,638 | ---- | M] () -- \Users\anetqua\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.07.01 10:46:16 | 000,003,032 | ---- | M] () -- \Users\anetqua\AppData\Local\Skype\Apps\login\images\loader.png
[2014.07.01 10:46:16 | 000,006,012 | ---- | M] () -- \Users\anetqua\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.07.01 10:46:16 | 000,021,956 | ---- | M] () -- \Users\anetqua\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.07.01 10:46:16 | 000,009,772 | ---- | M] () -- \Users\anetqua\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.12.07 20:17:11 | 000,002,572 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\Dog-Silhouette-Vector.rar_Downloader (1)_005896.log
[2013.12.10 09:52:03 | 000,007,818 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\Dog-Silhouette-Vector.rar_Downloader_000656.log
[2013.12.07 20:17:21 | 000,007,470 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\Dog-Silhouette-Vector.rar_Downloader_001744.log
[2013.12.08 23:08:58 | 000,007,006 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\Dog-Silhouette-Vector.rar_Downloader_005796.log
[2013.12.10 10:15:52 | 000,004,860 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\Dog-Silhouette-Vector.rar_Downloader_006012.log
[2420 \Users\anetqua\AppData\Local\Temp\*.tmp files -> \Users\anetqua\AppData\Local\Temp\*.tmp -> ]
[2013.04.15 21:31:51 | 000,008,192 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\_MEI24722\_win32sysloader.pyd
[2013.07.04 07:05:55 | 000,006,494 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\avg_a01660\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\ajax-loader.gif
[2013.07.04 07:05:55 | 000,000,729 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\avg_a01660\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\loader.gif
[2013.07.04 07:05:55 | 000,019,497 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\avg_a01660\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2013.07.04 07:07:38 | 000,006,494 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\avg_a07480\ProgData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\ajax-loader.gif
[2013.07.04 07:07:38 | 000,000,729 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\avg_a07480\ProgData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\loader.gif
[2013.07.04 07:07:38 | 000,019,497 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\avg_a07480\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2013.08.29 07:42:27 | 000,003,208 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\ibtmpe0c3674\config\ajax-loader.gif
[2013.08.29 07:42:27 | 000,006,820 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\ibtmpe0c3674\config\ajax-loader2.gif
[2013.07.04 07:07:38 | 000,019,497 | ---- | M] () -- \Users\anetqua\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2012.09.13 14:45:58 | 000,058,424 | ---- | M] () -- \Users\anetqua\AppData\Roaming\Seznam.cz\bin\libfoxloader.dll
[2012.08.07 13:39:12 | 000,000,165 | ---- | M] () -- \Users\anetqua\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.01.21 15:03:44 | 000,030,608 | ---- | M] () -- \Users\anetqua\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2012.08.13 18:05:28 | 000,000,235 | ---- | M] () -- \Users\anetqua\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_0_0.install.bat
[2012.08.13 18:05:26 | 000,000,130 | ---- | M] () -- \Users\anetqua\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_0_0.uninstall.bat
[2013.03.27 14:26:04 | 000,000,169 | ---- | M] () -- \Users\anetqua\Documents\aaa-e-shop\E-shop\šperky\Řetízek ZARPA_files\imagepreloader.js
[2013.08.21 07:01:29 | 000,003,062 | ---- | M] () -- \Windows\$NtUninstallKB48746$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAZWMTS\remote.loader[1].js
[2013.08.21 07:01:30 | 000,120,580 | ---- | M] () -- \Windows\$NtUninstallKB48746$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAZWMTS\sayt_loader_libs[1].js
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.08.21 07:01:29 | 000,003,062 | ---- | M] () -- \Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAZWMTS\remote.loader[1].js
[2013.08.21 07:01:30 | 000,120,580 | ---- | M] () -- \Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URAZWMTS\sayt_loader_libs[1].js
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2013.08.22 11:36:12 | 000,006,494 | ---- | M] () -- \Windows\Temp\avg_a09956\ProgData\AVG Secure Search\FireFoxExt\15.5.0.2\modules\skin\ajax-loader.gif
[2013.08.22 11:36:13 | 000,000,729 | ---- | M] () -- \Windows\Temp\avg_a09956\ProgData\AVG Secure Search\FireFoxExt\15.5.0.2\modules\skin\loader.gif
[2013.08.22 11:36:13 | 000,019,497 | ---- | M] () -- \Windows\Temp\avg_a09956\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2012.09.16 15:42:16 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2012.09.16 15:42:16 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2012.09.16 15:42:16 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2009.07.14 05:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 05:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 05:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2009.07.14 03:17:55 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 03:17:55 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winload.exe_75835076
[2009.07.14 03:17:55 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.13 17:54:50 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >
[2014.03.25 20:45:37 | 000,000,161 | ---- | M] () -- \Windows\AutoKMS.ini
[1 \Windows\*.tmp files -> \Windows\*.tmp -> ]

< *activator* /s >
[2014.03.25 20:35:20 | 000,001,623 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.lnk
[2014.03.25 20:35:20 | 000,001,623 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.lnk
[2014.03.25 20:32:46 | 019,189,530 | ---- | M] () -- \Users\anetqua\Downloads\Microsoft-Office-2010-Pro-Plus-x64-&-x86-Activator-and-Keygen.zip
[2014.03.25 20:33:38 | 018,806,257 | ---- | M] () -- \Users\anetqua\Downloads\office 2010 activator\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.exe

< *serial* /s >
[2013.08.19 20:17:00 | 000,015,399 | ---- | M] () -- \Program Files\BitLord\Torrents\AGE OF EMPIRES III + SERIAL.torrent
[2013.08.19 21:22:44 | 000,002,133 | ---- | M] () -- \Program Files\BitLord\Torrents\AGE OF EMPIRES III + SERIAL.xml
[2014.02.13 21:57:42 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014.04.26 20:10:19 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2013.04.17 18:43:42 | 000,005,687 | ---- | M] () -- \Program Files\PokerStars\gx\tokenserial.jpg
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.06.08 09:38:48 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2014.05.15 09:16:50 | 000,003,072 | ---- | M] () -- \Users\Anetka 1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_eserial.cz_0.localstorage
[2014.05.15 09:16:50 | 000,003,608 | ---- | M] () -- \Users\Anetka 1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_eserial.cz_0.localstorage-journal
[2014.01.31 20:53:41 | 000,003,072 | ---- | M] () -- \Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_serialy.befun.cz_0.localstorage
[2014.01.31 20:53:41 | 000,000,512 | ---- | M] () -- \Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_serialy.befun.cz_0.localstorage-journal
[2014.04.14 13:40:54 | 000,003,072 | ---- | M] () -- \Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.serialzone.cz_0.localstorage
[2014.04.14 13:40:54 | 000,003,608 | ---- | M] () -- \Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.serialzone.cz_0.localstorage-journal
[2014.10.28 12:55:50 | 002,076,672 | ---- | M] () -- \Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.sledujuserialy.cz_0.localstorage
[2014.10.28 12:55:51 | 000,016,384 | ---- | M] () -- \Users\anetqua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.sledujuserialy.cz_0.localstorage-journal
[2013.01.05 13:47:46 | 000,185,386 | ---- | M] () -- \Users\anetqua\Documents\___Haf&Mnau\2013\AAAA-2013\1\18-19_serial_zdravi psu.pdf
[1 \Users\anetqua\Documents\___Haf&Mnau\2013\AAAA-2013\BREZEN\*.tmp files -> \Users\anetqua\Documents\___Haf&Mnau\2013\AAAA-2013\BREZEN\*.tmp -> ]
[2013.01.05 13:46:00 | 000,192,937 | ---- | M] () -- \Users\anetqua\Downloads\18-19_serial_zdravi psu.pdf
[2011.08.08 15:34:04 | 000,000,153 | ---- | M] () -- \Users\Public\StarStableOnline\Data\SerialNr.pmt
[2011.08.08 15:33:42 | 000,001,690 | ---- | M] () -- \Users\Public\StarStableOnline\Data\SerialNr.pte
[2011.08.08 15:33:42 | 000,001,579 | ---- | M] () -- \Users\Public\StarStableOnline\Data\SerialNRPlate.pme
[2009.06.10 13:14:16 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.08 09:38:48 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009.07.14 05:43:53 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
[2009.07.14 05:43:05 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 13:14:16 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.13 17:38:14 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009.07.13 17:39:44 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009.07.14 03:09:30 | 000,010,240 | ---- | M] () -- \Windows\System32\drivers\en-US\serial.sys.mui
[2009.07.13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.14 03:10:04 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009.07.14 03:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 03:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2012.09.16 15:42:14 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 05:56:40 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009.07.14 03:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 02:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2009.07.13 17:54:22 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009.07.14 03:28:14 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2009.07.14 02:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2009.07.14 02:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 02:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009.07.14 02:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 13:14:16 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2009.06.08 09:38:48 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2009.07.13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009.06.10 13:14:16 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c002c1170ca9a88f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.13 17:38:14 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:10:04 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.06.08 09:38:48 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2009.07.13 17:39:44 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009.07.14 03:09:30 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07e2c405948a55f4\serial.sys.mui
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB48746$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Doufam, ze mate zalohovana data


Odinstalujte MBAM.

Pokud nepouzivate, odinstalujte Seznam Software.


Napiste mi velikost adresare plochy (C:\Users\anetqua\Desktop)




Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands) Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Trochu mě děsíte, ale mám..
Ten seznam nějak nepracuje, dám odinstalovat, ale nic se neděje... Jen tedy čekám než se to odinstaluje (když to zopakuju)..
Velikost plochy je 6,12 gb pokud jsem to našla správně.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anetka 1
->Temp folder emptied: 54226154 bytes
->Temporary Internet Files folder emptied: 30309670 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13422697 bytes
->Google Chrome cache emptied: 65829293 bytes
->Flash cache emptied: 58720 bytes

User: anetqua
->Temp folder emptied: 22441476217 bytes
->Temporary Internet Files folder emptied: 334867115 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59145476 bytes
->Google Chrome cache emptied: 284039960 bytes
->Opera cache emptied: 53989276 bytes
->Flash cache emptied: 69168 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500758 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73672991 bytes
RecycleBin emptied: 27741916152 bytes

Total Files Cleaned = 48 785,00 mb


[EMPTYFLASH]

User: All Users

User: Anetka 1
->Flash cache emptied: 0 bytes

User: anetqua
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: postgres
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service avgtp stopped successfully!
Service avgtp deleted successfully!
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
Service c2cautoupdatesvc stopped successfully!
Service c2cautoupdatesvc deleted successfully!
Service c2cpnrsvc stopped successfully!
Service c2cpnrsvc deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service SwitchBoard stopped successfully!
Service SwitchBoard deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\system32\mncjblq.vbe moved successfully.
C:\Windows\inf\msstp.vbe moved successfully.
C:\Windows\system32\mncyaaeci.vbe moved successfully.
C:\Windows\inf\msiambg.vbe moved successfully.
File\Folder C:\Program Files\SmartTweak not found.
File\Folder C:\Program Files\AVG Secure Search not found.
C:\Windows\system32\drivers\avgtpx86.sys moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
========== OTL ==========
Service ‮etadpug stopped successfully!
Service ‮etadpug deleted successfully!
File C:\Program Files\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\ \...\‮ﯹ๛\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\ \...\???\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\GoogleUpdate.exe <] not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: "" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mncjblqSrv deleted successfully.
File C:\Windows\System32\mncjblq.vbe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mncyaaeciSrv deleted successfully.
File C:\Windows\System32\mncyaaeci.vbe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msiambgSrv deleted successfully.
File C:\Windows\inf\msiambg.vbe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSStp deleted successfully.
File C:\Windows\inf\msstp.vbe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
File C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skypec2c\ deleted successfully.
File C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File C:\Windows\System32\dcgmncyaaeci.exe not found.
File C:\Windows\System32\acumncyaaeci.exe not found.
File C:\Windows\System32\dcgmncjblq.exe not found.
File C:\Windows\System32\acumncjblq.exe not found.
C:\Windows\System32\libidn-11.dll moved successfully.
C:\Windows\System32\librtmp.dll moved successfully.
C:\Windows\System32\zlib1.dll moved successfully.
C:\Windows\System32\libcurl-4.dll moved successfully.
C:\Users\anetqua\AppData\Roaming\AVG2013\cfgall folder moved successfully.
C:\Users\anetqua\AppData\Roaming\AVG2013 folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\04edea0e898ff8f83bd8f66c447c353c\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\04edea0e898ff8f83bd8f66c447c353c\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\04f916c5ef03037217eb8604680bc44b\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\04f916c5ef03037217eb8604680bc44b\$dpx$.tmp folder deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mncjblqSrv not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSStp not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mncyaaeciSrv not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msiambgSrv not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Rainlendar2 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedUpMyComputer not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\FixMyRegistry not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BambooCore\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10302014_190918

Files\Folders moved on Reboot...
C:\Users\anetqua\AppData\Local\Temp\7zS71DA\HPSLPSVC32.DLL moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Anetqua píše:Trochu mě děsíte, ale mám..

Nebojte, ale nahoda je blbec a kdyz je pc takhle zamorene, muze se zachovat nepredvidatelne, tak pro vsechny pripady...

Anetqua píše:Velikost plochy je 6,12 gb pokud jsem to našla správně.

Velikost plochy by nemela preshovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku



Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Zkouším vložit, ale nejde... Píše "Nepřijatá žádná data".. Ale možná moc dlouhé, když tohle jde, zkusím rozdělit.

ComboFix 14-10-29.01 - anetqua 31.10.2014 18:54:27.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.2972.2291 [GMT 1:00]
Spuštěný z: c:\users\anetqua\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\9519~1\A535~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\@
c:\program files\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\9519~1\A535~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\L\00000004.@
c:\program files\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\9519~1\A535~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\L\201d3dde
c:\program files\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\9519~1\A535~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\L\6715e287
c:\program files\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\9519~1\A535~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\L\76603ac3
c:\program files\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\9519~1\A535~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\U\00000008.@
c:\program files\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\9519~1\A535~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\U\80000032.@
c:\users\anetqua\AppData\Local\Google\Desktop\Install
c:\users\anetqua\AppData\Local\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\2E2F~1\28F0~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\@
c:\users\anetqua\AppData\Local\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\2E2F~1\28F0~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\L\00000004.@
c:\users\anetqua\AppData\Local\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\2E2F~1\28F0~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\L\76603ac3
c:\users\anetqua\AppData\Local\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\2E2F~1\28F0~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\U\00000008.@
c:\users\anetqua\AppData\Local\Google\Desktop\Install\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\2E2F~1\28F0~1\E628~1\{5cad3e28-6a62-fce1-006d-afc1a0f06316}\U\80000032.@
c:\users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions\staged
c:\users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions\staged\bcbd@uoaayai.co.uk\bootstrap.js
c:\users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions\staged\bcbd@uoaayai.co.uk\content\bg.js
c:\users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions\staged\bcbd@uoaayai.co.uk\chrome.manifest
c:\users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions\staged\bcbd@uoaayai.co.uk\install.rdf
c:\users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions\staged\spxtf@ebcbdcf.edu\bootstrap.js
c:\users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions\staged\spxtf@ebcbdcf.edu\content\bg.js
c:\users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions\staged\spxtf@ebcbdcf.edu\chrome.manifest
c:\users\anetqua\AppData\Roaming\Mozilla\Firefox\Profiles\p3so824v.default\extensions\staged\spxtf@ebcbdcf.edu\install.rdf
c:\windows\$NtUninstallKB48746$
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Run
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-28 do 2014-10-31 )))))))))))))))))))))))))))))))
.
.
2014-10-31 18:02 . 2014-10-31 18:05 -------- d-----w- c:\users\anetqua\AppData\Local\temp
2014-10-31 18:02 . 2014-10-31 18:02 -------- d-----w- c:\users\postgres\AppData\Local\temp
2014-10-31 18:02 . 2014-10-31 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-31 18:02 . 2014-10-31 18:02 -------- d-----w- c:\users\Anetka 1\AppData\Local\temp
2014-10-30 18:09 . 2014-10-30 18:09 -------- d-----w- C:\_OTL
2014-10-29 20:03 . 2014-10-29 20:03 512 ----a-w- C:\PhysicalMBR.bin
2014-10-29 18:16 . 2014-10-29 19:53 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2013-06-07 774680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
.
c:\users\anetqua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 5520 series (Copy 1).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 5520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN34F162YB05SX;CONNECTION=USB;MONITOR=1; [2009-7-14 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"3212083974"= 504b0304c239b7f8068374bfb511000000400000e269f63d73594f6202c9694280cc96a28bbd63516fe3c2d5f7a2ff87ac3a990c3ec3b2ed7b07716237a0dfb1dfb651f67e31cb2e7649f98d5e55e9b25b1a579794989b176c357bdcc11226bd6ecb7de8a63ea2165f6b31ead6b0a2a96a6e9d04b9b39f194ef52d48b088d4b6597f685a70ff6912914f86d8235681747da26cfd83223d3d248872c51095484634ebf976e4595f734bd35caf42b38dcf9e878af0be0a5e84b22940f721e8bbcdcbaa3e53607359252db16c0d6c38a142261bb4896d12a48c006cc3c21fdf717c155b2af0375d2545ee286c2aecb2955206ef25c82dc686f7eb83bb3072e94e1e59254b11a2e3628e1d98e177375b54e682a1c77f986e1907ffcb784accacb124189751d7ebbafc91d3a127f134a85e27f8c201d9082f621f5fffac09d2aab94a62f90bd74d6c96a8db6d42e4e98316449d202a4e24857673e2a50b7dfd9d5af72a21a19a922acc9675ba933a1c6ad4e0a11470fbb82eed7a79c5ca2dbb0bec5b2b43baa37373d3ef494726d7cf4a4aa8a3d6a5c206ced49148c0100bfa96b707be91b855151d8da8e0723dd1303325011b3951c9df7b10e9b153bced98376c4d7517f2e0e23a986914b2b0f978454441c47b5797d924ce9cd186d74d308099ee52f226e92de6b50e4a0691f75cfa9ce733494b8cafaeb4be4c65f6c9dffa34a3c2ed9d14f5844164be79b7a90495290350177b03aefa777ff519b624e3c75c219260ac447bba9a6db56f34b340a5f75837fab3c33831a3bc39c2914aeb87a39545bd7ed52450eb7e94d5380e2babce3f8ee6e3cdc9d4ed54d9889d9dbd0dc879caa2b121048a308a7f873252dad24ea8f8911ea0a3b202de930a9fc882cf1349ffe229016b2ebfd7821b8986d31deccbc296ba54fd6d864c915f1d77ac0734d96fe0ba43a669fab128026c7f90e9e1e0a7047f5a2378e4de0966eb6c217b3483194b2b21a3fa8a1cbef1d66a3fc8a5c863bcea6157981a11449bae3357f3287501cb9c24e0afb156f5ddfd6855cd8b7b43feabd9412c1c208b5de2330c469a59de5b490cc06bfd5a4900cb121eb967bc7185a9f00112a5b1e8d8028ca02b0f2b194af03cc1e172b70c9b88643e3c064b5406cf184ad9eba26736ef6feb30dac8ba400933a32a3c03230bd732fcbe16c4b3bdcc0b501616ce956d968b8da68b4a9a64238601e81e78095961580431361a4dd9fe963d3ceba5c21bba416c1cc9d94bb842c25b2fd12c8bf42c35948272965a3fecf6e9b92d32d7e84a402a0b6214a412a23427e4852ce607fd9f7ff8559bbb96a9ae577df0c19d108587d372470be0d3e27ed61feb442c2d65e55bac81c2786cf6b837eebc1b5af35634b29fd5d96347b5f9c747c8a9a83e7cb3c188d9042f08fbd4edeebd65de7c04b275b7fd74067a0ae3033752aa55a45a05355811416ea4a5101511e99305b700bd44742cbd6a9272b5cf4001505c4057866b57e4de5ef0ee9f88b41986a80119c962594972011fc0c39b4a74b74747f5116d896a0ebcbb4387685672899af54b80ae07008971ea1c997a898e33aab769e4e52fbbec97ebf199ce76454badbd4eab272f1d1caabb3b49b3aafc1e67d09ee8feb0580e414eb45f3f0c25fe88872312fec2341e7a6100b2e04ed25fce13a146098dce98446b2f3875ecb269a886795698619d337da612f19bf8d4fe3028e79a26548128d1595af0bf98ff320dc73d873f05ebd07c87cae28df067c00de3e53cc77e801e1304192ca7bf78ab28db40564328a108f9f0ddd8e1b0baeccf16bf1deb3cc5c4b5f5140f6b8a256e9128c203418aa3d93e3f08078977667dc02d830bb6869de92f29a65ac6d2689d0a5a90887a8643119dc9a68b5b00bd59d45da9d7ed5dae6ee6da6119243f77f51b263200f90abbb61cce9a951781ea2012a2c8d7200906439b08e7e76cf9c9536b2e6b560afd7cbaa5044791ee17ded45adfd9d359dac0a9f4ed15bf2cb2ea9b12b7cb11b597cf2e6e750a6c636fe2c4b144f6ff43ccffddae787be160b0a8b4282b35a6aeece165814e95ce7adbe416ef4e51860cb4f5d50af2a86aa4ee602a30aa54850e0cb4a38dc3a1c711b5d03b6a53ee102ac68e553d11e5fb3d0a8e0ef34266263ca4a3e0b76c55a92f75f921cd61a5363e5db7737874d57c653d63457260b67b1df330827b2921c29fda0045bbe7404e40985039f7db153f52b2c941a56e922dcfb60b89dbee327ed6f5c1e438270f766a6ed1730fc581a4aebcfe3b7726b27d6b092cf5a0b6954196cb4cc2788b8722338ee189d9e22692595f0d5b333b0f715cb8d94a08afb631dbb1be79a773e8f1a4eaf7220c24222dda431b91d9175dfa0c6ae81e8c4c879d64446cf56faefe1487ca6739a776aee42ef8be40a612f95cde3b1feeac1e1e41a24c92ed8b0152e247239e5a8bc903679ca8c7b94659ad5b1d10551f460d924fb60882fc90508c3723420f86f4cf100387e808133cc429883c0e3ace91651c075cd19d106e0b437b0363048ca1feaaf929b87aed90afde281edca0fa0cc7b5a7f03807fa5ac41b1ed73130eac1117c631c1818142f24d420f6776cb53d4d0326b9fc3008c3ca03fc649d87d37fa617b74f2865c75298bed54b7d8dc676e2210374d8bf194ae2feda62b4798933c764ccddf845330721fc21e68c0695ca73285103e22ae68da440326dfef9a80d17d0a7c3f920e7b0aa806ee9b7549ed9878b6cfb505ac69e8e8d3cfa718675764cfb03861d32afaae1d918be87f6a9ac0d815c57ad3e167d642f5fcddc25d4ba3ac3e67c26a4deaa17797b3c0654f271eaaa442a71cbe19372adcbde3df8b3fe491e5a76a79d1291

a0de317ffbf927f42782fa48270f2c969563b183a4b0112f3497dd3c2a423ec83498bdbaac928910a9fb7fe5788e454c027a28f4a91af2bf09e261f85b0eee4f7929e63c4062496cb09534bb6d03ff69ed2915d0ea215b4fb3d1044e86eb87dfb4898bcbd50e5c4ddfbdb83b9410e1adf91446c43c959e0e341d67a5a7ef8712586de3b8b9c5b6f80f42f235bf68900ebfe6304bb0d9f67408b76201ec26180b4bd76500de4f0df86df4a063aececca69ddf8a162b67a4b9800fa7570d5b551ac2703adc0ffced00650a96cd81ec4187b90c6b2140ce99c1937c40587ea72899897e628115bcab73b3d9f425860b109a67347b8a121f65d0968d56a3dde6b8171cea61b08ae568b9d03c398977ce86f75055230ef370cabf67c9cf97c3223719555403f3e0bd2af0e1e8742decb05fadb0227f15d40ee2d6dc5a49fe1e6bc9e6cedde74294c3bb6fd5c5fedfad672df1dffd219bd8bc1ec39158eab507998755f553441d01cd26a5501f6fb2db4f3597510f85b93a542514c8013eedbbfc913dcce8b20a5759665bdfd9919eb22a89163d8656386d857c5bfc7c241c1d726cd94ab0f92d5b0fefcf1d4abdd26fbc6c17a4ccacf2d31e5e713059de93c59d3b8d3e8d03b5d663f9dfadb03e093cb84fcf500a1f0e2e5ba1c9d81db12cc799c6539af0cc35682d95cb789c745a452bd8b38e6cf08e0579da1ab43ad0858d0305f961b15a79c1090f4867040ea2bd36cf6512aab44ce5a1098efe039134f23bf057777fef3e68e45827b0487924cad4e5f0b1c3b4f5a0e3853b39640eb0782d78888fe92c3b68624e84ff6a5eded87be62d34ce858f34e5fffbba75f014df0f648988b51a72de1ff54d5c7a4b8ecb10c5e9ef51de98c01ef8c406f9824a0c15a29e16b5a53e3643b0065a4263ecae50d2cb976d3d2ea6255a65f1c6cc86167f1784a27b832037db4ce1e262475334f3b2430f86c7a24456eea82ab678aba91bb4c0cc82c877b80b6d3574007257272c3e126c17a8b36aa8aa9431ff01bf658f82d8153eddea6804cdc564a3f5e9967b08feeb823d3db9356a4acdd80e883ca58a1c661d01d145f80a3ab67e8036c0bae1bb7bc43204eb0cf38214bc74a9aef036a31d5a9c552d93a25c0e84057bce5437b1634680d04a77472d631432d2baa7a3acd64220efcf9e7848f8fd9801bef7561a470a1822032160eb59edc0f977882dce4fb2872d89d27ff076dba74a9672f86909956579c28853fa8de7002cc8458d09256d42a39f1a4bdb6b56d36d51488e7368686e54c1bbbfff48884e0d536be362e59bd7f18329a4b82aed396e4f92865f594d0da38f7cace7a4603af60c1a53bdfd19476094aac6e4a8f31fc1257d48d03bb0ef515d8460b9441532c8b5043d0531d5881adb6d997bb184fd8caf4d8e6c759c3f7143b9e32bc7a0ec6234b68adf4111ca1d136721438e5e6d7125d480ce982d84aea7703b4010cd27867d6ddc5e0c970385196f020e48eddb24c56972f9e61e6cc29c1712551583828f899534aacfffc66f99999ea2ba2731d52a7fd2fa262a22b075da52a5aa58f5b41aa9cdc9181406717f3f75e7c475090121966838125236e4dc6291ae3874968e8208b983aadb03ca60acd935e6da1b829407f70a77340e4439f22fdc2fc4218de0f25d2f886c0aaeb693c2b23db0eab9953bf806c2173e0bc9d0d7ef0e763775bc1432ff48d6035b1214294c81b71cd98c42831014090cd99cb74929ae853f88132e559104d4fea98ad40f17da4100a909a6981bad9efb240a79520927aa12232a56f4d8893bff92bfc2bd42cf3dc09bdc484dfdba3a10c609186104ce33e3024f44000be34814ff5dc9872d44b4157fb3a6655b985f6cc5ef4586f2abfee12dcbdb90181b396f95fe3213f094d1f3dd3d7fed800f4ed21290f613b62048e0fc1f1328d9f87a5653b489d36f727be9d755523def0472f1c1d5ac90ee665379ff39d06e863c244890f5333a0b89b92022c1a8198029fe5f8c203b3dd211d4398958ee190108dd50b7850e20d8abe2b927d53d28f3b8ca26be81bc6b83c0e2b3b1dda28066c63860cea89df82708ef21d4d36b84663e87b4385a3e37bd3ff1eb2bf64184c44723490669af4da092d45ba21a569a352e513d9a9b43e9cd4b812055822626efc55f950009232b8b3bb2d63d44a8b0bd9bd4e84c5a724496a2326f63c97dbcb235366ec0cf6096b5f4988d073c34bd3a084130cea8d6ee22e542b411c1e18599667b3fd6dde0669ad82c85a1c10ca5862213cb1bb277e6c4f6564f20a9bcea1b48170504c47235d78ed0a0441987c8c17d90d7b56cf487c46733ba4a6848fec42b97ce4048f3c6d9c493322f052ef93f02f142b3940a10921bd15c911e7a97aa4a20dc383c62cd288d252ba937b3f60761e6653568a01241bb573664de04811cf3f59b4c2d7e8a6c55da16f468383456aa751697697397c2a5e5abfa0f1099d80447d49da509aa1347f3943ee9baa1fdad2a0e69410b34253ad4991282d0e952260f52ab9f02a3d00b37098cf60354424f862066e45e92ac475c99a00e7380766e589abf66271619142795cf7a7fbd138a6cc5bd7e135122341d1f06eb5b436c59be0adedc71bc03d7c63c16751ad56c69e36decfe9e8214c719fcdf2e9fe2dc971f03c1c2ad6b6d368fe8b11d0389650c73d1c7e73708145fa05992a150e6a909656ea786e244bdf1cd71f4b0fd05b1335d703182ffa9d96c99108297b1fe327a83bf4f69d2a9c3d1eb73a9dd8cee2b3220904ac31011fd6407a5ba427facb46227fdedb13d1ca6443ded3dc3b6cf06a59dc9b9226fbf357334abf58412605fd206e7b6125fa19e5d68f75783fa08205b05c0a12d1830068317f6105958c4eb37bcb1beae6a401c267641aa58274a410d76b4d2a03e418020869b6886bb81964761b3fcd8ea68050ad6cff99649cde8fa53f04b0c96e271c0b092e24d81ea2d723775799e713ea9da6967ef57aaafe1c6732f2f047556027f021c65fc20c1c3bcb392acf8ff7a9e14d9728a5aaacd255fc3866b041e9c96dcf592083d78c9e405ddd7991d2e2536d2eb1ba0f0ece3dfb6a34c2665cfac2d1850fd478f617fdd4e9dd4492c553bd375cfd33f4744d642006f3a5216a1ff7d73643ed751caecdfdcb56247aa2f66fbcb8315daaa86006a99e0350a72d5d5260d6bb77ac53cdd7abacb859586c279b7facdf076c922ac27f3e907fb3b4ec977ca634a28df064162165222dcce674dab60a4e9d48e7fcea267abb1f8e0a2012aa6db532a4ce74fbaf583e2c292fa1b56be585d14ee073cdafe3fc0c19050e698ec41b9d27f5db41a779208118a5d3f8f74333b2ad2fe3cee273bbfea485ead817effedf1260c1a125070589b6f0f31984ed498cbd273e84a718f54c82cbc2747e678f8437dde23c9ea3c877823034b7c70731c2d01cc09d11d3364e7945b6480b9b416acb54cd1194b46c6d2e147619ac1c1fa915af80a5098647247ebcf0449634f69c96afc740bce61993228183d98d0f85406d8ffd934