Pomalý domácí PC

[MaxDJs]

Zdravím,

chtěl bych poprosit o kontrolu logu domácího PC. Je extrémně pomalý.

Zde jsou RSIT logy:

info.txt logfile of random's system information tool 1.09 2013-09-26 18:00:09

======Uninstall list======

µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
3G mobilní internet-->"C:\Program Files (x86)\InstallShield Installation Information\{3EB25AD7-8DC9-4E79-8570-F54052ED4084}\setup.exe" -runfromtemp -l0x0405 -removeonly
3G mobilní internet-->MsiExec.exe /I{3EB25AD7-8DC9-4E79-8570-F54052ED4084}
Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe -maintain activex
Adobe Reader 9.1 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A91000000001}
Asistent pro přihlášení ke službě Windows Live-->MsiExec.exe /I{3E62B27C-342F-4B44-9331-CA4BC59A586F}
BurnRecovery-->MsiExec.exe /I{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}
Canon Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Easy-WebPrint EX-->"C:\Program Files (x86)\Canon\Easy-WebPrint EX\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\Easy-WebPrint EX\uninst.ini
Canon Inkjet Printer/Scanner/Fax Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R
Canon MP Navigator EX 4.1-->"C:\Program Files (x86)\Canon\MP Navigator EX 4.1\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 4.1\uninst.ini
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Nástroj pro rychlou volbu-->"C:\Program Files (x86)\Canon\Speed Dial Utility\uninst.exe" /UninstallRemove C:\Program Files (x86)\Canon\Speed Dial Utility\uninst.ini
Canon Solution Menu EX-->"C:\Program Files (x86)\Canon\Solution Menu EX\uninst.exe" /UninstallRemove C:\Program Files (x86)\Canon\Solution Menu EX\uninst.ini
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
Free DVD ISO Burner version 1.2-->"C:\Program Files (x86)\Free DVD ISO Burner\unins000.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hitman Codename 47-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\Eidos\Hitman Codename 47\Uninstall\setup.exe" -l0x5
ICQ7.5-->"C:\Program Files (x86)\InstallShield Installation Information\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Excel MUI (Bulgarian) 2007-->MsiExec.exe /X{90120000-0016-0402-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Estonian) 2007-->MsiExec.exe /X{90120000-0016-0425-0000-0000000FF1CE}
Microsoft Office Excel MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-0016-040E-0000-0000000FF1CE}
Microsoft Office Excel MUI (Latvian) 2007-->MsiExec.exe /X{90120000-0016-0426-0000-0000000FF1CE}
Microsoft Office Excel MUI (Lithuanian) 2007-->MsiExec.exe /X{90120000-0016-0427-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Bulgarian) 2007-->MsiExec.exe /X{90120000-00A1-0402-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Estonian) 2007-->MsiExec.exe /X{90120000-00A1-0425-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-00A1-040E-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Latvian) 2007-->MsiExec.exe /X{90120000-00A1-0426-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Lithuanian) 2007-->MsiExec.exe /X{90120000-00A1-0427-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Slovak) 2007-->MsiExec.exe /X{90120000-00A1-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Bulgarian) 2007-->MsiExec.exe /X{90120000-0018-0402-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Estonian) 2007-->MsiExec.exe /X{90120000-0018-0425-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-0018-040E-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Latvian) 2007-->MsiExec.exe /X{90120000-0018-0426-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Lithuanian) 2007-->MsiExec.exe /X{90120000-0018-0427-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Proof (Bulgarian) 2007-->MsiExec.exe /X{90120000-001F-0402-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Estonian) 2007-->MsiExec.exe /X{90120000-001F-0425-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007-->MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Latvian) 2007-->MsiExec.exe /X{90120000-001F-0426-0000-0000000FF1CE}
Microsoft Office Proof (Lithuanian) 2007-->MsiExec.exe /X{90120000-001F-0427-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007-->MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Bulgarian) 2007-->MsiExec.exe /X{90120000-002C-0402-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Estonian) 2007-->MsiExec.exe /X{90120000-002C-0425-0000-0000000FF1CE}
Microsoft Office Proofing (Hungarian) 2007-->MsiExec.exe /X{90120000-002C-040E-0000-0000000FF1CE}
Microsoft Office Proofing (Latvian) 2007-->MsiExec.exe /X{90120000-002C-0426-0000-0000000FF1CE}
Microsoft Office Proofing (Lithuanian) 2007-->MsiExec.exe /X{90120000-002C-0427-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Bulgarian) 2007-->MsiExec.exe /X{90120000-006E-0402-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Estonian) 2007-->MsiExec.exe /X{90120000-006E-0425-0000-0000000FF1CE}
Microsoft Office Shared MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-006E-040E-0000-0000000FF1CE}
Microsoft Office Shared MUI (Latvian) 2007-->MsiExec.exe /X{90120000-006E-0426-0000-0000000FF1CE}
Microsoft Office Shared MUI (Lithuanian) 2007-->MsiExec.exe /X{90120000-006E-0427-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (Bulgarian) 2007-->MsiExec.exe /X{90120000-001B-0402-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Estonian) 2007-->MsiExec.exe /X{90120000-001B-0425-0000-0000000FF1CE}
Microsoft Office Word MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-001B-040E-0000-0000000FF1CE}
Microsoft Office Word MUI (Latvian) 2007-->MsiExec.exe /X{90120000-001B-0426-0000-0000000FF1CE}
Microsoft Office Word MUI (Lithuanian) 2007-->MsiExec.exe /X{90120000-001B-0427-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Works-->MsiExec.exe /I{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}
msi Easy Mode_x64-->"C:\Program Files (x86)\InstallShield Installation Information\{B6FC1F2E-3C04-4BF0-A4D9-2F0372D494A4}\setup.exe" -runfromtemp -l0x0409 -removeonly
msi EasyViewer-->"C:\Program Files (x86)\InstallShield Installation Information\{EECD7B96-1416-4D3A-B12D-0D2512120C36}\setup.exe" -runfromtemp -l0x0409 -removeonly
msi EasyViewer-->MsiExec.exe /X{EECD7B96-1416-4D3A-B12D-0D2512120C36}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP3 Parser (KB2721691)-->MsiExec.exe /I{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}
MSXML 4.0 SP3 Parser (KB2758694)-->MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
Nástroj pro odesílání služby Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
OpenOffice.org 3.3-->MsiExec.exe /I{10B43A43-FF73-47FD-83E8-A503E84F9ED6}
Opera 12.02-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
PDF To Excel Converter V2.0-->"c:\PDFToExcelConverter\unins000.exe"
Portal-->C:\Program Files (x86)\Valve\Portal\Uninstall.exe
Realtek 8136 8168 8169 Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0009 -removeonly
REALTEK Wireless LAN Driver-->C:\Program Files (x86)\InstallShield Installation Information\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}\Install.exe -uninst -l0x9
Registrace uživatele zařízení Canon MX360 series-->C:\Program Files (x86)\Canon\IJEREG\MX360 series\UNINST.EXE
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E7F6B64E-E11F-3D1C-868D-3F1443DA5A15} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {08BB8EA1-3BA7-3AD5-8A07-22A5EC1F704E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {880A0A36-244B-3C7A-8D6B-56E694CE7883} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9D8496AE-4030-3E92-B44E-4F81051E6C85} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Syberia-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D16A2995-0CD2-4DD8-AD77-C0FC1F3C0F7D}\setup.exe" -l0x5
The Godfather™ The Game-->C:\Program Files (x86)\Electronic Arts\The Godfather The Game\EAUninstall.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
TomTom HOME-->MsiExec.exe /I{26CE484D-2E8E-40D5-B251-158133114C69}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Client
Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D53FB73-9826-4541-B2E0-A239C6EBA718}
Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {34726474-50D6-49FC-B8AC-35411459D27A}
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
uTorrentBar Toolbar-->C:\Program Files (x86)\uTorrentBar\uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}
Windows Live Fotogalerie-->MsiExec.exe /X{1D097338-B4FA-4F29-9C43-8D7A970A007E}
Windows Live Mail-->MsiExec.exe /I{E5A10EF8-DBF3-4251-A9CA-423311DBBFC8}
Windows Live Messenger-->MsiExec.exe /X{71E40B32-5173-4538-8996-5822DD18E8D4}
Windows Live Movie Maker-->MsiExec.exe /X{B0490CEE-D5ED-431A-88EB-772D9DB70C0C}
Windows Live Sync-->MsiExec.exe /X{068B46A0-8858-4CEB-80BC-A4AE787A05FC}
Windows Live Toolbar-->MsiExec.exe /X{6E257F26-57FA-4BC9-AE3B-D50AF937DA7F}
Windows Live Writer-->MsiExec.exe /X{479A749B-1684-4881-8266-BF8DD22251E7}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\Uninstall.exe
WMIHookBtnFn-->"C:\Program Files (x86)\InstallShield Installation Information\{25BFC31F-27BF-4870-B043-CBC8400C97F8}\setup.exe" -runfromtemp -l0x0409 -removeonly

======System event log======

Computer Name: okay-msi
Event Code: 7036
Message: Stav služby Služba Výčet přenosných zařízení byl změněn na: Spuštěno
Record Number: 154033
Source Name: Service Control Manager
Time Written: 20130206182336.791992-000
Event Type: Informace
User:

Computer Name: okay-msi
Event Code: 7036
Message: Stav služby Služba seznamu sítí byl změněn na: Spuštěno
Record Number: 154032
Source Name: Service Control Manager
Time Written: 20130206182336.628906-000
Event Type: Informace
User:

Computer Name: okay-msi
Event Code: 7036
Message: Stav služby Hostitel diagnostického systému byl změněn na: Spuštěno
Record Number: 154031
Source Name: Service Control Manager
Time Written: 20130206182336.618164-000
Event Type: Informace
User:

Computer Name: okay-msi
Event Code: 7036
Message: Stav služby Přístup k zařízením standardu HID byl změněn na: Spuštěno
Record Number: 154030
Source Name: Service Control Manager
Time Written: 20130206182336.582031-000
Event Type: Informace
User:

Computer Name: okay-msi
Event Code: 7036
Message: Stav služby Prohledávání počítačů byl změněn na: Spuštěno
Record Number: 154029
Source Name: Service Control Manager
Time Written: 20130206182336.569335-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: okay-msi
Event Code: 1035
Message: Instalační služba systému Windows provedla opětovnou konfiguraci produktu. Název produktu: Windows Live Mail. Verze produktu: 14.0.8089.0726. Jazyk produktu: 1029. Výrobce: Microsoft Corporation. Stav opětovné konfigurace (úspěch nebo chyba): 0.
Record Number: 39678
Source Name: MsiInstaller
Time Written: 20120404052825.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: okay-msi
Event Code: 1035
Message: Instalační služba systému Windows provedla opětovnou konfiguraci produktu. Název produktu: Microsoft Visual C++ 2005 Redistributable (x64). Verze produktu: 8.0.56336. Jazyk produktu: 0. Výrobce: Microsoft Corporation. Stav opětovné konfigurace (úspěch nebo chyba): 0.
Record Number: 39677
Source Name: MsiInstaller
Time Written: 20120404052825.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: okay-msi
Event Code: 1035
Message: Instalační služba systému Windows provedla opětovnou konfiguraci produktu. Název produktu: Windows Live Fotogalerie. Verze produktu: 14.0.8081.709. Jazyk produktu: 1029. Výrobce: Microsoft Corporation. Stav opětovné konfigurace (úspěch nebo chyba): 0.
Record Number: 39676
Source Name: MsiInstaller
Time Written: 20120404052825.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: okay-msi
Event Code: 1035
Message: Instalační služba systému Windows provedla opětovnou konfiguraci produktu. Název produktu: MSVCRT. Verze produktu: 14.0.1468.721. Jazyk produktu: 1033. Výrobce: Microsoft. Stav opětovné konfigurace (úspěch nebo chyba): 0.
Record Number: 39675
Source Name: MsiInstaller
Time Written: 20120404052825.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: okay-msi
Event Code: 1035
Message: Instalační služba systému Windows provedla opětovnou konfiguraci produktu. Název produktu: Java Auto Updater. Verze produktu: 2.0.2.4. Jazyk produktu: 1033. Výrobce: Sun Microsystems, Inc.. Stav opětovné konfigurace (úspěch nebo chyba): 0.
Record Number: 39674
Source Name: MsiInstaller
Time Written: 20120404052825.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: okay-msi
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: OKAY-MSI$
Doména účtu: DOMA
ID přihlášení: 0x3e7

Typ přihlášení: 2

Nové přihlášení:
ID zabezpečení: S-1-5-21-3670149237-692383297-1956020581-1000
Název účtu: okay
Doména účtu: okay-msi
ID přihlášení: 0x13c36
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x24c
Název procesu: C:\Windows\System32\winlogon.exe

Informace o síti:
Název pracovní stanice: OKAY-MSI
Adresa zdrojové sítě 127.0.0.1
Zdrojový port: 0

Podrobné informace o ověření:
Proces přihlášení: User32
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 26995
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121012100224.906250-000
Event Type: Úspěšný audit
User:

Computer Name: okay-msi
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: OKAY-MSI$
Doména účtu: DOMA
ID přihlášení: 0x3e7

Typ přihlášení: 2

Nové přihlášení:
ID zabezpečení: S-1-5-21-3670149237-692383297-1956020581-1000
Název účtu: okay
Doména účtu: okay-msi
ID přihlášení: 0x13c02
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x24c
Název procesu: C:\Windows\System32\winlogon.exe

Informace o síti:
Název pracovní stanice: OKAY-MSI
Adresa zdrojové sítě 127.0.0.1
Zdrojový port: 0

Podrobné informace o ověření:
Proces přihlášení: User32
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 26994
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121012100224.906250-000
Event Type: Úspěšný audit
User:

Computer Name: okay-msi
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: OKAY-MSI$
Doména účtu: DOMA
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: okay
Doména účtu: okay-msi
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0x24c
Název procesu: C:\Windows\System32\winlogon.exe

Informace o síti:
Síťová adresa: 127.0.0.1
Port: 0

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 26993
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121012100224.906250-000
Event Type: Úspěšný audit
User:

Computer Name: okay-msi
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 26992
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121012100224.796875-000
Event Type: Úspěšný audit
User:

Computer Name: okay-msi
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: OKAY-MSI$
Doména účtu: DOMA
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x228
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 26991
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121012100224.796875-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 28 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=1c0a
"configsetroot"=%SystemRoot%\ConfigSetRoot

-----------------EOF-----------------

[MaxDJs]

Logfile of random's system information tool 1.09 (written by random/random)
Run by okay at 2013-09-26 17:59:55
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 16 GB (23%) free of 70 GB
Total RAM: 2038 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:00:04, on 26.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\ICQ7.5\ICQ.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\okay\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\okay.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Advent.lnk = C:\Users\okay\AppData\Local\Temp\Rar$EX00.594\Advent.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMI_Hook_Service - MICRO-STAR INT'L,.LTD. - C:\Program Files\msi\WMIHookBtnFn\WMI_Hook_Service.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10418 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-22 192592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll [2011-05-09 176936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-22 192592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-09-14 1213848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-07-22 39408]
"ICQ"=C:\Program Files (x86)\ICQ7.5\ICQ.exe [2011-08-01 124480]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2011-08-19 399224]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2012-06-21 247768]

C:\Users\okay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Advent.lnk - C:\Users\okay\AppData\Local\Temp\Rar$EX00.594\Advent.exe
OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"vidc.VP62"=vp6vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-09-26 17:59:57 ----D---- C:\Program Files (x86)\trend micro
2013-09-26 17:59:55 ----D---- C:\rsit
2013-09-11 16:10:25 ----A---- C:\windows\SysWOW64\ieui.dll
2013-09-11 16:10:23 ----A---- C:\windows\SysWOW64\iesetup.dll
2013-09-11 16:10:22 ----A---- C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 16:10:22 ----A---- C:\windows\SysWOW64\iesysprep.dll
2013-09-11 16:10:22 ----A---- C:\windows\SysWOW64\iertutil.dll
2013-09-11 16:10:22 ----A---- C:\windows\SysWOW64\iernonce.dll
2013-09-11 16:10:19 ----A---- C:\windows\SysWOW64\msfeeds.dll
2013-09-11 16:10:17 ----A---- C:\windows\SysWOW64\jscript.dll
2013-09-11 16:10:14 ----A---- C:\windows\SysWOW64\jscript9.dll
2013-09-11 16:10:13 ----A---- C:\windows\SysWOW64\urlmon.dll
2013-09-11 16:10:10 ----A---- C:\windows\SysWOW64\jsproxy.dll
2013-09-11 16:10:09 ----A---- C:\windows\SysWOW64\wininet.dll
2013-09-11 16:10:05 ----A---- C:\windows\SysWOW64\ieframe.dll
2013-09-11 16:09:53 ----A---- C:\windows\SysWOW64\mshtml.dll
2013-09-11 15:10:37 ----A---- C:\windows\SysWOW64\ntoskrnl.exe
2013-09-11 15:10:37 ----A---- C:\windows\SysWOW64\ntkrnlpa.exe
2013-09-11 15:10:36 ----A---- C:\windows\SysWOW64\ntdll.dll
2013-09-11 15:10:35 ----A---- C:\windows\SysWOW64\KernelBase.dll
2013-09-11 15:10:35 ----A---- C:\windows\SysWOW64\kernel32.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 15:10:34 ----AH---- C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 15:10:34 ----A---- C:\windows\SysWOW64\wow32.dll
2013-09-11 15:10:34 ----A---- C:\windows\SysWOW64\ntvdm64.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 15:10:33 ----AH---- C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 15:10:33 ----A---- C:\windows\SysWOW64\user.exe
2013-09-11 15:10:33 ----A---- C:\windows\SysWOW64\setup16.exe
2013-09-11 15:10:33 ----A---- C:\windows\SysWOW64\instnm.exe
2013-09-11 15:10:33 ----A---- C:\windows\SysWOW64\apisetschema.dll
2013-09-11 15:10:18 ----A---- C:\windows\SysWOW64\shell32.dll
2013-09-11 15:10:17 ----A---- C:\windows\SysWOW64\shdocvw.dll

======List of files/folders modified in the last 1 month======

2013-09-26 18:00:04 ----D---- C:\windows\Prefetch
2013-09-26 17:59:57 ----RD---- C:\Program Files (x86)
2013-09-26 17:59:49 ----D---- C:\Users\okay\AppData\Roaming\uTorrent
2013-09-26 10:52:36 ----D---- C:\windows\Temp
2013-09-26 10:52:11 ----D---- C:\Users\okay\AppData\Roaming\ICQ
2013-09-25 18:51:10 ----SHD---- C:\System Volume Information
2013-09-20 19:18:22 ----D---- C:\windows\SysWOW64
2013-09-20 19:18:16 ----A---- C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-15 19:53:54 ----D---- C:\windows\rescache
2013-09-13 19:15:36 ----D---- C:\windows\System32
2013-09-13 19:15:35 ----D---- C:\windows\inf
2013-09-11 17:34:09 ----D---- C:\windows\Microsoft.NET
2013-09-11 17:33:28 ----RSD---- C:\windows\assembly
2013-09-11 16:31:07 ----D---- C:\windows\winsxs
2013-09-11 16:26:36 ----D---- C:\Program Files (x86)\Internet Explorer
2013-09-11 16:26:18 ----D---- C:\windows\AppPatch
2013-09-11 16:26:14 ----D---- C:\windows\SysWOW64\cs-CZ
2013-09-10 19:38:21 ----HD---- C:\ProgramData
2013-09-10 13:43:42 ----D---- C:\ProgramData\CanonIJPLM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys []
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys []
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys []
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\windows\system32\DRIVERS\rtl8192se.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys []
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys []
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys []
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys []
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys []
S3 XICTAMDM;CELOT-W USB MODEM Driver; C:\windows\system32\DRIVERS\XICTAMDM.sys []
S3 XICTANmea;CELOT-W NMEA Device Driver(WDM); C:\windows\system32\DRIVERS\XICTANmea.sys []
S3 XICTAVSP;CELOT-W DM Interface Driver(WDM); C:\windows\system32\DRIVERS\XICTAVSP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2010-07-27 137680]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
R2 WMI_Hook_Service;WMI_Hook_Service; C:\Program Files\msi\WMIHookBtnFn\WMI_Hook_Service.exe [2010-01-07 105472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20 257416]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-24 194032]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

[vyosek]

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[MaxDJs]

# AdwCleaner v3.005 - Report created 26/09/2013 at 19:44:43
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : okay - OKAY-MSI
# Running from : C:\Users\okay\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B12B8855-9A3D-47BD-90CE-B9B3A1133FED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31FF2FED-2FBF-49FA-9F3D-82B02BBD3344}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : HKCU\Software\uTorrentBar
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\okay\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2494 octets] - [26/09/2013 19:18:19]
AdwCleaner[S0].txt - [2404 octets] - [26/09/2013 19:44:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2464 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by okay on źt 26.09.2013 at 18:57:14,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\utorrentbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}



~~~ Files

Successfully deleted: [File] "C:\windows\syswow64\conduitengine.tmp"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\okay\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\okay\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\okay\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\okay\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\utorrentbar"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 26.09.2013 at 19:14:50,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[vyosek]

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

[MaxDJs]

Extras.txt

OTL Extras logfile created on: 9/26/2013 8:25:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\okay\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.92% Memory free
3.98 Gb Paging File | 2.88 Gb Available in Paging File | 72.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68.36 Gb Total Space | 15.25 Gb Free Space | 22.31% Space Free | Partition Type: NTFS
Drive D: | 214.98 Gb Total Space | 211.61 Gb Free Space | 98.43% Space Free | Partition Type: NTFS
Drive F: | 15.12 Gb Total Space | 11.08 Gb Free Space | 73.27% Space Free | Partition Type: FAT32
Drive G: | 7.41 Gb Total Space | 5.63 Gb Free Space | 76.02% Space Free | Partition Type: FAT32

Computer Name: OKAY-MSI | User Name: okay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B9F0E07-900F-44DD-BC91-4166136261E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B4B52B9-573A-4455-87E3-CA6D6196A42E}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C0F5C54-4B3D-455E-B869-77E5FD4B1968}" = rport=137 | protocol=17 | dir=out | app=system |
"{627CDBBF-92E2-423E-9F95-8F95F2402705}" = rport=138 | protocol=17 | dir=out | app=system |
"{82729BAA-A878-4846-9B53-FE8A2184FFC0}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F1080FE-6AB2-41A8-9DAE-55CD0EF6AB81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{90D307FC-16C7-4568-97E1-0C9F76A0E704}" = lport=137 | protocol=17 | dir=in | app=system |
"{95D2079A-5C18-4431-8755-997513D04986}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADB01B33-6906-45E6-AF4B-D1523354B038}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D099A878-E7DA-460E-B343-95C713F610C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D971DEF4-60A1-4BB9-8EC0-1B7F9043EC73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E3DE0035-7ED3-4305-AFCC-80380D2CDB3E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC1BC4CE-4415-46D3-943C-20754151C234}" = lport=139 | protocol=6 | dir=in | app=system |
"{F1DE3620-8639-4616-967E-55D4B353531F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F852D61A-AF6A-47BF-B49F-9FA1B2AEA312}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD0980B1-74C5-45BF-9AB0-4213B8AE3BB8}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A82CF4-8F61-4C57-BAA0-CDA7314FEC8B}" = protocol=17 | dir=in | app=c:\users\okay\appdata\local\temp\7zs71c2.tmp\symnrt.exe |
"{1C1E0573-E040-4E90-9A83-33F256E198AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{23DB0F52-2A95-4085-A61C-89977C03530F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{34B68965-2978-4999-B7B9-1F194875F27E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{408ECE06-58F3-4E77-AA80-ADBB7C3A1A18}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{478B2698-3CD7-4826-A7A9-48069894908F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{78E4448D-E3F8-4C17-976D-D105C5186307}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7A2C89AF-0098-4DBC-9ABB-AB166280B06A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{7CB2B366-F564-4334-888D-97064024362F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{83C106CF-B9B2-4193-9E60-CC1FFCFA662D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8DD1E265-8FB0-4CA0-85FE-1B0FDB2EE6E6}" = protocol=6 | dir=in | app=c:\users\okay\appdata\local\temp\7zs71c2.tmp\symnrt.exe |
"{8EBBF846-20A2-4CFB-9C86-A4FF560BAED0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A91F66C0-5A84-4DA2-8FB9-83C6A831C209}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC1157A9-78A3-44D9-80B5-64BE70C83AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B630CA1A-B547-4B13-8C8B-8148A0B3A98F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C926CCC2-F565-4984-9E99-26D9DAF29218}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3967880-D8F8-4743-931C-02781B33FAE5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{DE2D84E9-91C5-46A6-AD5A-AAD32E6BE5F7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{EC2B7BDC-6B46-4C54-BA36-9909EFB9E60E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F509E3E9-C090-4F74-A0C5-17E0E149EBAD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{F9C36FD0-B02B-4258-B440-F6AC7A51BBE6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"TCP Query User{047A9E5A-13AC-4438-9A32-99F2D1128989}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{43CE56A8-2BA8-4463-8EFC-5A02A6A49080}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{78D078AD-783B-4F54-B1EF-FC181F6B6DEB}G:\flatout2\flatout2.exe" = protocol=6 | dir=in | app=g:\flatout2\flatout2.exe |
"TCP Query User{91C884D3-06FE-461B-BCF1-9E5477D4CA5A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{938A5F81-1B20-4F93-A199-A12E54F599B0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{947BC09F-C22F-4AFA-B920-D99A2447A355}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4E41E33A-4AE4-400D-9124-3D31FD2581C9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{BD158BFA-8302-4E49-B301-70A136A99931}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BE336E77-2A3D-44C1-823D-A92B8488B95B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E6F84559-4576-4FD0-829E-D30A409CB651}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ED06048A-BA95-44ED-A1F3-C00F1E511191}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{FA923A86-9F05-4EFE-AB91-E6F8DCCE6CAD}G:\flatout2\flatout2.exe" = protocol=17 | dir=in | app=g:\flatout2\flatout2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = msi Software Install_x64
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{25BFC31F-27BF-4870-B043-CBC8400C97F8}" = WMIHookBtnFn
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0402-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Bulgarian) 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040E-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hungarian) 2007
"{90120000-002A-041B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Slovak) 2007
"{90120000-002A-0425-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Estonian) 2007
"{90120000-002A-0426-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Latvian) 2007
"{90120000-002A-0427-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Lithuanian) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B277E30A-B7BC-4f34-9098-BF906D602F23}" = CELOT-W USB Modem Driver
"{B6FC1F2E-3C04-4BF0-A4D9-2F0372D494A4}" = msi Easy Mode_x64
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068B46A0-8858-4CEB-80BC-A4AE787A05FC}" = Windows Live Sync
"{10B43A43-FF73-47FD-83E8-A503E84F9ED6}" = OpenOffice.org 3.3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D097338-B4FA-4F29-9C43-8D7A970A007E}" = Windows Live Fotogalerie
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = The Godfather™ The Game
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26CE484D-2E8E-40D5-B251-158133114C69}" = TomTom HOME
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E62B27C-342F-4B44-9331-CA4BC59A586F}" = Asistent pro přihlášení ke službě Windows Live
"{3EB25AD7-8DC9-4E79-8570-F54052ED4084}" = 3G mobilní internet
"{479A749B-1684-4881-8266-BF8DD22251E7}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6E257F26-57FA-4BC9-AE3B-D50AF937DA7F}" = Windows Live Toolbar
"{71E40B32-5173-4538-8996-5822DD18E8D4}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0402-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Bulgarian) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040E-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hungarian) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0016-0425-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Estonian) 2007
"{90120000-0016-0426-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Latvian) 2007
"{90120000-0016-0427-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Lithuanian) 2007
"{90120000-0018-0402-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Bulgarian) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040E-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hungarian) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0018-0425-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Estonian) 2007
"{90120000-0018-0426-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Latvian) 2007
"{90120000-0018-0427-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Lithuanian) 2007
"{90120000-001B-0402-0000-0000000FF1CE}" = Microsoft Office Word MUI (Bulgarian) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040E-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hungarian) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001B-0425-0000-0000000FF1CE}" = Microsoft Office Word MUI (Estonian) 2007
"{90120000-001B-0426-0000-0000000FF1CE}" = Microsoft Office Word MUI (Latvian) 2007
"{90120000-001B-0427-0000-0000000FF1CE}" = Microsoft Office Word MUI (Lithuanian) 2007
"{90120000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-0425-0000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2007
"{90120000-001F-0426-0000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2007
"{90120000-001F-0427-0000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0402-0000-0000000FF1CE}" = Microsoft Office Proofing (Bulgarian) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040E-0000-0000000FF1CE}" = Microsoft Office Proofing (Hungarian) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-002C-0425-0000-0000000FF1CE}" = Microsoft Office Proofing (Estonian) 2007
"{90120000-002C-0426-0000-0000000FF1CE}" = Microsoft Office Proofing (Latvian) 2007
"{90120000-002C-0427-0000-0000000FF1CE}" = Microsoft Office Proofing (Lithuanian) 2007
"{90120000-006E-0402-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Bulgarian) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040E-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hungarian) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-006E-0425-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Estonian) 2007
"{90120000-006E-0426-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Latvian) 2007
"{90120000-006E-0427-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Lithuanian) 2007
"{90120000-00A1-0402-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Bulgarian) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-040E-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hungarian) 2007
"{90120000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2007
"{90120000-00A1-0425-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Estonian) 2007
"{90120000-00A1-0426-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Latvian) 2007
"{90120000-00A1-0427-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Lithuanian) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{AFAB8695-BA2C-419B-8753-42880713FE22}" = Hitman Codename 47
"{B0490CEE-D5ED-431A-88EB-772D9DB70C0C}" = Windows Live Movie Maker
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}" = Microsoft Works
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D16A2995-0CD2-4DD8-AD77-C0FC1F3C0F7D}" = Syberia
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5A10EF8-DBF3-4251-A9CA-423311DBBFC8}" = Windows Live Mail
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = msi EasyViewer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Free DVD ISO Burner (by minidvdsoft)_is1" = Free DVD ISO Burner version 1.2
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{25BFC31F-27BF-4870-B043-CBC8400C97F8}" = WMIHookBtnFn
"InstallShield_{3EB25AD7-8DC9-4E79-8570-F54052ED4084}" = 3G mobilní internet
"InstallShield_{B6FC1F2E-3C04-4BF0-A4D9-2F0372D494A4}" = msi Easy Mode_x64
"InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = msi EasyViewer
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Opera 12.02.1578" = Opera 12.02
"PDF To Excel Converter_is1" = PDF To Excel Converter V2.0
"Portal" = Portal
"Registrace uživatele zařízení Canon MX360 series" = Registrace uživatele zařízení Canon MX360 series
"Speed Dial Utility" = Canon Nástroj pro rychlou volbu
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

< End of report >

[MaxDJs]

OTL.txt

OTL logfile created on: 9/26/2013 8:25:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\okay\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.92% Memory free
3.98 Gb Paging File | 2.88 Gb Available in Paging File | 72.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68.36 Gb Total Space | 15.25 Gb Free Space | 22.31% Space Free | Partition Type: NTFS
Drive D: | 214.98 Gb Total Space | 211.61 Gb Free Space | 98.43% Space Free | Partition Type: NTFS
Drive F: | 15.12 Gb Total Space | 11.08 Gb Free Space | 73.27% Space Free | Partition Type: FAT32
Drive G: | 7.41 Gb Total Space | 5.63 Gb Free Space | 76.02% Space Free | Partition Type: FAT32

Computer Name: OKAY-MSI | User Name: okay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013/09/26 20:24:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\okay\Desktop\OTL.exe
PRC - [2012/10/13 16:50:12 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012/06/21 05:01:58 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/06/21 05:01:56 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/08/19 16:57:13 | 000,399,224 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/08/01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe
PRC - [2011/01/17 19:01:18 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:01:18 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/14 18:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/07/27 02:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/01/07 04:48:44 | 000,105,472 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Program Files\msi\WMIHookBtnFn\WMI_Hook_Service.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/17 19:36:42 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/01/07 04:48:44 | 000,105,472 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Program Files\msi\WMIHookBtnFn\WMI_Hook_Service.exe -- (WMI_Hook_Service)
SRV - [2013/09/20 19:18:18 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/21 05:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/27 02:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/17 10:33:44 | 000,185,176 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XICTAVSP.sys -- (XICTAVSP)
DRV:64bit: - [2010/07/17 10:33:44 | 000,185,176 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XICTANmea.sys -- (XICTANmea)
DRV:64bit: - [2010/07/17 10:33:44 | 000,185,176 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XICTAMDM.sys -- (XICTAMDM)
DRV:64bit: - [2009/10/16 01:27:04 | 006,177,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/02 23:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/10 21:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 08:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{68B47D61-6234-4655-889C-96CF8EAC7525}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{EDB93DF2-AA84-440E-8C66-78C280F165DC}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
IE - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://centrum.cz/
IE - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... FA_csCZ441
IE - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)


[2012/07/19 11:26:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\okay\AppData\Roaming\Mozilla\Extensions
[2012/07/19 11:26:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\okay\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HookKey] C:\Program Files\msi\WMIHookBtnFn\HookKey.exe (MICRO-STAR INT'L,.LTD.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3670149237-692383297-1956020581-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3670149237-692383297-1956020581-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3670149237-692383297-1956020581-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\okay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Advent.lnk = File not found
O4 - Startup: C:\Users\okay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2021F65-09AB-469D-9CB0-5749FE2A3E11}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5988A2B-FF9C-45C4-AA76-9EFB58BB8C8F}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{da2b8fdd-4e37-11e1-9fa6-406186ca71b7}\Shell - "" = AutoRun
O33 - MountPoints2\{da2b8fdd-4e37-11e1-9fa6-406186ca71b7}\Shell\AutoRun\command - "" = F:\Launcher.exe
O33 - MountPoints2\{da2b8fe3-4e37-11e1-9fa6-406186ca71b7}\Shell - "" = AutoRun
O33 - MountPoints2\{da2b8fe3-4e37-11e1-9fa6-406186ca71b7}\Shell\AutoRun\command - "" = F:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013/09/26 20:24:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\okay\Desktop\OTL.exe
[2013/09/26 19:18:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/26 18:57:09 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/09/26 18:56:27 | 001,030,038 | ---- | C] (Thisisu) -- C:\Users\okay\Desktop\JRT.exe
[2013/09/26 17:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2013/09/26 17:59:55 | 000,000,000 | ---D | C] -- C:\rsit
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013/09/26 20:31:00 | 000,000,948 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/26 20:30:27 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/09/26 20:29:32 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/26 20:29:32 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/26 20:24:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\okay\Desktop\OTL.exe
[2013/09/26 20:18:00 | 000,000,914 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/26 19:46:21 | 000,000,944 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/26 19:46:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/26 19:46:03 | 1602,985,984 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/26 18:56:53 | 001,030,038 | ---- | M] (Thisisu) -- C:\Users\okay\Desktop\JRT.exe
[2013/09/26 18:56:32 | 001,042,066 | ---- | M] () -- C:\Users\okay\Desktop\adwcleaner.exe
[2013/09/26 17:59:39 | 000,781,383 | ---- | M] () -- C:\Users\okay\Desktop\RSIT.exe
[2013/09/22 16:45:29 | 000,017,828 | ---- | M] () -- C:\Users\okay\Documents\volební%20program.odt_0.odt
[2013/09/22 16:45:17 | 000,019,163 | ---- | M] () -- C:\Users\okay\Documents\Bez%20názvu%202.ods_0.ods
[2013/09/21 17:32:52 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/20 19:18:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/09/20 19:18:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/26 20:30:26 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/09/26 18:56:32 | 001,042,066 | ---- | C] () -- C:\Users\okay\Desktop\adwcleaner.exe
[2013/09/26 17:59:39 | 000,781,383 | ---- | C] () -- C:\Users\okay\Desktop\RSIT.exe
[2013/09/23 13:38:58 | 000,019,163 | ---- | C] () -- C:\Users\okay\Documents\Bez%20názvu%202.ods_0.ods
[2013/09/23 13:38:58 | 000,017,828 | ---- | C] () -- C:\Users\okay\Documents\volební%20program.odt_0.odt
[2012/05/29 22:30:48 | 000,007,605 | ---- | C] () -- C:\Users\okay\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[MaxDJs]

========== LOP Check ==========

[2012/10/12 11:22:05 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\.minecraft
[2012/08/26 16:16:04 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Canon
[2013/09/26 10:52:11 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\ICQ
[2011/06/17 16:32:56 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\OpenOffice.org
[2012/10/13 16:50:35 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Opera
[2011/08/13 12:06:34 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Rovio
[2012/07/19 11:26:27 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\TomTom
[2013/09/26 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\uTorrent
[2012/08/08 12:11:22 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\YCanPDF

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,598 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011/07/22 21:19:40 | 000,000,944 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/07/22 21:19:43 | 000,000,948 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/05/11 21:23:11 | 000,000,914 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\windows\SysNative\autochk.exe
[2010/11/20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\drivers\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2010/01/01 03:48:26 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/01/01 03:48:26 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/01/01 03:52:24 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/01/01 03:52:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/01/01 03:52:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/01/01 03:48:26 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/01/01 03:52:24 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/01/01 03:48:26 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
[2010/11/20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\windows\SysNative\hal.dll
[2010/11/20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2012/10/03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011/09/29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013/05/08 08:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2010/11/20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2010/11/20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/21 08:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2013/01/04 07:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2012/03/30 12:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 13:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2013/01/03 07:57:12 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2012/03/30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013/05/08 08:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2011/06/21 08:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/29 18:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013/07/06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013/01/03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011/04/25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013/01/04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2011/06/21 08:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2012/10/03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\windows\SysNative\drivers\tcpip.sys
[2013/07/06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2011/06/21 08:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 18:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[14 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[22 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[22 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
[1 C:\windows\Temp\Google Toolbar\*.tmp files -> C:\windows\Temp\Google Toolbar\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/10/12 11:22:05 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\.minecraft
[2011/06/17 19:18:37 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Adobe
[2012/08/26 16:16:04 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Canon
[2011/07/23 09:16:17 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Google
[2013/09/26 10:52:11 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\ICQ
[2009/07/14 07:09:13 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Identities
[2011/06/17 19:23:14 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Macromedia
[2013/05/25 17:45:26 | 000,000,000 | --SD | M] -- C:\Users\okay\AppData\Roaming\Microsoft
[2012/07/19 11:26:31 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Mozilla
[2011/06/17 16:32:56 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\OpenOffice.org
[2012/10/13 16:50:35 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Opera
[2011/08/13 12:06:34 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Rovio
[2011/06/15 04:30:20 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\Skype
[2012/07/19 11:26:27 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\TomTom
[2013/09/26 21:06:41 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\uTorrent
[2012/08/08 12:11:22 | 000,000,000 | ---D | M] -- C:\Users\okay\AppData\Roaming\YCanPDF

< %APPDATA%\*.exe /s >
[2012/08/25 10:33:21 | 030,544,304 | ---- | M] () -- C:\Users\okay\AppData\Roaming\TomTom\HOME\Profiles\tnuqt4sa.default\Updates\v2_9_1_2780_win.exe
[2013/09/22 09:22:25 | 030,914,760 | ---- | M] () -- C:\Users\okay\AppData\Roaming\TomTom\HOME\Profiles\tnuqt4sa.default\Updates\v2_9_6_3196_win.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013/09/26 20:18:00 | 000,000,914 | ---- | M] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2013/09/26 19:46:21 | 000,000,944 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/09/26 20:31:00 | 000,000,948 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"swg" = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2011/07/22 21:19:19 | 000,039,408 | ---- | M] (Google Inc.)
"ICQ" = "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4 -- [2011/08/01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.)
"uTorrent" = "C:\Program Files (x86)\uTorrent\uTorrent.exe" -- [2011/08/19 16:57:13 | 000,399,224 | ---- | M] (BitTorrent, Inc.)
"TomTomHOME.exe" = "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s -- [2012/06/21 05:01:56 | 000,247,768 | ---- | M] (TomTom)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013/08/10 06:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2012/10/13 16:50:12 | 000,874,896 | ---- | M] (Opera Software) MD5=E9B8F06429A1727D9FD9D4CE023EDCEB -- C:\Program Files (x86)\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013/09/17 05:21:30 | 000,829,392 | ---- | M] (Google Inc.) MD5=E7148BB584830E51AFD414CE9AEAE74C -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013/09/26 20:30:27 | 000,000,512 | ---- | M] () MD5=B73036E31826A14203719C5712146334 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012/05/09 16:22:12 | 000,000,394 | ---- | M] () -- \Users\okay\AppData\Roaming\Microsoft\Windows\Recent\crack.lnk

< *keygen* /s >

< *loader* /s >
[2011/08/19 16:57:53 | 000,009,767 | ---- | M] () -- \extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ExternalLibraryLoader.jsm
[2011/06/17 19:21:13 | 000,005,795 | ---- | M] () -- \Program Files (x86)\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011/06/17 19:21:14 | 000,004,180 | ---- | M] () -- \Program Files (x86)\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011/06/17 19:21:13 | 000,005,520 | ---- | M] () -- \Program Files (x86)\ICQ7.5\imApp\theme\MUICoreLib\xtraLoader.swf
[2012/03/26 18:53:56 | 000,002,886 | ---- | M] () -- \Program Files (x86)\ICQ7.5\Xtraz\icq\content\babylon_feed\preloader01_b.swf
[2011/07/27 14:48:36 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7.5\Xtraz\icq\content\icq_profile\preloader.html
[2011/06/17 19:22:22 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7.5\Xtraz\icq\content\profile_forms\preloader.html
[2011/06/17 19:22:22 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7.5\Xtraz\icq\content\profile_lightboxs\preloader.html
[2002/07/04 15:25:44 | 000,106,496 | ---- | M] () -- \Program Files (x86)\Microids\Syberia\Dlls\JpgLoader.dll
[2002/07/04 15:25:48 | 000,036,864 | ---- | M] () -- \Program Files (x86)\Microids\Syberia\Dlls\VirtoolsLoaderR.dll
[2011/01/17 16:21:04 | 000,006,263 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.py
[2011/06/17 19:36:31 | 000,021,504 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2011/01/17 19:07:52 | 000,000,171 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2011/06/17 19:37:05 | 000,029,184 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2010/11/19 12:24:20 | 000,003,689 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\URE\java\unoloader.jar
[2005/06/07 21:25:46 | 000,044,032 | ---- | M] () -- \Program Files (x86)\WinRAR\RarExtLoader.exe
[2013/05/11 21:22:16 | 000,000,723 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DRAICIG\downloaderror[1].js
[2012/06/27 08:38:05 | 000,000,723 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QA994JZ\downloaderror[1].js
[2012/06/27 08:38:05 | 000,001,174 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QA994JZ\downloader[1].js
[2013/05/11 21:22:16 | 000,001,174 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QA994JZ\downloader[2].js
[2012/06/27 08:38:02 | 000,004,760 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P4PXCKW0\bundleloader[1].js
[2013/05/11 21:22:10 | 000,003,784 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P4PXCKW0\bundleloader[2].js
[2012/04/06 18:21:34 | 000,045,804 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\000XBNSR\cssloader-afe324f6f051[1].css
[2012/04/18 15:12:36 | 000,176,879 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\000XBNSR\jsloader-6b83d77e770f[1].js
[2013/09/13 09:14:44 | 000,108,855 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\02GRETWT\cssloader-65670978b5a5[1].css
[2013/09/13 09:14:44 | 000,402,115 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\02GRETWT\jsloader-1b446b6079e4[1].js
[2013/05/20 10:31:54 | 000,099,569 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0CWNOXWP\cssloader-f4ec335a5fb5[1].css
[2013/05/20 13:54:01 | 000,099,569 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0CWNOXWP\cssloader-f4ec335a5fb5[2].css
[2013/05/20 13:54:01 | 000,401,997 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0CWNOXWP\jsloader-421470c149aa[1].js
[2013/05/19 11:57:38 | 000,004,277 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0CWNOXWP\uploaderapi2[2].swf
[2013/09/26 13:52:25 | 000,009,289 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0ERQGXMR\camera-loader[1].gif
[2013/05/20 13:54:14 | 000,002,158 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1QB3VU9K\cssloader-0ecfd3a92943-sdileni[1].css
[2013/05/20 10:31:17 | 000,401,997 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1QB3VU9K\jsloader-421470c149aa[1].js
[2013/05/20 10:31:54 | 000,401,997 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1QB3VU9K\jsloader-421470c149aa[2].js
[2013/05/20 13:54:14 | 000,153,229 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1QB3VU9K\jsloader-63507cacbc40[1].js
[2013/05/19 11:28:59 | 000,000,673 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1QB3VU9K\loader.white[1].gif
[2013/09/06 08:47:40 | 000,058,500 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1SZGZ8K4\sf_preloader[1].js
[2013/09/22 16:28:51 | 000,058,598 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1SZGZ8K4\sf_preloader[2].js
[2013/07/15 15:11:43 | 000,044,948 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WGD1YFO\sf_preloader[1].js
[2013/08/13 14:56:09 | 000,058,435 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WGD1YFO\sf_preloader[2].js
[2013/09/10 21:12:36 | 000,058,500 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WGD1YFO\sf_preloader[3].js
[2013/09/18 17:09:03 | 000,058,598 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WGD1YFO\sf_preloader[4].js
[2012/06/13 12:38:59 | 000,002,084 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39IL1RZY\loader_frame[1].htm
[2013/05/21 08:59:50 | 000,004,178 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3SWWT27Q\ajax-loader[1].gif
[2013/05/21 12:31:23 | 000,099,569 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3SWWT27Q\cssloader-f4ec335a5fb5[1].css
[2013/05/21 12:32:31 | 000,099,569 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3SWWT27Q\cssloader-f4ec335a5fb5[2].css
[2013/07/18 17:53:20 | 000,045,115 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\67GEPQI0\sf_preloader[1].js
[2013/07/23 19:06:41 | 000,045,115 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\67GEPQI0\sf_preloader[2].js
[2013/08/10 15:42:56 | 000,047,046 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\67GEPQI0\sf_preloader[3].js
[2013/09/02 09:51:26 | 000,058,492 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\67GEPQI0\sf_preloader[4].js
[2013/08/12 17:46:29 | 000,058,448 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8AAJBWNU\sf_preloader[1].js
[2012/08/17 17:08:05 | 000,067,653 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\92RKSSQ4\cssloader-47cbd027dd5b[1].css
[2012/08/15 13:54:40 | 000,062,996 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\92RKSSQ4\cssloader-b011590041a0[1].css
[2012/08/08 20:22:18 | 000,194,032 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\92RKSSQ4\jsloader-911a205de8ec[1].js
[2012/08/16 14:43:13 | 000,194,212 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\92RKSSQ4\jsloader-911a205de8ec[2].js
[2013/05/21 10:07:18 | 000,002,158 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AGFSBSGO\cssloader-0ecfd3a92943-sdileni[1].css
[2013/05/21 10:07:18 | 000,153,229 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AGFSBSGO\jsloader-63507cacbc40[1].js
[2013/09/16 14:29:01 | 000,058,598 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FBI3HKSM\sf_preloader[1].js
[2013/08/15 08:02:24 | 000,058,448 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FBI3HKSM\sf_preloader[2].js
[2013/09/22 16:32:32 | 000,000,673 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FPYF7NL9\loader.white[1].gif
[2013/09/22 16:32:30 | 000,016,164 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FPYF7NL9\loader[1].png
[2013/09/03 08:05:05 | 000,058,492 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FPYF7NL9\sf_preloader[1].js
[2013/08/05 14:07:05 | 000,045,182 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FPYF7NL9\sf_preloader[2].js
[2013/09/04 08:07:05 | 000,058,492 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FPYF7NL9\sf_preloader[3].js
[2013/09/23 13:39:11 | 000,058,598 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FPYF7NL9\sf_preloader[4].js
[2013/05/21 12:31:24 | 000,401,997 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HHM0WVJZ\jsloader-421470c149aa[1].js
[2013/05/21 12:32:31 | 000,401,997 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HHM0WVJZ\jsloader-421470c149aa[2].js
[2013/05/21 08:37:30 | 000,003,951 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HHM0WVJZ\loader[1].gif
[2013/05/21 11:43:54 | 000,000,476 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HHM0WVJZ\s.scriptLoader_js[1].js
[2013/09/08 12:22:52 | 000,108,855 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9Y142IK\cssloader-65670978b5a5[1].css
[2013/09/26 11:04:34 | 000,109,071 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9Y142IK\cssloader-65670978b5a5[2].css
[2013/07/17 15:53:45 | 000,003,777 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9Y142IK\fineuploader[1].css
[2013/09/08 12:22:52 | 000,402,115 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9Y142IK\jsloader-1b446b6079e4[1].js
[2013/09/26 11:04:34 | 000,402,676 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9Y142IK\jsloader-1b446b6079e4[2].js
[2013/09/26 15:32:49 | 000,058,610 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9Y142IK\sf_preloader[1].js
[2013/08/20 18:15:49 | 000,058,448 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9Y142IK\sf_preloader[2].js
[2012/12/15 10:39:20 | 000,154,663 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IGFD4J9V\jsloader-cd196dfb4a99[1].js
[2013/05/20 10:31:56 | 000,002,158 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JBKXD9W9\cssloader-0ecfd3a92943-sdileni[1].css
[2013/05/19 11:35:32 | 000,099,569 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JBKXD9W9\cssloader-f4ec335a5fb5[1].css
[2013/05/20 13:54:11 | 000,099,569 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JBKXD9W9\cssloader-f4ec335a5fb5[2].css
[2013/05/19 11:35:32 | 000,401,997 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JBKXD9W9\jsloader-421470c149aa[1].js
[2013/05/20 13:54:11 | 000,401,997 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JBKXD9W9\jsloader-421470c149aa[2].js
[2013/05/20 10:31:56 | 000,153,229 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JBKXD9W9\jsloader-63507cacbc40[1].js
[2013/05/19 10:46:52 | 000,000,673 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JBKXD9W9\loader.white[1].gif
[2013/09/15 15:02:35 | 000,058,500 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MLVKT9MW\sf_preloader[1].js
[2013/08/31 09:26:28 | 000,058,492 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NZKC0G89\sf_preloader[1].js
[2013/09/15 09:28:08 | 000,108,855 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODV85V23\cssloader-65670978b5a5[1].css
[2013/09/26 11:03:13 | 000,109,071 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODV85V23\cssloader-65670978b5a5[2].css
[2013/09/15 09:28:09 | 000,402,115 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODV85V23\jsloader-1b446b6079e4[1].js
[2013/09/26 11:03:13 | 000,402,676 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODV85V23\jsloader-1b446b6079e4[2].js
[2013/09/16 08:02:56 | 000,058,500 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODV85V23\sf_preloader[1].js
[2013/09/08 12:21:52 | 000,108,855 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QTNL24O0\cssloader-65670978b5a5[1].css
[2013/09/08 12:21:52 | 000,402,115 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QTNL24O0\jsloader-1b446b6079e4[1].js
[2013/09/22 09:33:31 | 000,002,105 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QTNL24O0\loader.min[1].js
[2013/07/26 08:08:33 | 000,045,115 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QTNL24O0\sf_preloader[1].js
[2013/09/09 12:55:39 | 000,058,500 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QTNL24O0\sf_preloader[2].js
[2013/09/26 11:04:41 | 000,050,513 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UKEVQPYX\cssloader-5286d7d4fde8[1].css
[2013/09/26 11:04:41 | 000,151,509 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UKEVQPYX\jsloader-63507cacbc40[1].js
[2013/09/26 10:56:43 | 000,007,757 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UKEVQPYX\sf_conduit_loader[1].htm
[2013/09/11 16:37:58 | 000,058,500 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UKEVQPYX\sf_preloader[1].js
[2013/09/20 19:35:37 | 000,058,598 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UKEVQPYX\sf_preloader[2].js
[2013/09/13 09:15:34 | 000,108,855 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VXN3JZDC\cssloader-65670978b5a5[2].css
[2013/09/13 09:15:35 | 000,402,115 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VXN3JZDC\jsloader-1b446b6079e4[2].js
[2013/05/21 12:31:45 | 000,099,569 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WA12CIL6\cssloader-f4ec335a5fb5[1].css
[2013/05/21 12:31:45 | 000,401,997 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WA12CIL6\jsloader-421470c149aa[1].js
[2013/05/20 10:31:17 | 000,099,569 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y1RR8DBS\cssloader-f4ec335a5fb5[1].css
[2013/05/19 10:46:49 | 000,016,164 | ---- | M] () -- \Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y1RR8DBS\loader[1].png
[2012/03/23 20:35:37 | 000,002,608 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2I58OU0N\ajax-loader-soccer[1].gif
[2011/08/07 09:28:16 | 000,000,673 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2I58OU0N\loader.white[1].gif
[2011/06/30 18:48:57 | 000,001,849 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2I58OU0N\loader_grey_small[1].gif
[2012/07/31 16:46:59 | 000,194,032 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2R2VRN1K\jsloader-911a205de8ec[1].js
[2012/07/06 09:05:10 | 000,058,682 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6T1RWESA\cssloader-651e565362f2[1].css
[2012/07/06 09:05:37 | 000,058,682 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6T1RWESA\cssloader-651e565362f2[2].css
[2012/07/06 09:05:10 | 000,193,357 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6T1RWESA\jsloader-30af069f831b[1].js
[2012/07/06 09:05:38 | 000,193,357 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6T1RWESA\jsloader-30af069f831b[2].js
[2012/08/27 16:33:55 | 000,002,892 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6T1RWESA\loader[1].gif
[2012/06/13 18:20:22 | 000,002,084 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6T1RWESA\loader_frame[1].htm
[2012/07/31 10:45:33 | 000,062,768 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8PDBEYA0\cssloader-b011590041a0[1].css
[2012/07/31 10:45:33 | 000,194,032 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8PDBEYA0\jsloader-911a205de8ec[1].js
[2012/03/23 20:35:48 | 000,002,608 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9UWCPDED\ajax-loader-hockey[1].gif
[2011/06/30 18:48:06 | 000,003,208 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9UWCPDED\loader_grey_big[1].gif
[2012/07/31 10:46:01 | 000,062,768 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\MOCKNLU7\cssloader-b011590041a0[1].css
[2012/07/31 10:46:01 | 000,194,032 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\MOCKNLU7\jsloader-911a205de8ec[1].js
[2012/03/23 20:33:07 | 000,004,241 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZX9HUD13\uploaderapi2[2].swf
[2011/06/27 09:19:48 | 000,001,891 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B0Z96NC7\preloader[1].js
[2011/06/27 09:19:59 | 000,002,931 | ---- | M] () -- \Users\okay\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B0Z96NC7\preloader[1].swf
[2009/03/27 13:32:20 | 000,019,456 | ---- | M] () -- \Users\okay\Desktop\Euro Truck Simulator\lib\loaders.dll
[2010/01/01 05:09:21 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2013/09/26 20:24:43 | 000,020,374 | ---- | M] () -- \Windows\Prefetch\RAREXTLOADER.EXE-BC94E7C6.pf
[2010/11/20 12:09:38 | 000,004,290 | ---- | M] () -- \Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_73a52105efe44483.manifest
[2010/11/20 14:33:18 | 000,004,338 | ---- | M] () -- \Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_344529e2e1c53ac6.manifest
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2013/09/10 13:58:25 | 000,140,606 | ---- | M] () -- \Windows\Temp\avnwldrtemp\networkloader.log
[2013/09/10 13:54:20 | 000,053,304 | ---- | M] () -- \Windows\Temp\avnwldrtemp\setup\avwebloader.dll
[2013/09/10 13:54:20 | 000,233,016 | ---- | M] () -- \Windows\Temp\avnwldrtemp\setup\avwebloader.exe
[2013/09/10 13:54:21 | 001,741,368 | ---- | M] () -- \Windows\Temp\avnwldrtemp\setup\avwebloadergui.dll
[2013/06/24 13:08:26 | 000,049,512 | ---- | M] () -- \Windows\Temp\RarSFX0\avwebloader.dll
[2013/06/10 14:48:27 | 000,234,248 | ---- | M] () -- \Windows\Temp\RarSFX0\avwebloader.exe
[2013/06/24 13:08:27 | 001,737,576 | ---- | M] () -- \Windows\Temp\RarSFX0\avwebloadergui.dll
[2013/06/12 10:32:53 | 000,004,363 | ---- | M] () -- \Windows\Temp\RarSFX0\loadercontrol.xml
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 09:18:33 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_66f39ad995474166\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/02 08:23:09 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_66e5ca0f95521152\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:04:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/18 17:22:27 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_66ff46fd953e6c5c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:28:57 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:41:11 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_66b5981d957562a1\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 07:26:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_66fe4899953f502c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 08:39:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_673e58b0ae93bb84\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 20:46:36 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_6787e564ae5ceff6\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:26:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:36:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_67316604ae9dcf7e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 16:12:39 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_677d175eae65090e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 09:04:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_68daf829926cc6a9\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 08:44:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:21:03 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 20:38:32 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_68c05c919281774d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:38:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 09:00:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_695ac552ab919bbb\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 08:40:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_694ff566ab99b7ac\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 20:09:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_6907efc6abd0db81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 07:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/07/08 07:11:20 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_692597a0abb965cc\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2010/01/01 03:12:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010/01/01 03:12:51 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2010/01/01 03:12:51 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2010/01/01 03:12:51 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2010/01/01 03:12:51 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2013/03/20 00:21:19 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2013/03/20 00:21:19 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2013/03/20 00:21:20 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2013/03/20 00:21:20 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2013/03/20 00:21:20 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2010/01/01 03:08:27 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009/07/14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011/02/05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011/02/05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010/11/20 06:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/02/05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/02/05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 08:22:35 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/02 07:45:50 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/18 13:09:17 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:45:38 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:56:23 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:43:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 19:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 08:13:36 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:47:28 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:15:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 19:32:13 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 09:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 08:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 19:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/07/08 06:59:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_0d06fc1cf35bf496\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\sources\boot.wim:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\PartitionDeploy.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\imagex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\CrePar.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\createPartition_One.CMD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\createPartition.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\MGHWCTRL.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\imagex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\fonts\wgl4_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\fonts\kor_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\fonts\jpn_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\fonts\cht_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\fonts\chs_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\bcd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\EFI\boot\bootx64.efi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\dvdRecovery3.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\dvdRecovery2.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\dvdRecovery1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\bootmgr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\bootmgr.efi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\boot\fonts\wgl4_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\boot\fonts\kor_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\boot\fonts\jpn_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\boot\fonts\cht_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\boot\fonts\chs_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\boot\etfsboot.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\boot\efisys_noprompt.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\boot\efisys.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\boot\bootfix.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\boot\boot.sdi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERYCD_ISO\boot\bcd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERY\oscdimg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERY\MGHWCTRL.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERY\imagex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\RE_DRIVE\RECOVERY\etfsboot.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\SYSTEM32\OOBE\OEM\MSI_100070.XRM-MS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\sources\boot.wim:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\PartitionDeploy.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\imagex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\CrePar.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\createPartition_One.CMD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\createPartition.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\MGHWCTRL.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\imagex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\fonts\wgl4_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\fonts\kor_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\fonts\jpn_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\fonts\cht_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\fonts\chs_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\EFI\microsoft\boot\bcd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\EFI\boot\bootx64.efi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\dvdRecovery3.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\dvdRecovery2.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\dvdRecovery1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\bootmgr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\bootmgr.efi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\boot\fonts\wgl4_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\boot\fonts\kor_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\boot\fonts\jpn_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\boot\fonts\cht_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\boot\fonts\chs_boot.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\boot\etfsboot.com:KAVICHS

[MaxDJs]

@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\boot\efisys_noprompt.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\boot\efisys.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\boot\bootfix.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\boot\boot.sdi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\boot\bcd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERY\oscdimg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERY\MGHWCTRL.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERY\imagex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERY\etfsboot.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\windows\ConfigSetRoot\$oem$\$$\CSUP.TXT:KAVICHS

< End of report >

[vyosek]

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
  IE:64bit: - HKLM\..\SearchScopes\{68B47D61-6234-4655-889C-96CF8EAC7525}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
  IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  IE - HKLM\..\SearchScopes,DefaultScope =
  IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
  IE - HKLM\..\SearchScopes\{EDB93DF2-AA84-440E-8C66-78C280F165DC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
  IE - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
  IE - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://centrum.cz/
  IE - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
  IE - HKU\S-1-5-21-3670149237-692383297-1956020581-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_csCZ441
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
  O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
  O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O1364bit: - gopher Prefix: missing
  O13 - gopher Prefix: missing
  O18:64bit: - Protocol\Handler\livecall - No CLSID value found
  O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
  O18:64bit: - Protocol\Handler\msnim - No CLSID value found
  O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
  O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  O33 - MountPoints2\{da2b8fdd-4e37-11e1-9fa6-406186ca71b7}\Shell - "" = AutoRun
  O33 - MountPoints2\{da2b8fe3-4e37-11e1-9fa6-406186ca71b7}\Shell - "" = AutoRun
  [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
  [14 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
  [22 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
  [22 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
  [1 C:\windows\Temp\Google Toolbar\*.tmp files -> C:\windows\Temp\Google Toolbar\*.tmp -> ]
  [2013/09/26 20:18:00 | 000,000,914 | ---- | M] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
  [2013/09/26 19:46:21 | 000,000,944 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  [2013/09/26 20:31:00 | 000,000,948 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "SunJavaUpdateSched"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "swg"=-
  "ICQ"=-
  "uTorrent"=-
  "TomTomHOME.exe"=-
  
  :files
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[MaxDJs]

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{68B47D61-6234-4655-889C-96CF8EAC7525}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68B47D61-6234-4655-889C-96CF8EAC7525}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDB93DF2-AA84-440E-8C66-78C280F165DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDB93DF2-AA84-440E-8C66-78C280F165DC}\ not found.
HKU\S-1-5-21-3670149237-692383297-1956020581-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3670149237-692383297-1956020581-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-3670149237-692383297-1956020581-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3670149237-692383297-1956020581-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da2b8fdd-4e37-11e1-9fa6-406186ca71b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da2b8fdd-4e37-11e1-9fa6-406186ca71b7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da2b8fe3-4e37-11e1-9fa6-406186ca71b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da2b8fe3-4e37-11e1-9fa6-406186ca71b7}\ not found.
C:\windows\silentOnce.tmp deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1056.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP177C.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EB5.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EC5.tmp\Microsoft.Build.Engine.dll deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EC5.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D0F.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP71DB.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7769.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP78BC.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7FAF.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP88E1.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAFF9.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDC40.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEFA6.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP12FA.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP23F6.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2D8F.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP34D8.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP49A2.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP52F7.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP695E.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6D60.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6F39.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7CB5.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP924E.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP973.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9CB8.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPBDA0.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDBD1.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEF7B.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF26F.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF78.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF8BB.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF9C1.tmp folder deleted successfully.
C:\windows\Temp\5A09.tmp deleted successfully.
C:\windows\Temp\DMI2625.tmp deleted successfully.
C:\windows\Temp\DMI473C.tmp deleted successfully.
C:\windows\Temp\DMI6132.tmp deleted successfully.
C:\windows\Temp\DMI6D86.tmp deleted successfully.
C:\windows\Temp\DMIB5D6.tmp deleted successfully.
C:\windows\Temp\DMIDAE3.tmp deleted successfully.
C:\windows\Temp\IE7E26.tmp\Windows6.1-KB2533623-x64.cab deleted successfully.
C:\windows\Temp\IE7E26.tmp folder deleted successfully.
C:\windows\Temp\JETC15C.tmp deleted successfully.
C:\windows\Temp\SEPD073.tmp deleted successfully.
C:\windows\Temp\TS_58C4.tmp deleted successfully.
C:\windows\Temp\TS_60D1.tmp deleted successfully.
C:\windows\Temp\TS_6E1E.tmp deleted successfully.
C:\windows\Temp\TS_72EF.tmp deleted successfully.
C:\windows\Temp\TS_74C7.tmp deleted successfully.
C:\windows\Temp\TS_7CA8.tmp deleted successfully.
C:\windows\Temp\TS_80EE.tmp deleted successfully.
C:\windows\Temp\TS_9DCE.tmp deleted successfully.
C:\windows\Temp\TS_A948.tmp deleted successfully.
C:\windows\Temp\TS_C71A.tmp deleted successfully.
C:\windows\Temp\TS_CC7A.tmp deleted successfully.
C:\windows\Temp\UDD3EC4.tmp deleted successfully.
C:\windows\Temp\Google Toolbar\gt52A0.tmp deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TomTomHOME.exe deleted successfully.
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: okay
->Temp folder emptied: 371869075 bytes
->Temporary Internet Files folder emptied: 3544935101 bytes
->Java cache emptied: 13312 bytes
->Google Chrome cache emptied: 819568 bytes
->Opera cache emptied: 31303469 bytes
->Flash cache emptied: 83156 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 773464262 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321725 bytes
RecycleBin emptied: 11872056 bytes

Total Files Cleaned = 4,555.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: okay
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: okay
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09282013_174630

Files\Folders moved on Reboot...
C:\Users\okay\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\okay\AppData\Local\Temp\~DF07D261CE1DE98192.TMP not found!
File\Folder C:\Users\okay\AppData\Local\Temp\~DF09D781225DA33CDC.TMP not found!
File\Folder C:\Users\okay\AppData\Local\Temp\~DF164C0FF822F0B039.TMP not found!
File\Folder C:\Users\okay\AppData\Local\Temp\~DF752F7C62182FA1A7.TMP not found!
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VXN3JZDC\0[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VXN3JZDC\blesk_cz[2].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QTNL24O0\seznam_cz[6].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODV85V23\2856-vanocni-stromecek[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODV85V23\969845685[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODV85V23\Citroen-C5[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODV85V23\xd_arbiter[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MLVKT9MW\delivery[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MLVKT9MW\idnes_cz[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9Y142IK\delivery[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FPYF7NL9\like_box[2].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FPYF7NL9\zrt_lookup[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FBI3HKSM\likeCAW633Q4.htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FBI3HKSM\lsget[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FBI3HKSM\trget[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FBI3HKSM\xd_arbiter[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\67GEPQI0\0[3].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\67GEPQI0\ads[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\67GEPQI0\d=1[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1SZGZ8K4\push[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0ERQGXMR\ads[1].htm moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0ERQGXMR\chat_message_52df20dbc4522c398abba5d0b6377131[1].dat moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0ERQGXMR\tablet-gothic-compressed-bold[1].eot moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0ERQGXMR\tablet_gothic_condensed-bold-webfont2[1].eot moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\okay\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[vyosek]

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse