VIRY.CZ

Dobrý den
Moc tomu tady nerozumím, celkově jako PC. prosím buďte schovívaví.

Něco sem tady vyčetl o tom DDS logu tak to sem dám...
Problém je v tom že PC je enormně pomalé. Pisi nyní z nouzového režimu. Prohnal sem to Nodem, RegCure Pro, Speedupmypc...nejaká svinstva to našla ale stalé stejne pomale, nepoužitelné...
S nejakým zrejme pornem mi syn stahl yontoo a od te doby je asi problem...
PC se načíta asi pet minut a po "vítejte" je černá obrazovka s nápisem "Konfigurování Individualního nastavení uživatele" (což tam drive nebylo) a pod tím C:/Program files/Microsoft/Windows Installer.exe


DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by cesko at 23:25:16 on 2013-01-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2460 [GMT 1:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=111304&tt=0313_4&babsrc=HP_ss&mntrId=18f252fd000000000000001d604d90ae
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com
mDefault_Page_URL = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - LocalServer32 - <no file>
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Microsoft® Windows® OS Manager] c:\program files\microsoft\Windows Installer.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Microsoft® Windows® Operating System] c:\program files\microsoft\Windows Installer.exe
uExplorerRun: [Microsoft Explorer Policies] c:\program files\microsoft\Windows Installer.exe
mExplorerRun: [Microsoft Explorer Policies] c:\program files\microsoft\Windows Installer.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{93E4835A-8CC3-420B-91E5-48014E065A30} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{BAE6D55F-F66B-4F39-A3DD-E2F6609718A1} : DHCPNameServer = 10.0.0.138
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\browse~1\23765~1.24\{16cdf~1\browse~1.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {UR218G3C-0SUD-JCT2-1756-57VI7413CH5M} - c:\program files\microsoft\Windows Installer.exe
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-3 242240]
R3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\drivers\pmkbdfltr.sys [2012-11-1 15248]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-11-1 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-9-9 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-5-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-5-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-5-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-5-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-5-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-5-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-5-16 115752]
S3 Uniblue.MaxiDiskSvc;Uniblue Maxi Disk Service;c:\program files\uniblue\maxidisk\service.exe [2013-1-28 30032]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-01-28 22:15:40 792 ----a-w- c:\users\cesko\appdata\roaming\ceskov3.5.0.0.vbs
2013-01-28 21:37:48 -------- d-----w- c:\program files\common files\ParetoLogic
2013-01-28 21:37:44 -------- d-----w- c:\program files\ParetoLogic
2013-01-28 21:18:21 -------- d-----w- c:\users\cesko\appdata\roaming\ParetoLogic
2013-01-28 21:18:21 -------- d-----w- c:\users\cesko\appdata\roaming\DriverCure
2013-01-28 21:18:10 -------- d-----w- c:\programdata\ParetoLogic
2013-01-28 19:28:19 -------- d-----w- c:\users\cesko\appdata\local\{4722288C-0213-4D33-9063-CFF956DEC3AF}
2013-01-28 19:17:49 -------- d-----w- c:\program files\VS Revo Group
2013-01-28 01:45:43 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2013-01-28 00:46:06 -------- d-----w- c:\users\cesko\appdata\local\{83232A03-1FD4-42FB-9EAB-982BAB386955}
2013-01-27 12:38:39 -------- d-----w- c:\users\cesko\appdata\local\{2AFB720C-D324-466E-B7A1-83BEABAE4EAC}
2013-01-27 00:04:06 -------- d-----w- c:\users\cesko\appdata\local\{20B84885-CAA7-4C65-B13F-C08914827D4B}
2013-01-26 12:03:41 -------- d-----w- c:\users\cesko\appdata\local\{8C5BF28A-81A7-4A6C-8F73-1288C9F541F3}
2013-01-26 00:03:08 -------- d-----w- c:\users\cesko\appdata\local\{3A64584D-FA5F-48A6-8F3F-C4FC980FD5A3}
2013-01-25 12:02:43 -------- d-----w- c:\users\cesko\appdata\local\{3BC836DC-8B9C-45A0-A1C0-58C84D4A8702}
2013-01-24 13:53:31 -------- d-----w- c:\users\cesko\appdata\local\{ECAB57D7-8580-453A-9E41-E37FF5957647}
2013-01-24 13:09:22 -------- d-----r- c:\program files\Skype
2013-01-23 21:28:19 -------- d-----w- c:\users\cesko\appdata\local\{5353894A-B67C-4D52-9B48-3237E468994B}
2013-01-23 09:27:33 -------- d-----w- c:\users\cesko\appdata\local\{79497AE8-2935-495F-B947-A379D36D0FA2}
2013-01-22 11:51:06 -------- d-----w- c:\users\cesko\appdata\local\{337C0669-B2D0-4323-86AB-D16749679018}
2013-01-21 13:08:27 -------- d-----w- c:\users\cesko\appdata\local\{C846D032-C137-4679-A4BD-AAB8DB996390}
2013-01-20 22:36:13 -------- d-----w- c:\users\cesko\appdata\local\{8F12A814-4113-4B2B-ADD9-D16FBB837C14}
2013-01-20 10:35:39 -------- d-----w- c:\users\cesko\appdata\local\{6ED79342-1CBA-4E7C-8071-BD95DA807EBB}
2013-01-19 13:19:22 -------- d-----w- c:\users\cesko\appdata\local\{B7C81F07-DA4A-4F09-A78C-3CD7EF3EDEB7}
2013-01-19 01:18:55 -------- d-----w- c:\users\cesko\appdata\local\{FF386866-AE8E-48A5-AEF7-FF85AEF2A14F}
2013-01-18 10:38:47 -------- d-----w- c:\users\cesko\appdata\local\{DC12CB2C-2301-449F-8894-D5444D0CD76F}
2013-01-17 22:38:23 -------- d-----w- c:\users\cesko\appdata\local\{9A0D6D4D-F5C0-46BA-ABC4-A8BDD36F1757}
2013-01-17 11:02:20 -------- d-----w- c:\program files\Zrychleni Pocitace
2013-01-17 11:00:13 -------- d-----w- c:\program files\pazera-software
2013-01-17 10:37:59 -------- d-----w- c:\users\cesko\appdata\local\{D8E41A60-C75C-496A-8FAE-873024F7986D}
2013-01-16 19:49:50 -------- d-----w- c:\users\cesko\appdata\local\{BA9EE525-8785-47D7-8CA2-3743DC7CBC38}
2013-01-16 07:27:07 -------- d-----w- c:\users\cesko\appdata\local\{9661900F-F769-496E-9DE4-25E92DE4210C}
2013-01-15 20:01:24 -------- d-----w- c:\users\cesko\appdata\roaming\TuneUp Software
2013-01-15 20:01:13 -------- d-----w- c:\programdata\TuneUp Software
2013-01-15 20:01:07 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-15 20:01:07 -------- d--h--w- c:\programdata\Common Files
2013-01-15 19:57:32 -------- d-----w- c:\users\cesko\appdata\roaming\Broad Intelligence
2013-01-15 19:57:30 -------- d-----w- c:\users\cesko\appdata\roaming\OpenCandy
2013-01-15 19:57:30 -------- d-----w- c:\program files\MediaCoder
2013-01-15 16:06:20 -------- d-----w- c:\users\cesko\appdata\local\{DB51A627-CED9-4B04-9A11-D364F8E12319}
2013-01-15 01:48:10 -------- d-----w- c:\users\cesko\appdata\local\{B41241F8-A478-4D70-B660-DB0FF6EABAB2}
2013-01-14 19:21:52 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-14 13:47:44 -------- d-----w- c:\users\cesko\appdata\local\{9C89DA1B-3E31-435B-B7AC-EFF2EAF2D3CC}
2013-01-14 01:47:20 -------- d-----w- c:\users\cesko\appdata\local\{BA0F75A1-2F4E-48B3-A03D-1F7EE934BFDB}
2013-01-13 13:46:54 -------- d-----w- c:\users\cesko\appdata\local\{7CEEBCC7-3D96-40D2-B86C-39983BE5BCBB}
2013-01-13 00:31:37 -------- d-----w- c:\users\cesko\appdata\local\{C40D3B18-2DA2-4E47-AA70-E1865A0931BD}
2013-01-12 12:27:48 -------- d-----w- c:\users\cesko\appdata\local\{07F6F75D-FED7-4B66-999B-B6819256E23F}
2013-01-11 23:47:00 -------- d-----w- c:\users\cesko\appdata\local\{216658C9-838A-43E0-B8AB-514FCC5715C7}
2013-01-11 11:46:23 -------- d-----w- c:\users\cesko\appdata\local\{C5EAB6A4-177E-4AF2-9D05-439B8E6A270D}
2013-01-10 22:09:29 -------- d-----w- c:\users\cesko\appdata\local\{E1BBAD65-DE93-4A2D-AF91-FA904DA01121}
2013-01-10 10:09:03 -------- d-----w- c:\users\cesko\appdata\local\{249FDFEE-E9BB-47E6-9F49-99FFB4B347F6}
2013-01-09 15:00:23 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 14:59:46 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 14:59:44 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 12:02:27 -------- d-----w- c:\users\cesko\appdata\local\{41271750-433A-48FC-A770-9D6419BD6717}
2013-01-08 23:35:05 -------- d-----w- c:\users\cesko\appdata\local\{3663BE5F-3B36-401E-8520-6148B8CC63D8}
2013-01-08 11:19:36 -------- d-----w- c:\users\cesko\appdata\local\{BEAF92EC-9FD1-46F6-9B3A-24A123B8205F}
2013-01-07 20:29:59 -------- d-----w- c:\users\cesko\appdata\local\{DA44FFDA-317D-49A3-9D5E-78369B0D9C47}
2013-01-07 08:29:33 -------- d-----w- c:\users\cesko\appdata\local\{43ECCD76-DB21-4D58-9433-25A0C6C514B2}
2013-01-06 10:20:02 -------- d-----w- c:\users\cesko\appdata\local\{6833F44B-A385-43B7-BE11-F3094B750FD3}
2013-01-05 11:41:37 -------- d-----w- c:\users\cesko\appdata\local\{6F7F0918-ED7A-450A-B7CE-ADCF4D013FFD}
2013-01-04 23:41:02 -------- d-----w- c:\users\cesko\appdata\local\{D6B0E526-BC2C-4E40-9205-AB5D4499D1DC}
2013-01-04 11:15:54 -------- d-----w- c:\program files\common files\Symantec Shared
2013-01-04 10:18:22 -------- d-----w- c:\users\cesko\appdata\local\{FC804241-6DAA-4E32-9C15-21F695BF14FC}
2013-01-03 13:01:21 -------- d-----w- c:\users\cesko\appdata\local\{85512C0D-9B6D-4082-A69B-5C3138659523}
2013-01-03 01:00:56 -------- d-----w- c:\users\cesko\appdata\local\{5EDE2083-11C6-410C-9895-A6AE712BE394}
2013-01-02 11:19:36 -------- d-----w- c:\users\cesko\appdata\local\{FBC25645-9011-4E46-925C-00F36EAFB10D}
2013-01-01 22:27:05 -------- d-----w- c:\users\cesko\appdata\local\{31F8CC95-4754-4877-8856-AD2370CB52FD}
2013-01-01 10:26:19 -------- d-----w- c:\users\cesko\appdata\local\{0418435B-8595-4137-A109-08329D6ECF72}
2012-12-31 22:12:27 -------- d-----w- c:\users\cesko\appdata\local\{CAC161AE-6D2C-4072-AE4C-FF98C7B53FF7}
2012-12-31 10:11:10 -------- d-----w- c:\users\cesko\appdata\local\{510EC0B1-4F88-472E-AAF6-246084160E00}
2012-12-30 09:46:37 -------- d-----w- c:\users\cesko\appdata\local\{7C502EED-6F6F-4E33-B766-0651B17B179B}
.
==================== Find3M ====================
.
2013-01-14 13:14:53 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-14 13:14:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-09 21:17:28 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 21:17:28 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 10:17:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-26 10:17:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-20 00:45:34 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-11-01 12:00:19 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2012-11-01 12:00:18 172032 ----a-w- c:\windows\system32\rixdicon.dll
2012-11-01 11:11:36 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2012-11-01 11:04:02 46592 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2012-11-01 08:04:39 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2012-11-01 08:02:17 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-11-01 08:02:17 363112 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2012-11-01 08:02:17 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-11-01 07:57:51 10632 ----a-w- c:\windows\system32\drivers\amdide.sys
2012-11-01 07:55:59 53328 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2012-11-01 07:55:59 38864 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2012-11-01 07:55:59 37328 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2012-11-01 07:55:59 1581136 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2012-11-01 07:48:58 516096 ----a-w- c:\windows\system32\sm56co85.txt
2012-11-01 07:48:57 1095936 ----a-w- c:\windows\system32\drivers\smserial.sys
2012-11-01 07:42:44 15248 ----a-w- c:\windows\system32\drivers\pmkbdfltr.sys
2011-12-19 00:38:03 63 ----a-w- c:\program files\dialogysclip.bat
2011-09-16 13:12:04 143240 ----a-w- c:\program files\common files\ApnStub.exe
.
============= FINISH: 23:27:15,71 ===============

udelal sem ten RSIT


Logfile of random's system information tool 1.09 (written by random/random)
Run by cesko at 2013-01-28 23:59:34
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 23 GB (28%) free of 83 GB
Total RAM: 3070 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:00:46, on 29.1.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Users\cesko\AppData\Local\Temp\RSIT(1).exe
C:\Program Files\trend micro\cesko.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111304 ... 1d604d90ae
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://http://www.yahoo.com/?ilc=8.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://http://www.yahoo.com/?ilc=8.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Microsoft® Windows® Operating System] C:\Program Files\Microsoft\Windows Installer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Microsoft® Windows® OS Manager] C:\Program Files\Microsoft\Windows Installer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Explorer Policies] C:\Program Files\Microsoft\Windows Installer.exe
O4 - HKCU\..\Policies\Explorer\Run: [Microsoft Explorer Policies] C:\Program Files\Microsoft\Windows Installer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\23765~1.24\{16cdf~1\browse~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Uniblue Maxi Disk Service (Uniblue.MaxiDiskSvc) - Unknown owner - C:\Program Files\Uniblue\MaxiDisk\service.exe

--
End of file - 6734 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\MaxiDisk.job
C:\Windows\tasks\mdmonitor.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\RegCure Pro.job
C:\Windows\tasks\SpeedUpMyPC.job
C:\Windows\tasks\spmonitor.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29 539888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-12 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]
IEExtension.VDownloaderBHO - C:\Windows\system32\mscoree.dll [2009-11-08 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-12 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2012-11-01 1458176]
"RIMBBLaunchAgent.exe"=C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-11-02 90448]
"Microsoft® Windows® Operating System"=C:\Program Files\Microsoft\Windows Installer.exe [2005-10-07 770048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Explorer Policies"=C:\Program Files\Microsoft\Windows Installer.exe [2005-10-07 770048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]
"Microsoft® Windows® OS Manager"=C:\Program Files\Microsoft\Windows Installer.exe [2005-10-07 770048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Explorer Policies"=C:\Program Files\Microsoft\Windows Installer.exe [2005-10-07 770048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2006-09-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxiDisk]
C:\Program Files\Uniblue\MaxiDisk\launcher.exe delay 20000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2012-03-08 4280184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-11-02 90448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2012-10-29 10996368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2012-11-01 1458176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe [2012-11-22 406936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost]
C:\Windows\System32\Microsoft\adobe reader.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\browse~1\23765~1.24\{16cdf~1\browse~1.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=serwvdrv.dll
"wave2"=serwvdrv.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-28 23:59:53 ----AD---- C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ......Z...ZZ
2013-01-28 23:49:54 ----D---- C:\rsit
2013-01-28 23:49:54 ----D---- C:\Program Files\trend micro
2013-01-28 23:48:26 ----AD---- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.Z.Z...ZZ...ZZ
2013-01-28 23:15:56 ----A---- C:\Users\cesko\AppData\Roaming\ceskov3.5.0.0.txt
2013-01-28 23:15:40 ----A---- C:\Users\cesko\AppData\Roaming\ceskov3.5.0.0.vbs
2013-01-28 22:58:37 ----A---- C:\0.bak
2013-01-28 22:37:48 ----D---- C:\Program Files\Common Files\ParetoLogic
2013-01-28 22:37:44 ----D---- C:\Program Files\ParetoLogic
2013-01-28 22:18:21 ----D---- C:\Users\cesko\AppData\Roaming\ParetoLogic
2013-01-28 22:18:21 ----D---- C:\Users\cesko\AppData\Roaming\DriverCure
2013-01-28 22:18:10 ----D---- C:\ProgramData\ParetoLogic
2013-01-28 20:17:49 ----D---- C:\Program Files\VS Revo Group
2013-01-28 02:45:43 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2013-01-24 14:09:22 ----RD---- C:\Program Files\Skype
2013-01-24 14:09:22 ----D---- C:\Program Files\Common Files\Skype
2013-01-17 12:02:20 ----D---- C:\Program Files\Zrychleni Pocitace
2013-01-17 12:00:13 ----D---- C:\Program Files\pazera-software
2013-01-15 21:01:24 ----D---- C:\Users\cesko\AppData\Roaming\TuneUp Software
2013-01-15 21:01:13 ----D---- C:\ProgramData\TuneUp Software
2013-01-15 21:01:07 ----SHD---- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-15 21:01:07 ----HD---- C:\ProgramData\Common Files
2013-01-15 20:57:32 ----D---- C:\Users\cesko\AppData\Roaming\Broad Intelligence
2013-01-15 20:57:30 ----D---- C:\Users\cesko\AppData\Roaming\OpenCandy
2013-01-15 20:57:30 ----D---- C:\Program Files\MediaCoder
2013-01-14 20:21:52 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-01-14 20:21:52 ----A---- C:\Windows\system32\javaw.exe
2013-01-14 20:21:52 ----A---- C:\Windows\system32\java.exe
2013-01-14 14:16:04 ----D---- C:\Program Files\Common Files\Java
2013-01-14 14:14:46 ----D---- C:\Program Files\Java
2013-01-09 16:00:23 ----A---- C:\Windows\system32\win32k.sys
2013-01-09 15:59:46 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-09 15:59:45 ----A---- C:\Windows\system32\shlwapi.dll
2013-01-09 15:59:44 ----A---- C:\Windows\system32\msxml6.dll
2013-01-04 12:15:54 ----D---- C:\Program Files\Common Files\Symantec Shared

======List of files/folders modified in the last 1 month======

2013-01-28 23:59:53 ----D---- C:\Windows\System32
2013-01-28 23:59:53 ----D---- C:\Windows
2013-01-28 23:49:54 ----RD---- C:\Program Files
2013-01-28 23:48:26 ----D---- C:\Windows\system32\LogFiles
2013-01-28 23:48:26 ----D---- C:\Windows\Prefetch
2013-01-28 23:48:25 ----D---- C:\Windows\ModemLogs
2013-01-28 23:48:24 ----D---- C:\Windows\SoftwareDistribution
2013-01-28 23:27:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-28 23:01:18 ----D---- C:\Windows\system32\Tasks
2013-01-28 23:00:59 ----D---- C:\Windows\Temp
2013-01-28 23:00:51 ----D---- C:\Windows\Debug
2013-01-28 23:00:00 ----D---- C:\Windows\system32\catroot2
2013-01-28 22:59:20 ----D---- C:\Windows\system32\config
2013-01-28 22:59:20 ----D---- C:\Windows\Panther
2013-01-28 22:59:20 ----D---- C:\Users\cesko\AppData\Roaming\uTorrent
2013-01-28 22:59:20 ----D---- C:\Users\cesko\AppData\Roaming\Babylon
2013-01-28 22:59:19 ----HD---- C:\ProgramData
2013-01-28 22:59:18 ----D---- C:\Windows\system32\Msdtc
2013-01-28 22:59:18 ----D---- C:\Windows\inf
2013-01-28 22:59:18 ----D---- C:\Users\cesko\AppData\Roaming\BatteryBar
2013-01-28 22:58:49 ----SD---- C:\Windows\Downloaded Program Files
2013-01-28 22:58:33 ----SHD---- C:\System Volume Information
2013-01-28 22:46:08 ----D---- C:\Users\cesko\AppData\Roaming\Skype
2013-01-28 22:38:35 ----D---- C:\Windows\Tasks
2013-01-28 22:37:48 ----D---- C:\Program Files\Common Files
2013-01-28 20:54:29 ----D---- C:\Program Files\Uniblue
2013-01-28 20:54:13 ----D---- C:\Users\cesko\AppData\Roaming\Uniblue
2013-01-28 20:52:51 ----SHD---- C:\Windows\Installer
2013-01-28 20:35:34 ----D---- C:\Windows\system32\drivers
2013-01-28 20:35:34 ----D---- C:\Windows\system32\catroot
2013-01-28 08:48:52 ----D---- C:\Program Files\ExpressFiles
2013-01-24 14:09:40 ----D---- C:\ProgramData\Skype
2013-01-21 02:10:07 ----D---- C:\ProgramData\Tarma Installer
2013-01-19 22:15:29 ----D---- C:\Users\cesko\AppData\Roaming\tor
2013-01-18 10:07:40 ----D---- C:\ProgramData\Norton
2013-01-18 10:07:36 ----D---- C:\ProgramData\Symantec
2013-01-16 08:33:59 ----D---- C:\ProgramData\Yahoo!
2013-01-16 08:33:59 ----D---- C:\Program Files\Yahoo!
2013-01-16 08:33:45 ----D---- C:\Users\cesko\AppData\Roaming\Yahoo!
2013-01-16 08:29:59 ----D---- C:\Users\cesko\AppData\Roaming\systweak
2013-01-15 21:07:25 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2013-01-14 14:14:53 ----A---- C:\Windows\system32\npdeployJava1.dll
2013-01-14 14:14:52 ----A---- C:\Windows\system32\deployJava1.dll
2013-01-10 12:03:47 ----RSD---- C:\Windows\assembly
2013-01-10 12:03:47 ----D---- C:\Windows\Microsoft.NET
2013-01-10 00:10:15 ----A---- C:\Windows\win.ini
2013-01-10 00:05:03 ----D---- C:\Windows\winsxs
2013-01-09 22:17:28 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-01-09 19:48:37 ----A---- C:\Windows\system32\mrt.exe
2013-01-02 21:21:01 ----D---- C:\Program Files\Common Files\Research In Motion

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-09-27 36560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-03 242240]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2012-11-01 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2012-11-01 44544]
R2 risdptsk;risdptsk; C:\Windows\system32\DRIVERS\risdptsk.sys [2012-11-01 46592]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2012-11-01 38400]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-08-30 140800]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2012-11-01 38864]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2012-11-01 37328]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 pmkbdfltr;PenMount Keyboard Device Filter Driver; C:\Windows\system32\DRIVERS\pmkbdfltr.sys [2012-11-01 15248]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2012-11-01 363112]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2011-11-01 27632]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 2929664]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2011-09-09 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2011-09-09 25512]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2012-10-29 3240400]
S3 lvupdtio;lvupdtio; C:\Windows\system32\drivers\lvupdtio.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NPF;WinPcap Packet Driver (NPF); C:\Windows\system32\drivers\NPF.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2011-07-25 64512]
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2011-07-20 35328]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2012-11-01 1095936]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 34944]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-04-11 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-07-27 610304]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-26 116648]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-26 116648]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Uniblue.MaxiDiskSvc;Uniblue Maxi Disk Service; C:\Program Files\Uniblue\MaxiDisk\service.exe [2013-01-18 30032]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

Zdravim

Odinstalujte SpeedUpMyPC, Zrychleni Pocitace, RegCure Pro - vse jen zcela neucinne kramy

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

• Ulozte nejlepe na Plochu
• Spustte tradicne dvouklikem a postupujte dle pokynu utility
• Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Search
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Security Check log:

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 11
Adobe Flash Player 11.5.502.146
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

AdwCleaner:


# AdwCleaner v2.109 - Logfile created 01/29/2013 at 11:17:13
# Updated 26/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : cesko - CESKO-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\cesko\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\1ClickDownload
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ICQ6Toolbar
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\ICQ\ICQToolbar
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\cesko\AppData\Local\APN
Folder Found : C:\Users\cesko\AppData\Local\Conduit
Folder Found : C:\Users\cesko\AppData\LocalLow\Conduit
Folder Found : C:\Users\cesko\AppData\Roaming\Babylon
Folder Found : C:\Users\cesko\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\5ae88dbb13eba15
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aff0ead39a69005ddd5efa3485372b57
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Tarma Installer
Key Found : HKU\S-1-5-21-3613717200-223133842-2651324926-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-3613717200-223133842-2651324926-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-3613717200-223133842-2651324926-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKU\S-1-5-21-3613717200-223133842-2651324926-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=111304&tt=0313_4&babsrc=HP_ss&mntrId=18f252fd000000000000001d604d90ae
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

*************************

AdwCleaner[R1].txt - [6903 octets] - [29/01/2013 11:15:28]
AdwCleaner[R2].txt - [6834 octets] - [29/01/2013 11:17:13]

########## EOF - C:\AdwCleaner[R2].txt - [6894 octets] ##########

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Delete
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

• Ulozte nejlepe na Plochu
• U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
• Kliknete na Scan
• Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

Znovu AdwCleaner:


# AdwCleaner v2.109 - Logfile created 01/29/2013 at 14:31:15
# Updated 26/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : cesko - CESKO-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\cesko\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\cesko\AppData\Local\APN
Folder Deleted : C:\Users\cesko\AppData\Local\Conduit
Folder Deleted : C:\Users\cesko\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\cesko\AppData\Roaming\Babylon
Folder Deleted : C:\Users\cesko\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\5ae88dbb13eba15
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aff0ead39a69005ddd5efa3485372b57
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=111304&tt=0313_4&babsrc=HP_ss&mntrId=18f252fd000000000000001d604d90ae --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [6903 octets] - [29/01/2013 11:15:28]
AdwCleaner[R2].txt - [6963 octets] - [29/01/2013 11:17:13]
AdwCleaner[R3].txt - [7023 octets] - [29/01/2013 14:30:19]
AdwCleaner[S1].txt - [6562 octets] - [29/01/2013 14:31:15]

########## EOF - C:\AdwCleaner[S1].txt - [6622 octets] ##########

farbar service scanner:

Farbar Service Scanner Version: 16-01-2013
Ran by cesko (administrator) on 29-01-2013 at 14:43:20
Running from "C:\Users\cesko\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Dobre
Hned jak prijdu ze cviceni tak to udelam...
Jen mi jeste poradte jak zjistim jestli 32bit nebo 64bit?

Mate 32bit OS

děkuju...
právě na tom makám...mezitím se mi vypnul 2x pc přehrátím

No to by chtelo poresit v prve rade to prehrivani - vycistit od prachu atd

OTL:


OTL logfile created on: 29.1.2013 23:05:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cesko\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,33% Memory free
5,90 Gb Paging File | 5,44 Gb Available in Paging File | 92,17% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 81,36 Gb Total Space | 23,17 Gb Free Space | 28,48% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 42,38 Gb Free Space | 62,60% Space Free | Partition Type: NTFS

Computer Name: CESKO-PC | User Name: cesko | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.01.29 21:26:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cesko\Desktop\OTL.exe
PRC - [2012.09.17 06:10:12 | 000,097,152 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon3\Bin\Maxthon.exe
PRC - [2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.08.29 08:20:58 | 009,465,032 | ---- | M] () -- C:\Program Files\Maxthon3\Core\Webkit\Npplugins\NPSWF32.dll
MOD - [2012.08.03 06:15:26 | 000,258,944 | ---- | M] () -- C:\Program Files\Maxthon3\Bin\Maxzlib.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013.01.09 22:17:29 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NPF)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (lvupdtio)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - [2012.11.01 13:00:19 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2012.11.01 12:11:36 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2012.11.01 12:04:02 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2012.11.01 09:04:39 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2012.11.01 09:02:17 | 000,363,112 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2012.11.01 08:57:51 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2012.11.01 08:55:59 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012.11.01 08:55:59 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2012.11.01 08:48:57 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2012.11.01 08:42:44 | 000,015,248 | ---- | M] (PenMount) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmkbdfltr.sys -- (pmkbdfltr)
DRV - [2012.05.03 08:35:21 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.11.01 11:41:58 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2011.09.09 21:49:43 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.09.09 21:49:43 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2007.07.31 01:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.07.27 22:36:38 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.05.25 09:15:16 | 001,743,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2006.08.30 08:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://http://www.yahoo.com/?ilc=8.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.yahoo.com/?ilc=8.yahoo.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No CLSID value found
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searc ... &fr=mkg028
IE - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.26 11:18:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011.11.06 17:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cesko\AppData\Roaming\mozilla\Extensions
[2011.11.06 17:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cesko\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Microsoft® Windows® Operating System] C:\Program Files\Microsoft\Windows Installer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3613717200-223133842-2651324926-1000..\Run: [Microsoft® Windows® OS Manager] C:\Program Files\Microsoft\Windows Installer.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Explorer Policies = C:\Program Files\Microsoft\Windows Installer.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Explorer Policies = C:\Program Files\Microsoft\Windows Installer.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKU\S-1-5-21-3613717200-223133842-2651324926-1000\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E4835A-8CC3-420B-91E5-48014E065A30}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAE6D55F-F66B-4F39-A3DD-E2F6609718A1}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23765~1.24\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\cesko\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\cesko\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{111de01c-29bd-11e1-bc5b-001d604d90ae}\Shell - "" = AutoRun
O33 - MountPoints2\{111de01c-29bd-11e1-bc5b-001d604d90ae}\Shell\AutoRun\command - "" = G:\DialogysInstall_PC.exe
O33 - MountPoints2\{a52ad422-c414-11e0-8b35-001d6070b246}\Shell - "" = AutoRun
O33 - MountPoints2\{a52ad422-c414-11e0-8b35-001d6070b246}\Shell\AutoRun\command - "" = F:\DialogysInstall_PC.exe
O33 - MountPoints2\{c821668a-4d8e-11e1-a275-001d604d90ae}\Shell - "" = AutoRun
O33 - MountPoints2\{c821668a-4d8e-11e1-a275-001d604d90ae}\Shell\AutoRun\command - "" = F:\DialogysInstall_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.01.29 21:26:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\cesko\Desktop\OTL.exe
[2013.01.29 14:42:10 | 000,350,915 | ---- | C] (Farbar) -- C:\Users\cesko\Desktop\FSS.exe
[2013.01.28 23:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.01.28 23:49:54 | 000,000,000 | ---D | C] -- C:\rsit
[2013.01.28 22:18:21 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Roaming\ParetoLogic
[2013.01.28 22:18:21 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Roaming\DriverCure
[2013.01.28 22:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013.01.28 20:28:19 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Local\{4722288C-0213-4D33-9063-CFF956DEC3AF}
[2013.01.28 20:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013.01.28 20:17:49 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.01.28 02:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013.01.28 01:46:06 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Local\{83232A03-1FD4-42FB-9EAB-982BAB386955}
[2013.01.27 13:38:39 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Local\{2AFB720C-D324-466E-B7A1-83BEABAE4EAC}
[2013.01.27 01:04:06 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Local\{20B84885-CAA7-4C65-B13F-C08914827D4B}
[2013.01.26 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Local\{8C5BF28A-81A7-4A6C-8F73-1288C9F541F3}
[2013.01.26 01:03:08 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Local\{3A64584D-FA5F-48A6-8F3F-C4FC980FD5A3}
[2013.01.25 13:02:43 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Local\{3BC836DC-8B9C-45A0-A1C0-58C84D4A8702}
[2013.01.24 14:53:31 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Local\{ECAB57D7-8580-453A-9E41-E37FF5957647}
[2013.01.24 14:09:22 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.01.24 14:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.24 14:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.01.23 22:28:19 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Local\{5353894A-B67C-4D52-9B48-3237E468994B}
[2013.01.23 10:27:33 | 000,000,000 | ---D | C] -- C:\Users\cesko\AppData\Local\{79497AE8-2935-495F-B947-A379D36D0FA2}
[2012.06.05 08:08:29 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.01.29 23:06:48 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.01.29 22:32:15 | 000,708,298 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.29 22:32:15 | 000,330,632 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.01.29 22:32:15 | 000,185,434 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.29 22:32:15 | 000,107,262 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.01.29 22:24:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.29 22:22:11 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 22:22:11 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 22:22:10 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.29 21:26:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cesko\Desktop\OTL.exe
[2013.01.29 14:59:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.29 14:42:12 | 000,350,915 | ---- | M] (Farbar) -- C:\Users\cesko\Desktop\FSS.exe
[2013.01.29 14:35:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.29 14:28:26 | 000,001,356 | ---- | M] () -- C:\Users\cesko\AppData\Local\d3d9caps.dat
[2013.01.29 14:17:34 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.29 11:34:42 | 000,371,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.29 11:15:02 | 000,580,235 | ---- | M] () -- C:\Users\cesko\Desktop\adwcleaner.exe
[2013.01.29 11:06:26 | 000,881,914 | ---- | M] () -- C:\Users\cesko\Desktop\SecurityCheck.exe
[2013.01.28 23:10:35 | 000,002,395 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.28 22:58:37 | 000,000,260 | ---- | M] () -- C:\0.bak
[2013.01.28 20:17:50 | 000,001,057 | ---- | M] () -- C:\Users\cesko\Desktop\Revo Uninstaller.lnk
[2013.01.28 02:50:09 | 068,321,280 | ---- | M] () -- C:\Users\cesko\Desktop\eav_nt32_csy.msi
[2013.01.26 21:15:39 | 000,231,424 | ---- | M] () -- C:\Users\cesko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.26 01:40:15 | 000,127,639 | ---- | M] () -- C:\Users\cesko\Desktop\HPIM3956.JPG
[2013.01.24 10:33:48 | 000,000,504 | ---- | M] () -- C:\0
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.29 21:32:19 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.01.29 11:33:57 | 000,371,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.29 11:15:01 | 000,580,235 | ---- | C] () -- C:\Users\cesko\Desktop\adwcleaner.exe
[2013.01.29 11:06:24 | 000,881,914 | ---- | C] () -- C:\Users\cesko\Desktop\SecurityCheck.exe
[2013.01.28 22:58:37 | 000,000,260 | ---- | C] () -- C:\0.bak
[2013.01.28 20:17:50 | 000,001,057 | ---- | C] () -- C:\Users\cesko\Desktop\Revo Uninstaller.lnk
[2013.01.28 02:50:28 | 068,321,280 | ---- | C] () -- C:\Users\cesko\Desktop\eav_nt32_csy.msi
[2013.01.24 14:09:22 | 000,002,395 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.26 21:47:02 | 000,572,616 | ---- | C] ( ) -- C:\Users\cesko\setup.exe
[2012.10.29 02:44:05 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.09.16 15:12:44 | 000,003,200 | ---- | C] () -- C:\Users\cesko\AppData\Local\recently-used.xbel
[2012.07.11 10:36:56 | 000,162,697 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.07.11 10:36:27 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.06.09 12:09:46 | 000,330,632 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2012.06.09 12:09:46 | 000,107,262 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2011.12.19 01:38:03 | 000,000,828 | ---- | C] () -- C:\Users\cesko\desinstart.bat
[2011.12.19 01:38:03 | 000,000,575 | ---- | C] () -- C:\Users\cesko\desinst.bat
[2011.12.19 01:38:03 | 000,000,573 | ---- | C] () -- C:\Users\cesko\dialogysMPFuser.prf
[2011.12.19 01:38:03 | 000,000,174 | ---- | C] () -- C:\Users\cesko\dialogysClip.prf
[2011.12.19 01:38:03 | 000,000,120 | ---- | C] () -- C:\Users\cesko\dialogysInstall.prf
[2011.12.19 01:38:03 | 000,000,063 | ---- | C] () -- C:\Program Files\dialogysclip.bat
[2011.11.01 23:55:40 | 000,000,093 | ---- | C] () -- C:\Users\cesko\AppData\Local\fusioncache.dat
[2011.10.28 13:42:12 | 000,145,565 | ---- | C] () -- C:\Windows\hpiins06.dat
[2011.10.28 13:42:11 | 000,000,000 | ---- | C] () -- C:\Windows\hpimdl06.dat
[2011.09.12 14:24:50 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.08.23 21:51:08 | 000,231,424 | ---- | C] () -- C:\Users\cesko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.11 15:22:06 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.08.11 13:35:14 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.11 12:15:48 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011.08.11 10:15:08 | 001,743,232 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011.08.11 10:15:08 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2011.08.10 18:21:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.08.10 17:28:44 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011.08.10 17:28:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011.08.10 17:28:43 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.08.10 16:06:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.08.10 15:39:55 | 000,001,356 | ---- | C] () -- C:\Users\cesko\AppData\Local\d3d9caps.dat
[2005.12.08 12:46:20 | 000,569,102 | -H-- | C] () -- C:\Users\cesko\AppData\Roaming\logs.dat

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 14:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 14:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006.04.12 02:25:39 | 000,000,000 | -H-D | M] -- C:\Users\cesko\AppData\Roaming\18F252FD
[2012.12.13 20:17:11 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\AbiSuite
[2011.11.07 10:31:11 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Azureus
[2013.01.28 22:59:18 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\BatteryBar
[2013.01.18 10:04:27 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Broad Intelligence
[2012.01.10 16:26:15 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\C__Users_cesko_HD_Crack_HideIPEasy.exe
[2012.10.28 20:48:06 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\DAEMON Tools Lite
[2013.01.28 22:18:21 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\DriverCure
[2012.02.11 14:26:30 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\D__HD_Crack_HideIPEasy.exe
[2012.12.16 14:59:32 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\ExpressFiles
[2012.12.26 14:50:16 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\GeoVid
[2011.08.10 16:09:18 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\GHISLER
[2011.08.26 09:03:29 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\GrabPro
[2012.01.10 16:27:23 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\HideIPEasy
[2012.04.19 12:05:05 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\ICQ Search
[2012.11.19 15:48:22 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Image Zone Express
[2012.12.26 21:30:56 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\IsolatedStorage
[2011.11.06 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\LimeWire
[2012.11.15 23:51:43 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Maxthon3
[2011.11.10 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Miranda
[2012.02.15 02:43:44 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Moyea
[2012.11.15 22:01:51 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Opera
[2011.08.27 11:28:50 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Orbit
[2013.01.28 22:18:21 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\ParetoLogic
[2011.12.29 19:14:08 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\PhotoFiltre
[2011.08.25 13:21:32 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Printer Info Cache
[2011.08.26 09:03:38 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\ProgSense
[2012.06.30 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\RenPy
[2012.09.25 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Research In Motion
[2011.11.26 06:00:50 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Shareaza
[2011.08.13 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Sony
[2012.10.29 01:31:30 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\SumatraPDF
[2013.01.16 08:29:59 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\systweak
[2013.01.15 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\TuneUp Software
[2013.01.28 22:59:20 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\uTorrent
[2012.11.05 00:54:45 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< >
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.12.04 14:02:19 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.12.26 02:24:00 | 000,000,934 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.12.26 02:24:02 | 000,000,938 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009.04.11 14:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 14:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 14:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 14:18:39 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 14:18:39 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 14:18:00 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.11 14:18:00 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.11 14:18:00 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 14:18:00 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: SCECLI.DLL >
[2009.04.11 14:18:47 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 14:18:47 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.04.11 14:18:46 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009.04.11 14:18:46 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008.01.21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.04.11 14:19:10 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011.09.20 22:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2010.09.04 17:27:25 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2010.09.04 16:38:07 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2010.09.04 16:37:51 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011.06.17 21:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2012.03.30 13:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010.02.18 12:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 15:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2010.09.04 16:38:09 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010.09.04 17:27:26 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 13:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2010.09.04 17:27:25 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010.09.04 18:25:36 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2010.09.04 16:38:01 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011.06.17 21:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010.09.04 18:25:37 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010.09.04 18:25:37 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011.09.20 22:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2010.09.04 17:27:30 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2010.09.04 16:37:52 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 18:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.09.04 18:25:38 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010.04.05 18:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
[2010.09.04 17:27:28 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010.04.05 21:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
[2010.02.18 15:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2010.09.04 17:27:27 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2012.03.30 13:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\System32\drivers\tcpip.sys
[2012.03.30 13:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2010.09.04 16:38:01 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 14:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 14:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

< >

< %systemroot%*.* /U /s >
[13 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[8 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\twain_32\*.tmp files -> C:\Windows\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2006.04.12 02:25:39 | 000,000,000 | -H-D | M] -- C:\Users\cesko\AppData\Roaming\18F252FD
[2012.12.13 20:17:11 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\AbiSuite
[2011.11.28 03:09:31 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Adobe
[2011.08.11 15:12:47 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Ahead
[2012.08.30 16:42:11 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Apple Computer
[2011.08.10 17:50:09 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\ATI
[2011.11.07 10:31:11 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Azureus
[2013.01.28 22:59:18 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\BatteryBar
[2013.01.18 10:04:27 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Broad Intelligence
[2012.01.10 16:26:15 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\C__Users_cesko_HD_Crack_HideIPEasy.exe
[2012.10.28 20:48:06 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\DAEMON Tools Lite
[2013.01.28 22:18:21 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\DriverCure
[2012.02.11 14:26:30 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\D__HD_Crack_HideIPEasy.exe
[2012.12.16 14:59:32 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\ExpressFiles
[2012.12.26 14:50:16 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\GeoVid
[2011.08.10 16:09:18 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\GHISLER
[2011.08.15 16:49:52 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Google
[2011.08.26 09:03:29 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\GrabPro
[2012.01.10 16:27:23 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\HideIPEasy
[2012.09.05 21:03:17 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\HP
[2012.04.19 12:05:05 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\ICQ Search
[2011.08.10 15:40:02 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Identities
[2012.11.19 15:48:22 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Image Zone Express
[2011.08.11 10:33:18 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\InstallShield
[2012.12.26 21:30:56 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\IsolatedStorage
[2011.11.06 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\LimeWire
[2011.08.10 17:38:04 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Macromedia
[2012.11.15 23:51:43 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Maxthon3
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Media Center Programs
[2013.01.29 14:28:35 | 000,000,000 | RHSD | M] -- C:\Users\cesko\AppData\Roaming\Microsoft
[2011.11.10 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Miranda
[2012.02.15 02:43:44 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Moyea
[2011.08.10 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Mozilla
[2011.08.22 13:19:31 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Nero
[2012.11.15 22:01:51 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Opera
[2011.08.27 11:28:50 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Orbit
[2013.01.28 22:18:21 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\ParetoLogic
[2011.12.29 19:14:08 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\PhotoFiltre
[2011.08.25 13:21:32 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Printer Info Cache
[2011.08.26 09:03:38 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\ProgSense
[2012.09.05 06:37:09 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Real
[2012.12.26 11:18:33 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\RealNetworks
[2012.06.30 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\RenPy
[2012.09.25 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Research In Motion
[2011.11.26 06:00:50 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Shareaza
[2013.01.29 13:33:14 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Skype
[2011.08.13 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Sony
[2012.10.29 01:31:30 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\SumatraPDF
[2013.01.16 08:29:59 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\systweak
[2013.01.19 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\tor
[2013.01.15 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\TuneUp Software
[2013.01.28 22:59:20 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\uTorrent
[2011.08.12 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\WinRAR
[2013.01.16 08:33:45 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Yahoo!
[2012.11.05 00:54:45 | 000,000,000 | ---D | M] -- C:\Users\cesko\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2011.10.29 11:20:48 | 000,010,134 | R--- | M] () -- C:\Users\cesko\AppData\Roaming\Microsoft\Installer\{069730C2-755A-485B-A205-27A1AAFA836A}\ARPPRODUCTICON.exe
[2011.08.26 15:01:47 | 000,010,134 | R--- | M] () -- C:\Users\cesko\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2012.09.25 22:12:57 | 000,099,678 | R--- | M] () -- C:\Users\cesko\AppData\Roaming\Microsoft\Installer\{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}\_9245BB595BBBDFD31A265B.exe
[2012.09.22 22:44:59 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\cesko\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
[2012.09.29 23:07:50 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\cesko\AppData\Roaming\Real\Update\temp\~Upg1\rnupgagent.exe
[2012.09.22 22:44:59 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\cesko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
[2012.09.28 03:20:38 | 027,433,440 | ---- | M] (RealNetworks, Inc.) -- C:\Users\cesko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\stub_data\RealPlayer.exe
[2012.09.28 03:18:50 | 000,760,128 | ---- | M] (RealNetworks, Inc.) -- C:\Users\cesko\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\stub_exe\RealPlayer.exe
[2012.12.13 20:34:24 | 002,959,376 | ---- | M] (Microsoft Corporation) -- C:\Users\cesko\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\dotnetfx35setup.exe
[2013.01.02 21:15:27 | 116,244,136 | ---- | M] () -- C:\Users\cesko\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\Extractor.exe
[2012.12.13 20:34:24 | 000,128,472 | ---- | M] (Macrovision Corporation) -- C:\Users\cesko\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\Helper.exe
[2012.12.13 20:34:24 | 004,216,840 | ---- | M] (Microsoft Corporation) -- C:\Users\cesko\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\vcredist_x86.exe
[2012.12.13 20:34:24 | 000,425,128 | ---- | M] (Research In Motion Limited) -- C:\Users\cesko\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\InstallerUtils\InstallerUtils.exe
[2012.12.13 20:34:24 | 000,083,624 | ---- | M] (Research In Motion Limited) -- C:\Users\cesko\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\InstallerUtils\Setup.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013.01.29 14:17:34 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.01.29 22:22:10 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.01.29 14:35:00 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.04.11 15:08:12 | 023,552,000 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2009.04.11 15:07:55 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2009.04.11 15:08:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.01.29 22:22:11 | 000,003,760 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 22:22:11 | 000,003,760 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 11:34:42 | 000,371,232 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2013.01.29 22:32:15 | 000,107,262 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2013.01.29 22:32:15 | 000,185,434 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2013.01.29 22:32:15 | 000,330,632 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2013.01.29 22:32:15 | 000,708,298 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2013.01.29 22:32:15 | 000,007,016 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2013.01.08 12:59:26 | 018,705,664 | R--- | M] (Skype Technologies S.A.)
"Microsoft® Windows® OS Manager" = C:\Program Files\Microsoft\Windows Installer.exe -- [2005.10.07 04:12:53 | 000,770,048 | RHS- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012.11.14 03:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.01.29 23:06:48 | 000,000,512 | ---- | M] () MD5=850FCF1C72E404EBE2A9D32C6D619690 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[1 \Program Files\*.tmp files -> \Program Files\*.tmp -> ]
[2012.03.21 14:03:36 | 000,292,864 | ---- | M] () -- \Program Files\BBSAK\javaloader.exe
[2001.01.16 05:55:36 | 000,053,248 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\COLOADER.DLL
[2001.01.16 03:22:34 | 000,002,560 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\COLOADER.TLB
[2012.12.13 16:05:38 | 011,524,264 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\Loader.exe
[2012.12.13 16:05:40 | 000,637,096 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderClient.dll
[2012.12.13 16:05:40 | 000,332,968 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1025.dll
[2012.12.13 16:05:42 | 000,362,664 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1027.dll
[2012.12.13 16:05:42 | 000,285,864 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1028.dll
[2012.12.13 16:05:42 | 000,345,256 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1029.dll
[2012.12.13 16:05:42 | 000,347,304 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1030.dll
[2012.12.13 16:05:44 | 000,364,712 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1031.dll
[2012.12.13 16:05:44 | 000,366,248 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1032.dll
[2012.12.13 16:05:44 | 000,366,760 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1034.dll
[2012.12.13 16:05:46 | 000,345,256 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1035.dll
[2012.12.13 16:05:46 | 000,365,736 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1036.dll
[2012.12.13 16:05:46 | 000,322,728 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1037.dll
[2012.12.13 16:05:46 | 000,353,448 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1038.dll
[2012.12.13 16:05:48 | 000,361,640 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1040.dll
[2012.12.13 16:05:48 | 000,305,320 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1041.dll
[2012.12.13 16:05:48 | 000,301,224 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1042.dll
[2012.12.13 16:05:50 | 000,354,472 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1043.dll
[2012.12.13 16:05:50 | 000,342,696 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1044.dll
[2012.12.13 16:05:50 | 000,356,008 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1045.dll
[2012.12.13 16:05:50 | 000,354,984 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1046.dll
[2012.12.13 16:05:52 | 000,355,496 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1048.dll
[2012.12.13 16:05:52 | 000,350,888 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1049.dll
[2012.12.13 16:05:52 | 000,346,792 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1050.dll
[2012.12.13 16:05:54 | 000,344,232 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1053.dll
[2012.12.13 16:05:54 | 000,338,600 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1054.dll
[2012.12.13 16:05:54 | 000,344,232 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1055.dll
[2012.12.13 16:05:54 | 000,349,352 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1057.dll
[2012.12.13 16:05:56 | 000,361,640 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1066.dll
[2012.12.13 16:05:56 | 000,348,840 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1069.dll
[2012.12.13 16:05:56 | 000,349,352 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1081.dll
[2012.12.13 16:05:58 | 000,357,544 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes1110.dll
[2012.12.13 16:05:58 | 000,281,768 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes2052.dll
[2012.12.13 16:05:58 | 000,344,744 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes2057.dll
[2012.12.13 16:06:00 | 000,361,640 | ---- | M] () -- \Program Files\Common Files\Research In Motion\AppLoader\LoaderRes2070.dll
[2012.08.17 01:21:04 | 000,057,216 | ---- | M] () -- \Program Files\Maxthon3\Bin\MxAppLoader.exe
[2012.08.29 08:20:50 | 000,781,696 | ---- | M] () -- \Program Files\Maxthon3\Bin\MxDownloader.dll
[2012.11.30 14:22:10 | 000,251,793 | ---- | M] () -- \Program Files\RealNetworks\RealDownloader\downloader.vs
[2012.07.11 11:48:32 | 000,000,500 | ---- | M] () -- \Program Files\Research In Motion\BlackBerry Desktop\DataUploaderConfig.xml
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2012.10.22 01:55:12 | 000,001,800 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Mihov Picture Downloader\Mihov Picture Downloader Help.lnk
[2012.10.22 01:55:12 | 000,001,791 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Mihov Picture Downloader\Mihov Picture Downloader Q&A.lnk
[2012.10.22 01:55:12 | 000,001,800 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Mihov Picture Downloader\Mihov Picture Downloader Web Page.lnk
[2012.10.22 01:55:12 | 000,001,816 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Mihov Picture Downloader\Mihov Picture Downloader.lnk
[2012.10.22 01:55:12 | 000,001,816 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Mihov Picture Downloader\Uninstall Mihov Picture Downloader.lnk
[2012.12.26 11:18:05 | 000,002,535 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealDownloader.lnk
[2012.06.05 17:13:01 | 000,012,512 | ---- | M] () -- \ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js
[2012.06.05 17:13:01 | 000,000,319 | ---- | M] () -- \ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul
[2012.11.29 20:30:58 | 000,013,246 | ---- | M] () -- \ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Content\browserrecordloader.js
[2012.11.29 20:10:16 | 000,000,319 | ---- | M] () -- \ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Content\browserrecordloader.xul
[2012.11.29 20:35:38 | 000,002,584 | ---- | M] () -- \ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
[2012.12.04 17:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.12.04 17:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.12.04 17:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2012.10.22 01:55:12 | 000,001,800 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Mihov Picture Downloader\Mihov Picture Downloader Help.lnk
[2012.10.22 01:55:12 | 000,001,791 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Mihov Picture Downloader\Mihov Picture Downloader Q&A.lnk
[2012.10.22 01:55:12 | 000,001,800 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Mihov Picture Downloader\Mihov Picture Downloader Web Page.lnk
[2012.10.22 01:55:12 | 000,001,816 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Mihov Picture Downloader\Mihov Picture Downloader.lnk
[2012.10.22 01:55:12 | 000,001,816 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Mihov Picture Downloader\Uninstall Mihov Picture Downloader.lnk
[2012.12.26 11:18:05 | 000,002,535 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealDownloader.lnk
[2012.06.05 17:13:01 | 000,012,512 | ---- | M] () -- \Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js
[2012.06.05 17:13:01 | 000,000,319 | ---- | M] () -- \Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul
[2012.11.29 20:30:58 | 000,013,246 | ---- | M] () -- \Users\All Users\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Content\browserrecordloader.js
[2012.11.29 20:10:16 | 000,000,319 | ---- | M] () -- \Users\All Users\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Content\browserrecordloader.xul
[2012.11.29 20:35:38 | 000,002,584 | ---- | M] () -- \Users\All Users\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
[2012.12.04 17:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.12.04 17:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.12.04 17:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2012.04.06 12:24:50 | 000,057,728 | ---- | M] () -- \Users\cesko\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2012.04.06 12:24:42 | 000,057,728 | ---- | M] () -- \Users\cesko\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2012.04.06 12:24:44 | 000,057,728 | ---- | M] () -- \Users\cesko\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2012.04.06 12:24:46 | 000,057,728 | ---- | M] () -- \Users\cesko\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2012.04.06 12:24:46 | 000,057,728 | ---- | M] () -- \Users\cesko\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2012.04.06 12:24:48 | 000,061,770 | ---- | M] () -- \Users\cesko\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2012.04.06 12:24:48 | 000,061,770 | ---- | M] () -- \Users\cesko\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2013.01.29 11:35:14 | 000,001,737 | ---- | M] () -- \Users\cesko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S45X48XZ\loader[1].gif
[2012.09.25 22:52:38 | 000,335,362 | ---- | M] () -- \Users\cesko\AppData\Local\Research In Motion\Application Loader\Cache\d7ef8f8e258e80943068563e70d5f336d60073f7\Java\net_rim_bb_medialoader_accessibility.cod
[2012.09.25 22:52:55 | 000,518,986 | ---- | M] () -- \Users\cesko\AppData\Local\Research In Motion\Application Loader\Cache\d7ef8f8e258e80943068563e70d5f336d60073f7\Java\net_rim_bb_medialoader_avatars.cod
[2012.09.25 22:52:42 | 002,015,538 | ---- | M] () -- \Users\cesko\AppData\Local\Research In Motion\Application Loader\Cache\d7ef8f8e258e80943068563e70d5f336d60073f7\Java\net_rim_bb_medialoader_backgrounds_480x360_02a_t.cod
[2012.09.25 22:52:44 | 001,890,258 | ---- | M] () -- \Users\cesko\AppData\Local\Research In Motion\Application Loader\Cache\d7ef8f8e258e80943068563e70d5f336d60073f7\Java\net_rim_bb_medialoader_backgrounds_480x360_02b_t.cod
[2012.09.25 22:52:50 | 004,686,368 | ---- | M] () -- \Users\cesko\AppData\Local\Research In Motion\Application Loader\Cache\d7ef8f8e258e80943068563e70d5f336d60073f7\Java\net_rim_bb_medialoader_ringtones_480x360_02a_t.cod
[2012.09.25 22:52:54 | 002,960,482 | ---- | M] () -- \Users\cesko\AppData\Local\Research In Motion\Application Loader\Cache\d7ef8f8e258e80943068563e70d5f336d60073f7\Java\net_rim_bb_medialoader_ringtones_480x360_02b_t.cod
[2012.09.25 22:52:11 | 004,542,548 | ---- | M] () -- \Users\cesko\AppData\Local\Research In Motion\Application Loader\Cache\d7ef8f8e258e80943068563e70d5f336d60073f7\Java\net_rim_bb_medialoader_toolkit_480x360_Bellagio_01.cod
[2012.09.25 22:52:20 | 004,131,762 | ---- | M] () -- \Users\cesko\AppData\Local\Research In Motion\Application Loader\Cache\d7ef8f8e258e80943068563e70d5f336d60073f7\Java\net_rim_bb_medialoader_toolkit_480x360_Bellagio_02.cod
[2012.09.25 22:52:29 | 004,569,032 | ---- | M] () -- \Users\cesko\AppData\Local\Research In Motion\Application Loader\Cache\d7ef8f8e258e80943068563e70d5f336d60073f7\Java\net_rim_bb_medialoader_toolkit_480x360_Bellagio_03.cod
[2012.09.25 22:52:38 | 004,474,322 | ---- | M] () -- \Users\cesko\AppData\Local\Research In Motion\Application Loader\Cache\d7ef8f8e258e80943068563e70d5f336d60073f7\Java\net_rim_bb_medialoader_toolkit_480x360_Bellagio_04.cod
[2012.09.25 22:49:21 | 000,229,594 | ---- | M] () -- \Users\cesko\AppData\Local\Research In Motion\Application Loader\Cache\d7ef8f8e258e80943068563e70d5f336d60073f7\Java\net_rim_loader.cod
[2013.01.29 13:41:39 | 000,000,000 | ---- | M] () -- \Users\cesko\AppData\Local\Temp\46824F99-DF13-4331-92A6-2A6C2624AAAD\LOADER.GIF
[2013.01.29 13:41:41 | 000,000,000 | ---- | M] () -- \Users\cesko\AppData\Local\Temp\46824F99-DF13-4331-92A6-2A6C2624AAAD\PRELOADER.GIF
[2011.08.27 11:26:06 | 000,022,486 | ---- | M] () -- \Users\cesko\AppData\Roaming\Orbit\icon\Orbit Downloader.ico
[2012.05.27 22:31:27 | 000,040,118 | ---- | M] () -- \Users\cesko\AppData\Roaming\uTorrent\Ps2 Commandos 2 Men of Courage Pal Multi3 FullDvd UpLoader Afro By [WwW.PlayStationPlanet.OrG].1.torrent
[2012.05.23 23:36:47 | 000,040,118 | ---- | M] () -- \Users\cesko\AppData\Roaming\uTorrent\Ps2 Commandos 2 Men of Courage Pal Multi3 FullDvd UpLoader Afro By [WwW.PlayStationPlanet.OrG].torrent
[2012.10.22 01:55:12 | 000,000,904 | ---- | M] () -- \Users\cesko\Desktop\Mihov Picture Downloader.lnk
[2012.09.25 22:48:24 | 000,502,504 | ---- | M] () -- \Users\cesko\Documents\BlackBerry\Zálohování\LoaderBackup-(2012-09-25).bbb
[2012.09.20 02:22:24 | 011,378,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\Loader.exe.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:28 | 000,642,136 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderclient.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:28 | 000,332,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1025.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:30 | 000,362,072 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1027.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:30 | 000,285,272 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1028.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:32 | 000,344,664 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1029.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:32 | 000,347,224 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1030.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:34 | 000,364,632 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1031.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:34 | 000,365,656 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1032.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:36 | 000,366,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1034.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:36 | 000,345,176 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1035.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:36 | 000,365,656 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1036.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:38 | 000,322,648 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1037.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:38 | 000,352,856 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1038.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:40 | 000,361,560 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1040.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:42 | 000,305,240 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1041.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:42 | 000,301,144 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1042.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:42 | 000,353,880 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1043.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:44 | 000,342,104 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1044.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:44 | 000,355,928 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1045.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:46 | 000,354,392 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1046.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:46 | 000,354,904 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1048.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:48 | 000,350,808 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1049.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:48 | 000,346,712 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1050.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:50 | 000,343,640 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1053.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:50 | 000,338,008 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1054.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:52 | 000,344,152 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes1055.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:52 | 000,349,272 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1057.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:54 | 000,361,048 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1066.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:54 | 000,348,760 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1069.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:56 | 000,348,760 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1081.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:56 | 000,356,952 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres1110.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:58 | 000,281,176 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\LoaderRes2052.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:22:58 | 000,344,664 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres2057.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2012.09.20 02:23:00 | 000,361,560 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C9C67683F0721D3429A64ED58E28A0B6\7.1.0\loaderres2070.dll.24CE78C0_7BB7_4BB7_83E3_BB689AA09A22
[2008.01.21 03:23:37 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2008.01.21 03:26:53 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7698ba05e403d673.manifest
[2008.01.21 03:26:53 | 000,026,112 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7698ba05e403d673_winload.exe.mui_3bc5b827
[2008.01.21 03:26:53 | 000,019,456 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7698ba05e403d673_winresume.exe.mui_ff8b5358
[2009.04.11 14:19:54 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2009.04.11 14:19:54 | 000,986,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winload.exe_75835076
[2009.04.11 14:19:54 | 000,926,184 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winresume.exe_85cd1215
[2008.01.21 03:26:48 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 03:26:48 | 000,021,048 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2_spldr.sys_98bd87a0
[2008.01.21 03:09:06 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_de-de_cbcaa800f7f71dcc.manifest
[2008.01.21 03:09:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_en-us_74bb7df9e6d52991.manifest
[2008.01.21 03:09:08 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_es-es_7486dadde6fc1b36.manifest
[2008.01.21 03:09:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_173e50dcd9ce3198.manifest
[2008.01.21 03:09:13 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_it-it_01664723b1001716.manifest
[2008.01.21 03:09:14 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_ja-jp_a38bc630a41b28f1.manifest
[2008.01.21 03:09:16 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_nl-nl_2dc76f586fdd2598.manifest
[2008.01.21 03:09:06 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_de-de_cc2ed396113192b6.manifest
[2008.01.21 03:09:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_en-us_751fa98f000f9e7b.manifest
[2008.01.21 03:09:08 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_es-es_74eb067300369020.manifest
[2008.01.21 03:09:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_fr-fr_17a27c71f308a682.manifest
[2008.01.21 03:09:13 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_it-it_01ca72b8ca3a8c00.manifest
[2008.01.21 03:09:14 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_ja-jp_a3eff1c5bd559ddb.manifest
[2008.01.21 03:09:16 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_nl-nl_2e2b9aed89179a82.manifest
[2008.01.21 03:21:45 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7698ba05e403d673.manifest
[2008.01.21 03:08:59 | 000,005,227 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16609_none_59497e266f783366.manifest
[2008.01.21 03:08:59 | 000,005,227 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20734_none_59ada9bb88b2a850.manifest
[2008.01.21 03:20:53 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048.manifest
[2009.04.11 14:16:55 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2006.11.02 11:13:06 | 000,003,970 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6000.16386_none_68fc663d5430d3de.manifest
[2008.01.21 03:19:11 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 03:23:37 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6002.18005_none_47df94fd8cc49aa6\dmloader.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:04B523C6

< End of report >