VIRY.CZ

Počítač jede občas na plný výkon bez důvodu. Někdy dochází k tomu, že se nelze připojit na internet (chrom, explorer), ale připojení je funkční.


ComboFix 13-07-03.01 - Pavel 04.07.2013 14:05:39.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2048 [GMT 2:00]
Spuštěný z: d:\stahovßný web\ComboFix.exe
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\users\Pavel\AppData\Local\TempDIR
c:\users\Pavel\AppData\Local\TempDIR\downloader.exe
c:\users\Pavel\AppData\Local\TempDIR\list-bullet.bmp
c:\users\Pavel\AppData\Local\TempDIR\new_Yandex_browser_image.bmp
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-04 do 2013-07-04 )))))))))))))))))))))))))))))))
.
.
2013-07-04 12:10 . 2013-07-04 12:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-04 11:27 . 2013-07-04 11:27 -------- d-----w- c:\program files (x86)\KYE
2013-07-04 11:15 . 2013-07-04 11:15 -------- d-----w- c:\users\Pavel\AppData\Roaming\Carambis
2013-06-29 18:40 . 2013-06-29 18:40 -------- d-----w- c:\program files (x86)\PowerISO
2013-06-29 18:40 . 2007-08-07 00:21 57776 ----a-w- c:\windows\system32\drivers\scdemu.sys
2013-06-27 12:10 . 2013-06-27 12:10 -------- d-----w- c:\programdata\Canneverbe Limited
2013-06-27 12:10 . 2013-06-27 12:10 -------- d-----w- c:\users\Pavel\AppData\Roaming\Canneverbe Limited
2013-06-27 12:08 . 2013-06-27 12:08 -------- d-----w- c:\program files (x86)\CDBurnerXP
2013-06-27 12:00 . 2013-06-27 12:00 -------- d-----w- c:\users\Pavel\AppData\Roaming\CD-LabelPrint
2013-06-27 11:58 . 2013-06-27 12:00 -------- d-----w- c:\program files (x86)\CD-LabelPrint
2013-06-20 17:41 . 2013-06-20 17:41 -------- d-----w- c:\program files (x86)\Ashampoo
2013-06-20 17:41 . 2013-06-20 17:41 -------- d-----w- c:\users\Pavel\AppData\Local\Programs
2013-06-20 17:12 . 2013-06-20 17:27 -------- d-----w- c:\users\Pavel\AppData\Roaming\MAGIX
2013-06-20 17:11 . 2013-06-20 17:40 -------- d-----w- c:\program files (x86)\MAGIX
2013-06-20 17:11 . 2013-06-20 17:27 -------- d-----w- c:\programdata\MAGIX
2013-06-20 17:11 . 2013-06-20 17:11 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2013-06-20 17:11 . 2013-06-20 17:11 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-06-18 03:08 . 2013-06-18 03:08 -------- d-----w- c:\users\Pavel\.android
2013-06-18 03:08 . 2013-06-18 04:20 -------- d-----w- C:\Samsung Galaxy Note2 ToolKit
2013-06-16 08:48 . 2005-09-03 12:45 45056 ----a-w- c:\windows\system32\Interop.ChilkatZip2Lib.dll
2013-06-16 08:48 . 2005-09-03 12:45 1515520 ----a-w- c:\windows\system32\ChilkatZip2.dll
2013-06-16 08:42 . 2013-06-16 08:42 -------- d-----w- c:\program files (x86)\EDDICA
2013-06-12 20:50 . 2013-05-17 01:25 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-12 12:19 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 17:02 . 2013-06-11 17:02 -------- d--h--w- c:\programdata\CanonIJScan
2013-06-11 09:26 . 2013-06-11 09:26 -------- d-----w- c:\program files (x86)\WinSCP
2013-06-11 09:23 . 2013-06-11 09:23 -------- d-----w- C:\ftproot
2013-06-11 09:21 . 2013-06-11 09:21 -------- d-----w- c:\programdata\Cerberus LLC
2013-06-11 09:20 . 2013-06-11 09:20 -------- d-----w- c:\users\Pavel\AppData\Roaming\Cerberus LLC
2013-06-10 03:09 . 2013-06-10 03:09 -------- d-----w- c:\windows\system32\appmgmt
2013-06-09 13:06 . 2013-06-09 13:23 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-06-06 06:07 . 2013-06-06 06:07 -------- d-----w- c:\users\Pavel\AppData\Roaming\LavasoftStatistics
2013-06-06 06:07 . 2013-06-06 06:07 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-06-06 05:55 . 2013-06-06 08:49 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-06-06 05:55 . 2013-06-06 05:55 -------- d-----w- c:\programdata\Lavasoft
2013-06-06 05:54 . 2013-06-06 05:54 -------- d-----w- c:\programdata\Downloaded Installations
2013-06-06 05:53 . 2013-06-06 05:53 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-06 05:53 . 2013-06-06 07:16 -------- d-----w- c:\users\Pavel\AppData\Roaming\Ad-Aware Antivirus
2013-06-06 05:06 . 2013-06-06 05:06 -------- d---a-w- c:\windows\rundll16.exe
2013-06-06 05:06 . 2013-06-06 05:06 -------- d---a-w- c:\windows\logo1_.exe
2013-06-05 17:00 . 2013-06-05 17:00 -------- d-----w- c:\programdata\McAfee
2013-06-05 16:07 . 2013-06-05 16:08 -------- d-----w- c:\program files\trend micro
2013-06-05 14:05 . 2013-06-05 14:43 -------- d-----w- c:\program files (x86)\YTD
2013-06-05 13:45 . 2013-06-05 13:45 -------- d---a-w- c:\windows\VDLL.DLL
2013-06-05 13:45 . 2013-06-05 13:45 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2013-06-05 13:45 . 2013-06-05 13:45 -------- d---a-w- c:\windows\RUNDL132.EXE
2013-06-05 13:45 . 2013-06-05 13:45 -------- d---a-w- c:\windows\logo_1.exe
2013-06-05 13:11 . 2013-06-05 13:11 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2013-06-05 13:11 . 2013-06-05 13:11 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2013-06-05 13:11 . 2013-06-05 13:11 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2013-06-05 13:11 . 2013-06-05 13:11 -------- d-----w- c:\programdata\MicroWorld
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 09:14 . 2013-05-30 07:58 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-15 06:31 . 2013-05-30 12:33 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-06 05:49 . 2013-05-30 10:07 20544 ----a-w- c:\windows\gdrv.sys
2013-06-04 07:15 . 2013-06-04 07:15 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-06-04 07:15 . 2013-06-04 07:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-06-04 07:15 . 2013-06-04 07:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-06-04 07:15 . 2013-06-04 07:15 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-06-03 03:44 . 2013-06-03 03:44 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-06-01 16:28 . 2013-06-01 16:28 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-01 16:28 . 2013-06-01 16:29 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-01 16:28 . 2013-06-01 16:28 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-01 16:11 . 2013-06-01 16:11 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-06-01 15:26 . 2013-06-01 15:26 279136 ----a-w- c:\windows\system32\drivers\afcdp.sys
2013-06-01 15:26 . 2013-06-01 15:26 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2013-06-01 15:26 . 2013-06-01 15:26 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-06-01 15:26 . 2013-06-01 15:26 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-05-30 14:08 . 2013-05-30 14:08 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-30 14:08 . 2013-05-30 14:08 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-30 14:08 . 2013-05-30 14:08 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-30 14:08 . 2013-05-30 14:08 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-30 14:08 . 2013-05-30 14:08 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-30 14:08 . 2013-05-30 14:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-30 14:08 . 2013-05-30 14:08 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-30 14:08 . 2013-05-30 14:08 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-30 14:08 . 2013-05-30 14:08 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-30 14:08 . 2013-05-30 14:08 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-30 14:08 . 2013-05-30 14:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-30 14:08 . 2013-05-30 14:08 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-30 14:08 . 2013-05-30 14:08 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-30 14:08 . 2013-05-30 14:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-30 14:07 . 2013-05-30 14:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-30 14:07 . 2013-05-30 14:07 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-30 14:07 . 2013-05-30 14:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-30 14:07 . 2013-05-30 14:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-30 14:07 . 2013-05-30 14:07 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-30 14:07 . 2013-05-30 14:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-30 14:07 . 2013-05-30 14:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-30 14:07 . 2013-05-30 14:07 441856 ----a-w- c:\windows\system32\html.iec
2013-05-30 14:07 . 2013-05-30 14:07 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-30 14:07 . 2013-05-30 14:07 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-30 14:07 . 2013-05-30 14:07 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-30 14:07 . 2013-05-30 14:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-30 14:07 . 2013-05-30 14:07 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-30 14:07 . 2013-05-30 14:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-30 14:07 . 2013-05-30 14:07 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-30 14:07 . 2013-05-30 14:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-30 14:07 . 2013-05-30 14:07 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-30 14:07 . 2013-05-30 14:07 235008 ----a-w- c:\windows\system32\url.dll
2013-05-30 14:07 . 2013-05-30 14:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-30 14:07 . 2013-05-30 14:07 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-30 14:07 . 2013-05-30 14:07 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-30 14:07 . 2013-05-30 14:07 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-30 14:07 . 2013-05-30 14:07 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-30 14:07 . 2013-05-30 14:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-30 14:07 . 2013-05-30 14:07 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-30 14:07 . 2013-05-30 14:07 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-30 14:07 . 2013-05-30 14:07 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-30 14:07 . 2013-05-30 14:07 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-30 14:07 . 2013-05-30 14:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-30 14:07 . 2013-05-30 14:07 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-30 14:07 . 2013-05-30 14:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-30 14:07 . 2013-05-30 14:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-30 14:07 . 2013-05-30 14:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-30 14:07 . 2013-05-30 14:07 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-30 14:07 . 2013-05-30 14:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-30 14:06 . 2013-05-30 14:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-30 14:06 . 2013-05-30 14:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-30 14:06 . 2013-05-30 14:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-30 14:06 . 2013-05-30 14:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-30 14:06 . 2013-05-30 14:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-30 14:06 . 2013-05-30 14:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-05-30 14:06 . 2013-05-30 14:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-30 14:06 . 2013-05-30 14:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-30 14:06 . 2013-05-30 14:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-30 14:06 . 2013-05-30 14:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-30 14:06 . 2013-05-30 14:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-30 14:06 . 2013-05-30 14:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-30 14:06 . 2013-05-30 14:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-30 14:06 . 2013-05-30 14:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-30 14:06 . 2013-05-30 14:06 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-05-30 14:06 . 2013-05-30 14:06 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-05-30 14:06 . 2013-05-30 14:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-05-30 14:06 . 2013-05-30 14:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-06-27 09:14 3055280 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll" [2013-06-27 3055280]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"5C15FE23AEB342AF49561D34CA158610F3B7D4A6._service_run"="c:\users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-05-23 825808]
"cz.seznam.software.autoupdate"="c:\users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-10-18 752736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-06-27 2236080]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"BMISR"="c:\program files (x86)\KYE\iLook 1321 V2\BM.exe" [2008-12-05 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SAOB Monitor"=c:\program files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtenic64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-552775988-1027842849-890008938-1001Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-30 08:00]
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-552775988-1027842849-890008938-1001UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-30 08:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-07-04 14:12:51
ComboFix-quarantined-files.txt 2013-07-04 12:12
.
Před spuštěním: Volných bajtů: 58 921 922 560
Po spuštění: Volných bajtů: 58 946 629 632
.
- - End Of File - - 4F1EA76F07001E1124ADBB8178C7CDEB
5C616939100B85E558DA92B899A0FC36

Zdravim

Nejprve par veci.

Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze


Proc jste spoustel ComboFix?

Kdybyste si precetl pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601 , docetl byste se mimo jine toto

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

CF smaze veskere stopy pripadne nakazy. A ja ted muzu tak akorat varit z vody, jak se rika



Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Předem bych se chtěl omluvit za opakovanou chybu nás začátečníků na vašem fóru.

Log:


OTL logfile created on: 5.7.2013 13:22:41 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Stahování web
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 45,04% Memory free
7,99 Gb Paging File | 5,52 Gb Available in Paging File | 69,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,65 Gb Total Space | 57,63 Gb Free Space | 59,01% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 233,40 Gb Free Space | 63,41% Space Free | Partition Type: NTFS
Drive E: | 97,56 Gb Total Space | 76,98 Gb Free Space | 78,91% Space Free | Partition Type: NTFS
Drive F: | 368,10 Gb Total Space | 242,40 Gb Free Space | 65,85% Space Free | Partition Type: NTFS
Drive N: | 100,00 Mb Total Space | 60,68 Mb Free Space | 60,68% Space Free | Partition Type: NTFS

Computer Name: PAVEL-PC | User Name: Pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.05 08:45:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Stahování web\OTL.exe
PRC - [2013.06.27 11:14:20 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013.06.27 11:14:20 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013.06.27 11:14:20 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
PRC - [2013.06.01 17:26:46 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013.04.29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
PRC - [2013.04.10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012.10.18 17:56:52 | 000,752,736 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
PRC - [2008.12.05 15:06:48 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\KYE\iLook 1321 V2\BM.exe
PRC - [2007.08.07 02:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE


========== Modules (No Company Name) ==========

MOD - [2013.06.27 11:14:20 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013.06.27 11:14:20 | 000,521,392 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll
MOD - [2013.06.27 11:14:20 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll
MOD - [2013.06.13 22:14:58 | 013,140,872 | ---- | M] () -- C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Users\Pavel\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Users\Pavel\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Users\Pavel\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Users\Pavel\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Users\Pavel\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2013.03.29 13:37:34 | 000,059,384 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\10979libfoxloader.dll
MOD - [2013.03.25 16:39:52 | 000,894,968 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008.12.05 15:06:48 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\KYE\iLook 1321 V2\BM.exe
MOD - [2008.12.05 15:06:44 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\KYE\iLook 1321 V2\XU_DLL.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013.01.31 11:35:48 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.27 17:49:00 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.27 11:14:20 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013.06.01 17:26:46 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.04.10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013.01.31 11:35:52 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.01.31 11:35:48 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.09.23 16:03:46 | 001,079,376 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.05.13 18:07:24 | 000,080,392 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.06.27 11:14:20 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.06.06 07:53:34 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013.06.04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.06.04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.06.01 17:26:48 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013.06.01 17:26:44 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2013.06.01 17:26:42 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013.06.01 17:26:35 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013.03.29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013.03.21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013.02.08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013.02.08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013.02.08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013.02.08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013.02.08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.09.04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012.08.23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.18 13:34:44 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012.06.18 13:34:42 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.08 08:09:16 | 000,399,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.07 02:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV - [2013.06.06 07:49:09 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.08.29 16:42:28 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\..\SearchScopes,DefaultScope = {4E1B9620-A87F-400C-89D1-6A99F8D61E87}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKCU\..\SearchScopes\{20D4B972-137B-48C0-A9C6-B4FBF686BF1A}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_16805
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch2.lavasoft.com/resu ... earchTerms}
IE - HKCU\..\SearchScopes\{48B5A4E6-4794-48AD-BB3A-3EAA1495EE77}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_16805
IE - HKCU\..\SearchScopes\{4D93D309-B835-451D-8320-05985B3EBD5E}: "URL" = http://www.novinky.cz/hledej?w={searchT ... arch_16805
IE - HKCU\..\SearchScopes\{4E1B9620-A87F-400C-89D1-6A99F8D61E87}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_16805
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={3FD ... 2013-05-30 09:58:18&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9F216991-A01F-4261-B449-F41684862A03}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_16805
IE - HKCU\..\SearchScopes\{A5406A58-7426-4E90-A5E5-A2FE043C9E97}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16805
IE - HKCU\..\SearchScopes\{C5720A05-B1CF-4354-BED4-0FF1D45BBC44}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_16805
IE - HKCU\..\SearchScopes\{E0053122-533B-420C-BDD0-586567A95BA3}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_16805
IE - HKCU\..\SearchScopes\{E7D5B454-7E5B-4011-A0F0-A50DA9751B8E}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... arch_16805
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pavel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pavel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.30 11:02:29 | 000,000,000 | ---D | M]

[2013.05.30 11:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.cz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pavel\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pavel\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Pavel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Go Karts = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidcbdkgiebccjjafnihnoagilbgcjec\1_0\
CHR - Extension: Angry Birds = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Calendar = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlmhkflbgjoeeophdjheadfljoielhi\1.1_0\
CHR - Extension: Graphing Calculator by Desmos.com = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0\
CHR - Extension: SKiD Racer = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno\0.0.0.37_0\
CHR - Extension: Snooker = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjohiacoelemalmancnccjggomjnkfod\1.0.2_0\
CHR - Extension: Seznam Li\u0161ti\u010Dka - Slovn\u00EDk = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: Street Racers = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohkjfondhjjfehnehlpmjpljpihfhfc\1_0\
CHR - Extension: Panda Poet = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\daicmhhkdcccfobnkidlhnieapcikadf\6_0\
CHR - Extension: Cordy = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjbkahdllcckjbjijejpmcgkkjpnnfk\15_0\
CHR - Extension: Crash Car Combat = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eclflebbddahapepgnfgfcknmlmajloh\1_0\
CHR - Extension: Sleepy Jack = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\edjdoaebnejlnjknbkbacepgemnjlmfc\23_0\
CHR - Extension: 3D Bowling = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm\2.0_0\
CHR - Extension: Skyrama = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.3_0\
CHR - Extension: Rally youbeQ = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcohfeeacabgogccgmhpgicpdcconlkc\1.2.3_0\
CHR - Extension: Sketchpad = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp\1.0.0.4_0\
CHR - Extension: Mapy Google = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Ultra Monster Trucks = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lppboiahiminciglafadjlkhojkipnaf\2_0\
CHR - Extension: Pocket Legends = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp\2.0.0.0_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.5_0\
CHR - Extension: Graph.tk = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk\0.0.1.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Seznam Li\u0161ti\u010Dka - Rychl\u00E1 volba = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.5.14_0\
CHR - Extension: Sports Match = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgcaedebmlobecnlcligpoacepigiin\1.4.2.17_0\
CHR - Extension: Learn Alphabet and Numbers = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\podikmghblokmmdgoilcnnpgogaocoal\1.0.1_0\

O1 HOSTS File: ([2013.07.04 14:10:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BMISR] C:\Program Files (x86)\KYE\iLook 1321 V2\BM.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [cz.seznam.software.autoupdate] C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKCU..\Run: [cz.seznam.software.szndesktop] C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O4 - HKCU..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe (ZONER software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C2D5A63-D092-4EAC-A798-E65EC3A9B398}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{646B84E6-0F6D-4180-91EE-8D6F746CE244}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.05 11:02:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
[2013.07.05 07:53:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.04 14:04:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.04 14:04:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.04 14:04:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.04 14:02:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.07.04 14:02:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.04 13:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KYE
[2013.07.04 13:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLook 1321 V2
[2013.07.04 13:15:01 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Carambis
[2013.06.29 20:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2013.06.29 20:40:29 | 000,057,776 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2013.06.29 20:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2013.06.28 20:18:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.06.28 20:18:22 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL
[2013.06.28 20:18:22 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\Inetwh32.dll
[2013.06.28 20:18:21 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2013.06.28 20:18:21 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll
[2013.06.28 20:18:21 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.005
[2013.06.28 20:18:21 | 000,163,840 | ---- | C] (CLARITY LANGUAGE CONSULTANTS LTD) -- C:\Windows\SysWow64\egusound.ocx
[2013.06.28 20:18:21 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2013.06.28 20:18:21 | 000,127,488 | ---- | C] (Common Controls Replacement Project) -- C:\Windows\SysWow64\Ccrpsld.ocx
[2013.06.28 20:18:20 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.004
[2013.06.28 20:18:20 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2013.06.28 20:18:20 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2013.06.28 20:18:20 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2013.06.28 20:18:20 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003
[2013.06.27 14:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013.06.27 14:10:13 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Canneverbe Limited
[2013.06.27 14:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2013.06.27 14:00:32 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\CD-LabelPrint
[2013.06.27 13:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint
[2013.06.27 13:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD-LabelPrint
[2013.06.27 11:28:12 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Documents\Ashampoo Burning Studio 12
[2013.06.20 19:42:27 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013.06.20 19:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013.06.20 19:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013.06.20 19:41:43 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Local\Programs
[2013.06.20 19:27:01 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Documents\MAGIX Downloads
[2013.06.20 19:27:01 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Documents\MAGIX
[2013.06.20 19:12:27 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\MAGIX
[2013.06.20 19:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2013.06.20 19:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2013.06.20 19:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.06.20 19:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.06.18 05:08:41 | 000,000,000 | ---D | C] -- C:\Users\Pavel\.android
[2013.06.18 05:08:32 | 000,000,000 | ---D | C] -- C:\Samsung Galaxy Note2 ToolKit
[2013.06.16 10:48:58 | 001,515,520 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\SysNative\ChilkatZip2.dll
[2013.06.16 10:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EDDICA
[2013.06.16 10:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EDDICA
[2013.06.15 08:30:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.15 08:30:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.15 08:24:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TEACHER_Pavel
[2013.06.15 08:24:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pavel
[2013.06.13 22:03:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.06.12 22:50:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 22:50:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 22:50:16 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 22:50:16 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 22:50:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 22:50:16 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.12 22:50:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 22:50:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 22:50:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 22:50:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 22:50:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 22:50:15 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 22:50:15 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 14:19:36 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 14:19:36 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 14:19:30 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 14:19:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 14:19:25 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 14:19:20 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 14:19:20 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 14:19:20 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 14:19:20 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 14:19:20 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 14:19:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 14:19:14 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 14:19:13 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.11 19:02:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2013.06.11 11:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2013.06.11 11:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2013.06.11 11:23:19 | 000,000,000 | ---D | C] -- C:\ftproot
[2013.06.11 11:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Cerberus LLC
[2013.06.11 11:20:54 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Cerberus LLC
[2013.06.11 10:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.06.10 20:48:59 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Application Data
[2013.06.10 05:09:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.06.09 15:06:40 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Macromedia
[2013.06.09 15:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.06.09 10:04:22 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Documents\FIFA 13
[2013.06.06 08:07:09 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\LavasoftStatistics
[2013.06.06 08:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.06.06 07:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.06.06 07:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013.06.06 07:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.06.06 07:53:34 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.06.06 07:53:33 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Ad-Aware Antivirus
[2013.06.06 07:06:33 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2013.06.06 07:06:33 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2013.06.05 19:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.06.05 18:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.06.05 16:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD
[2013.06.05 15:45:43 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2013.06.05 15:45:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2013.06.05 15:45:43 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2013.06.05 15:45:43 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2013.06.05 15:11:22 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2013.06.05 15:11:21 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2013.06.05 15:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2013.06.05 15:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[1 C:\Users\Pavel\Desktop\*.tmp files -> C:\Users\Pavel\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.05 11:04:20 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.07.05 08:45:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
[2013.07.05 08:02:20 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.05 08:02:20 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.05 07:53:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.05 07:53:04 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.04 14:10:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.04 14:09:51 | 000,064,645 | ---- | M] () -- C:\Users\Pavel\Documents\ramst.xps
[2013.07.04 14:06:40 | 000,066,182 | ---- | M] () -- C:\Users\Pavel\Documents\skwor.xps
[2013.07.04 13:40:52 | 001,470,062 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.04 13:40:52 | 000,631,054 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.07.04 13:40:52 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.04 13:40:52 | 000,121,708 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.07.04 13:40:52 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.04 13:15:41 | 000,005,033 | ---- | M] () -- C:\ProgramData\mtbjfghn.xbe
[2013.06.29 20:40:30 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013.06.28 18:54:42 | 000,063,120 | ---- | M] () -- C:\Users\Pavel\Documents\dream.xps
[2013.06.28 17:39:18 | 000,064,728 | ---- | M] () -- C:\Users\Pavel\Documents\hel.xps
[2013.06.27 16:39:15 | 000,061,676 | ---- | M] () -- C:\Users\Pavel\Documents\ram2.xps
[2013.06.27 14:12:46 | 000,063,249 | ---- | M] () -- C:\Users\Pavel\Documents\ram1.xps
[2013.06.27 14:08:35 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013.06.27 14:07:14 | 000,060,662 | ---- | M] () -- C:\Users\Pavel\Documents\kab1.xps
[2013.06.27 14:02:24 | 000,063,279 | ---- | M] () -- C:\Users\Pavel\Documents\Kaba.xps
[2013.06.27 11:14:20 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.06.21 21:34:11 | 031,024,220 | ---- | M] () -- C:\Users\Pavel\Desktop\Obchodni_komunikace_v_anglictine_J1_3_322.pdf
[2013.06.21 20:49:43 | 025,247,196 | ---- | M] () -- C:\Users\Pavel\Desktop\TELEPHONE-ENGLISH.pdf
[2013.06.21 20:13:47 | 000,489,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.20 19:42:27 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 12 Compact Mode.lnk
[2013.06.20 19:42:27 | 000,001,299 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 12.lnk
[2013.06.20 19:42:27 | 000,000,213 | ---- | M] () -- C:\Users\Public\Desktop\Your Software Deals.url
[2013.06.20 17:55:37 | 000,181,503 | ---- | M] () -- C:\Users\Pavel\Documents\T-MOBILE_ZADOST_O_ZARAZENI_kontakty[1].pdf
[2013.06.19 20:53:52 | 000,067,160 | ---- | M] () -- C:\Users\Pavel\Desktop\9.jpg
[2013.06.19 20:52:57 | 000,230,966 | ---- | M] () -- C:\Users\Pavel\Desktop\8.jpg
[2013.06.19 20:51:53 | 000,194,415 | ---- | M] () -- C:\Users\Pavel\Desktop\7.jpg
[2013.06.19 20:40:21 | 000,187,119 | ---- | M] () -- C:\Users\Pavel\Desktop\6.jpg
[2013.06.19 20:39:24 | 000,183,793 | ---- | M] () -- C:\Users\Pavel\Desktop\5.jpg
[2013.06.19 20:28:29 | 000,198,711 | ---- | M] () -- C:\Users\Pavel\Desktop\4.jpg
[2013.06.19 20:27:30 | 000,199,111 | ---- | M] () -- C:\Users\Pavel\Desktop\3.jpg
[2013.06.19 20:20:10 | 000,115,598 | ---- | M] () -- C:\Users\Pavel\Desktop\2.jpg
[2013.06.19 20:19:11 | 000,177,333 | ---- | M] () -- C:\Users\Pavel\Desktop\1.jpg
[2013.06.18 05:56:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013.06.18 05:08:37 | 000,001,623 | ---- | M] () -- C:\Users\Pavel\Desktop\Galaxy Note2 ToolKit.lnk
[2013.06.16 10:48:58 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Euroword Angličtina.lnk
[2013.06.11 11:50:17 | 000,000,600 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\winscp.rnd
[2013.06.11 11:26:15 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2013.06.11 10:01:22 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.06 07:53:34 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.06.06 07:49:09 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013.06.06 07:37:23 | 000,060,637 | ---- | M] () -- C:\Users\Pavel\Documents\pinfect.zip
[2013.06.06 07:05:52 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx
[2013.06.05 16:41:58 | 000,000,949 | ---- | M] () -- C:\Users\Pavel\Desktop\YTD.lnk
[2013.06.05 15:11:21 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2013.06.05 15:11:20 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2013.06.05 14:18:45 | 000,000,842 | ---- | M] () -- C:\Users\Pavel\cryptboxdrives.xml
[1 C:\Users\Pavel\Desktop\*.tmp files -> C:\Users\Pavel\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.05 08:47:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.07.04 14:09:51 | 000,064,645 | ---- | C] () -- C:\Users\Pavel\Documents\ramst.xps
[2013.07.04 14:06:39 | 000,066,182 | ---- | C] () -- C:\Users\Pavel\Documents\skwor.xps
[2013.07.04 14:04:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.04 14:04:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.04 14:04:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.04 14:04:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.04 14:04:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.07.04 13:15:41 | 000,005,033 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2013.07.04 13:15:32 | 000,007,064 | ---- | C] () -- C:\Windows\SysWow64\WMVCORE.lib
[2013.06.29 20:40:30 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013.06.28 18:54:42 | 000,063,120 | ---- | C] () -- C:\Users\Pavel\Documents\dream.xps
[2013.06.28 17:39:15 | 000,064,728 | ---- | C] () -- C:\Users\Pavel\Documents\hel.xps
[2013.06.27 16:39:15 | 000,061,676 | ---- | C] () -- C:\Users\Pavel\Documents\ram2.xps
[2013.06.27 14:12:46 | 000,063,249 | ---- | C] () -- C:\Users\Pavel\Documents\ram1.xps
[2013.06.27 14:08:35 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013.06.27 14:08:35 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2013.06.27 14:07:14 | 000,060,662 | ---- | C] () -- C:\Users\Pavel\Documents\kab1.xps
[2013.06.27 14:02:23 | 000,063,279 | ---- | C] () -- C:\Users\Pavel\Documents\Kaba.xps
[2013.06.21 21:31:12 | 031,024,220 | ---- | C] () -- C:\Users\Pavel\Desktop\Obchodni_komunikace_v_anglictine_J1_3_322.pdf
[2013.06.21 20:45:20 | 025,247,196 | ---- | C] () -- C:\Users\Pavel\Desktop\TELEPHONE-ENGLISH.pdf
[2013.06.20 19:42:27 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 12 Compact Mode.lnk
[2013.06.20 19:42:27 | 000,001,299 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 12.lnk
[2013.06.20 19:42:27 | 000,000,213 | ---- | C] () -- C:\Users\Public\Desktop\Your Software Deals.url
[2013.06.20 17:55:37 | 000,181,503 | ---- | C] () -- C:\Users\Pavel\Documents\T-MOBILE_ZADOST_O_ZARAZENI_kontakty[1].pdf
[2013.06.19 20:53:50 | 000,067,160 | ---- | C] () -- C:\Users\Pavel\Desktop\9.jpg
[2013.06.19 20:52:56 | 000,230,966 | ---- | C] () -- C:\Users\Pavel\Desktop\8.jpg
[2013.06.19 20:51:51 | 000,194,415 | ---- | C] () -- C:\Users\Pavel\Desktop\7.jpg
[2013.06.19 20:40:19 | 000,187,119 | ---- | C] () -- C:\Users\Pavel\Desktop\6.jpg
[2013.06.19 20:39:22 | 000,183,793 | ---- | C] () -- C:\Users\Pavel\Desktop\5.jpg
[2013.06.19 20:28:28 | 000,198,711 | ---- | C] () -- C:\Users\Pavel\Desktop\4.jpg
[2013.06.19 20:27:29 | 000,199,111 | ---- | C] () -- C:\Users\Pavel\Desktop\3.jpg
[2013.06.19 20:20:08 | 000,115,598 | ---- | C] () -- C:\Users\Pavel\Desktop\2.jpg
[2013.06.19 20:19:09 | 000,177,333 | ---- | C] () -- C:\Users\Pavel\Desktop\1.jpg
[2013.06.18 05:56:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013.06.18 05:08:37 | 000,001,623 | ---- | C] () -- C:\Users\Pavel\Desktop\Galaxy Note2 ToolKit.lnk
[2013.06.16 10:48:58 | 000,045,056 | ---- | C] ( ) -- C:\Windows\SysNative\Interop.ChilkatZip2Lib.dll
[2013.06.16 10:48:58 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Euroword Angličtina.lnk
[2013.06.11 11:50:17 | 000,000,600 | ---- | C] () -- C:\Users\Pavel\AppData\Roaming\winscp.rnd
[2013.06.11 11:26:15 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2013.06.05 16:05:30 | 000,000,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD.lnk
[2013.06.05 16:05:30 | 000,000,949 | ---- | C] () -- C:\Users\Pavel\Desktop\YTD.lnk
[2013.06.05 15:11:37 | 000,060,637 | ---- | C] () -- C:\Users\Pavel\Documents\pinfect.zip
[2013.06.05 15:11:32 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx
[2013.06.01 19:06:24 | 000,005,120 | ---- | C] () -- C:\Users\Pavel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.30 12:07:48 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013.05.30 10:43:48 | 000,000,842 | ---- | C] () -- C:\Users\Pavel\cryptboxdrives.xml
[2013.05.30 10:38:49 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013.05.30 09:16:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.04.18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.04.18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.04.18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.04.18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.07.17 15:22:04 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.07.03 03:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.05.22 01:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2011.12.08 06:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

No a zbytek je kde? Bud je to spatne okopirovane, nebo to bylo spustene bez toho skriptu. To je mi k nicemu. Takze znovu a presne podle navodu


31.7. pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975