VIRY.CZ

Ahoj,
PC je nějaké pomalé, zde jsou logy:

ComboFix 13-10-04.02 - Radek a Hanka 06.10.2013 20:58:10.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.1112 [GMT 2:00]
Spuštěný z: c:\users\Radek a Hanka\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-06 do 2013-10-06 )))))))))))))))))))))))))))))))
.
.
2013-10-06 19:05 . 2013-10-06 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-06 19:05 . 2013-10-06 19:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-10-06 14:55 . 2013-10-06 14:55 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-10-06 14:54 . 2013-10-06 14:55 -------- d-----w- c:\program files\My Dell
2013-10-06 14:42 . 2013-10-06 14:42 -------- d-----w- c:\programdata\Auslogics
2013-10-06 11:46 . 2013-09-15 22:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A996358-3EF3-42E4-9EF0-E35A3118413F}\mpengine.dll
2013-10-06 11:01 . 2013-10-06 11:01 615936 ----a-w- c:\windows\AutoKMS.exe
2013-10-04 15:01 . 2013-10-04 15:01 -------- d-----w- c:\programdata\DivoGames
2013-10-04 15:00 . 2013-10-04 15:01 -------- d-----w- c:\program files (x86)\Poklady starověké sluje
2013-09-30 20:41 . 2013-09-30 20:41 -------- d-----w- C:\dell
2013-09-30 13:09 . 2013-09-30 13:09 -------- d-----w- c:\users\Radek a Hanka\AppData\Roaming\Malwarebytes
2013-09-30 13:08 . 2013-09-30 13:08 -------- d-----w- c:\programdata\Malwarebytes
2013-09-30 12:53 . 2013-09-30 12:53 -------- d-----w- c:\users\Radek a Hanka\AppData\Roaming\SUPERAntiSpyware.com
2013-09-20 14:31 . 2013-10-06 14:19 -------- d-----w- c:\users\Radek a Hanka\AppData\Local\Diagnostics
2013-09-19 17:42 . 2013-09-19 17:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-19 17:42 . 2013-09-19 17:42 -------- d-----w- c:\programdata\Oracle
2013-09-19 17:41 . 2013-09-19 17:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-19 17:41 . 2013-09-19 17:41 -------- d-----w- c:\program files (x86)\Java
2013-09-09 10:42 . 2013-09-09 10:42 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2013-09-09 08:42 . 2013-10-06 14:46 -------- d-----w- c:\program files (x86)\Return to Castle Wolfenstein
2013-09-09 08:41 . 2001-06-19 15:53 266293 ----a-w- c:\windows\SysWow64\temp.001
2013-09-09 08:40 . 2001-06-19 15:53 266293 ----a-w- c:\windows\SysWow64\temp.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 17:41 . 2013-05-08 11:35 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-19 17:41 . 2013-05-08 11:35 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-10 19:15 . 2013-05-07 22:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-10 19:15 . 2013-05-07 22:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-30 07:48 . 2013-05-07 22:07 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-05-07 22:07 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-05-07 22:07 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-05-07 22:07 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-05-07 22:07 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-05-07 22:07 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-05-07 22:07 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-05-07 22:07 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-05-07 22:07 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-05-07 22:07 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-07 02:22 . 2013-05-07 22:15 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-07-22 09:32 . 2013-07-22 09:32 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-22 09:32 . 2013-07-22 09:32 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-07-22 09:32 . 2013-07-22 09:32 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-07-22 09:32 . 2013-07-22 09:32 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-22 09:32 . 2013-07-22 09:32 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-22 09:32 . 2013-07-22 09:32 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-07-22 09:32 . 2013-07-22 09:32 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-07-22 09:32 . 2013-07-22 09:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-07-22 09:32 . 2013-07-22 09:32 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-07-22 09:32 . 2013-07-22 09:32 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-07-22 09:32 . 2013-07-22 09:32 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-07-22 09:32 . 2013-07-22 09:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-07-22 09:32 . 2013-07-22 09:32 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-07-22 09:32 . 2013-07-22 09:32 222208 ----a-w- c:\windows\system32\msls31.dll
2013-07-22 09:32 . 2013-07-22 09:32 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-07-22 09:32 . 2013-07-22 09:32 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-07-22 09:32 . 2013-07-22 09:32 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-07-22 09:32 . 2013-07-22 09:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-07-22 09:32 . 2013-07-22 09:32 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-07-22 09:32 . 2013-07-22 09:32 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-07-22 09:32 . 2013-07-22 09:32 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-07-22 09:32 . 2013-07-22 09:32 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-07-22 09:32 . 2013-07-22 09:32 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-07-22 09:32 . 2013-07-22 09:32 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-07-22 09:32 . 2013-07-22 09:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-07-22 09:32 . 2013-07-22 09:32 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-07-22 09:32 . 2013-07-22 09:32 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-07-22 09:32 . 2013-07-22 09:32 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-22 09:32 . 2013-07-22 09:32 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-07-22 09:32 . 2013-07-22 09:32 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-07-22 09:32 . 2013-07-22 09:32 82432 ----a-w- c:\windows\system32\icardie.dll
2013-07-22 09:32 . 2013-07-22 09:32 816640 ----a-w- c:\windows\system32\jscript.dll
2013-07-22 09:32 . 2013-07-22 09:32 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-07-22 09:32 . 2013-07-22 09:32 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-07-22 09:32 . 2013-07-22 09:32 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-07-22 09:32 . 2013-07-22 09:32 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-07-22 09:32 . 2013-07-22 09:32 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-07-22 09:32 . 2013-07-22 09:32 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-07-22 09:32 . 2013-07-22 09:32 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-07-22 09:32 . 2013-07-22 09:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-22 09:32 . 2013-07-22 09:32 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-07-22 09:32 . 2013-07-22 09:32 448512 ----a-w- c:\windows\system32\html.iec
2013-07-22 09:32 . 2013-07-22 09:32 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-07-22 09:32 . 2013-07-22 09:32 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-07-22 09:32 . 2013-07-22 09:32 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-07-22 09:32 . 2013-07-22 09:32 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-22 09:32 . 2013-07-22 09:32 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-07-22 09:32 . 2013-07-22 09:32 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-07-22 09:32 . 2013-07-22 09:32 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-07-22 09:32 . 2013-07-22 09:32 248320 ----a-w- c:\windows\system32\ieui.dll
2013-07-22 09:32 . 2013-07-22 09:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-22 09:32 . 2013-07-22 09:32 237056 ----a-w- c:\windows\system32\url.dll
2013-07-22 09:32 . 2013-07-22 09:32 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-22 09:32 . 2013-07-22 09:32 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-07-22 09:32 . 2013-07-22 09:32 197120 ----a-w- c:\windows\system32\msrating.dll
2013-07-22 09:32 . 2013-07-22 09:32 17829376 ----a-w- c:\windows\system32\mshtml.dll
2013-07-22 09:32 . 2013-07-22 09:32 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-22 09:32 . 2013-07-22 09:32 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-07-22 09:32 . 2013-07-22 09:32 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-07-22 09:32 . 2013-07-22 09:32 160256 ----a-w- c:\windows\system32\wextract.exe
2013-07-22 09:32 . 2013-07-22 09:32 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-07-22 09:32 . 2013-07-22 09:32 149504 ----a-w- c:\windows\system32\occache.dll
2013-07-22 09:32 . 2013-07-22 09:32 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-22 09:32 . 2013-07-22 09:32 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-07-22 09:32 . 2013-07-22 09:32 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-22 09:32 . 2013-07-22 09:32 12288 ----a-w- c:\windows\system32\mshta.exe
2013-07-22 09:32 . 2013-07-22 09:32 114176 ----a-w- c:\windows\system32\admparse.dll
2013-07-22 09:32 . 2013-07-22 09:32 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-22 09:32 . 2013-07-22 09:32 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-07-22 09:32 . 2013-07-22 09:32 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-07-22 09:32 . 2013-07-22 09:32 103936 ----a-w- c:\windows\system32\inseng.dll
2013-07-22 09:30 . 2013-07-22 09:30 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-07-22 09:30 . 2013-07-22 09:30 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-07-22 09:30 . 2013-07-22 09:30 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-22 09:30 . 2013-07-22 09:30 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-22 09:30 . 2013-07-22 09:30 144384 ----a-w- c:\windows\system32\cdd.dll
2013-07-22 09:30 . 2013-07-22 09:30 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-22 09:30 . 2013-07-22 09:30 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-22 09:30 . 2013-07-22 09:30 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-07-22 09:30 . 2013-07-22 09:30 4068864 ----a-w- c:\windows\system32\mf.dll
2013-07-22 09:30 . 2013-07-22 09:30 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2013-07-22 09:30 . 2013-07-22 09:30 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-07-22 09:30 . 2013-07-22 09:30 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-07-22 09:30 . 2013-07-22 09:30 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2013-07-22 09:30 . 2013-07-22 09:30 206848 ----a-w- c:\windows\system32\mfps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Seznam Postak"="c:\program files (x86)\Seznam.cz\postak.exe" [2010-10-06 488728]
"cz.seznam.software.autoupdate"="c:\users\Radek a Hanka\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-03-21 1061960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-05 18:47 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-07 19:15]
.
2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07 22:31]
.
2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07 22:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"AutoKMS"="c:\windows\AutoKMS.exe" [2013-10-06 615936]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=12
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 91.217.52.2 91.217.52.3
FF - ProfilePath - c:\users\Radek a Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\elcv2g3b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-10-06 21:08:46
ComboFix-quarantined-files.txt 2013-10-06 19:08
.
Před spuštěním: Volných bajtů: 77 030 936 576
Po spuštění: Volných bajtů: 81 980 948 480
.
- - End Of File - - 4DC7C5D9E2D851860FE99093C582DAFC
A36C5E4F47E84449FF07ED3517B43A31

Logfile of random's system information tool 1.09 (written by random/random)
Run by Radek a Hanka at 2013-10-06 21:11:41
Microsoft Windows 7 Ultimate
System drive C: has 79 GB (51%) free of 153 GB
Total RAM: 2046 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:20:21, on 6.10.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\trend micro\Radek a Hanka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\core.3.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files (x86)\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8485 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Ati2evxx.exe -Client
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Windows\PixArt\PAC7302\Monitor.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
notepad.exe "C:\Users\RADEKA~1\AppData\Local\Temp\log.txt"
C:\Windows\explorer.exe
"C:\Users\Radek a Hanka\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Radek a Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\elcv2g3b.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Users\Radek a Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\elcv2g3b.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30 245592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-19 462248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-19 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files (x86)\Seznam.cz\core.3.dll [2010-10-06 1164568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30 245592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2007-12-10 323584]
"AutoKMS"=C:\Windows\AutoKMS.exe [2013-10-06 615936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21 19875432]
"Seznam Postak"=C:\Program Files (x86)\Seznam.cz\postak.exe [2010-10-06 488728]
"cz.seznam.software.autoupdate"=C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2013-05-29 449248]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-03-21 1061960]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-10-06 21:11:41 ----D---- C:\rsit
2013-10-06 21:11:41 ----D---- C:\Program Files\trend micro
2013-10-06 21:08:49 ----D---- C:\Windows\temp
2013-10-06 21:08:47 ----A---- C:\ComboFix.txt
2013-10-06 20:59:47 ----D---- C:\$RECYCLE.BIN
2013-10-06 20:56:39 ----D---- C:\ComboFix
2013-10-06 20:53:36 ----A---- C:\Windows\zip.exe
2013-10-06 20:53:36 ----A---- C:\Windows\SWSC.exe
2013-10-06 20:53:36 ----A---- C:\Windows\SWREG.exe
2013-10-06 20:53:36 ----A---- C:\Windows\sed.exe
2013-10-06 20:53:36 ----A---- C:\Windows\PEV.exe
2013-10-06 20:53:36 ----A---- C:\Windows\NIRCMD.exe
2013-10-06 20:53:36 ----A---- C:\Windows\MBR.exe
2013-10-06 20:53:36 ----A---- C:\Windows\grep.exe
2013-10-06 20:52:08 ----D---- C:\Qoobox
2013-10-06 20:51:19 ----D---- C:\Windows\erdnt
2013-10-06 16:55:25 ----D---- C:\ProgramData\PC-Doctor for Windows
2013-10-06 16:54:24 ----D---- C:\Program Files\My Dell
2013-10-06 16:42:36 ----D---- C:\ProgramData\Auslogics
2013-10-06 13:01:32 ----A---- C:\Windows\AutoKMS.ini
2013-10-06 13:01:32 ----A---- C:\Windows\AutoKMS.exe
2013-10-04 17:01:08 ----D---- C:\ProgramData\DivoGames
2013-10-04 17:00:57 ----D---- C:\Program Files (x86)\Poklady starověké sluje
2013-09-30 22:41:26 ----D---- C:\dell
2013-09-30 16:37:42 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-09-30 15:09:11 ----D---- C:\Users\Radek a Hanka\AppData\Roaming\Malwarebytes
2013-09-30 15:08:51 ----D---- C:\ProgramData\Malwarebytes
2013-09-30 14:53:50 ----D---- C:\Users\Radek a Hanka\AppData\Roaming\SUPERAntiSpyware.com
2013-09-19 19:42:09 ----D---- C:\ProgramData\Oracle
2013-09-19 19:41:47 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-09-19 19:41:38 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-09-19 19:41:38 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-09-19 19:41:38 ----A---- C:\Windows\SYSWOW64\java.exe
2013-09-19 19:41:29 ----D---- C:\Program Files (x86)\Java
2013-09-09 12:42:43 ----D---- C:\Program Files\Return to Castle Wolfenstein
2013-09-09 10:42:10 ----D---- C:\Program Files (x86)\Return to Castle Wolfenstein
2013-09-09 10:39:30 ----A---- C:\Windows\Rtcw.INI

======List of files/folders modified in the last 1 month======

2013-10-06 21:14:49 ----D---- C:\Users\Radek a Hanka\AppData\Roaming\Skype
2013-10-06 21:11:41 ----RD---- C:\Program Files
2013-10-06 21:08:49 ----D---- C:\Windows
2013-10-06 21:05:49 ----A---- C:\Windows\system.ini
2013-10-06 21:01:57 ----D---- C:\Windows\SYSWOW64\drivers
2013-10-06 21:01:57 ----D---- C:\Windows\SysWOW64
2013-10-06 21:01:57 ----D---- C:\Windows\AppPatch
2013-10-06 21:01:55 ----D---- C:\Program Files (x86)\Common Files
2013-10-06 20:52:14 ----D---- C:\Windows\system32\drivers
2013-10-06 20:10:37 ----D---- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz
2013-10-06 16:58:37 ----RD---- C:\Program Files (x86)
2013-10-06 16:55:37 ----D---- C:\Windows\system32\Tasks
2013-10-06 16:55:25 ----D---- C:\ProgramData
2013-10-06 16:55:25 ----D---- C:\Program Files\Dell Support Center
2013-10-06 16:54:20 ----D---- C:\ProgramData\PCDr
2013-10-06 16:52:12 ----D---- C:\Windows\Prefetch
2013-10-06 16:46:20 ----SHD---- C:\Windows\Installer
2013-10-06 16:46:02 ----D---- C:\Config.Msi
2013-10-06 16:45:50 ----D---- C:\Windows\Tasks
2013-10-06 16:44:44 ----D---- C:\Windows\system32\LogFiles
2013-10-06 16:35:07 ----SHD---- C:\System Volume Information
2013-10-06 15:29:49 ----D---- C:\Windows\system32\config
2013-10-06 13:42:44 ----D---- C:\Windows\inf
2013-10-06 12:57:40 ----D---- C:\ProgramData\Microsoft Help
2013-10-06 12:02:29 ----D---- C:\Windows\System32
2013-10-06 12:02:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-09-30 22:36:54 ----D---- C:\Users\Radek a Hanka\AppData\Roaming\vlc
2013-09-30 20:03:56 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-30 20:03:18 ----D---- C:\Windows\system32\catroot
2013-09-30 16:29:54 ----D---- C:\Windows\system32\DriverStore
2013-09-30 13:11:46 ----D---- C:\Program Files\CCleaner
2013-09-29 20:05:20 ----D---- C:\Windows\system32\catroot2
2013-09-23 16:30:33 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-09-21 13:02:01 ----D---- C:\Windows\debug
2013-09-21 08:37:36 ----D---- C:\Windows\system32\wdi
2013-09-20 16:31:39 ----D---- C:\Windows\system32\NDF
2013-09-20 14:49:22 ----D---- C:\Windows\Logs
2013-09-20 14:24:09 ----SD---- C:\ProgramData\Microsoft
2013-09-19 19:41:30 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2013-09-19 19:41:30 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2013-09-11 00:16:32 ----D---- C:\Users\Radek a Hanka\AppData\Roaming\DAEMON Tools Lite
2013-09-10 22:08:58 ----D---- C:\Program Files\WinRAR
2013-09-10 21:15:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-09-10 17:30:26 ----SD---- C:\Users\Radek a Hanka\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-08-30 65336]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-08-30 204880]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-08-30 72016]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-08-30 1030952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-08-30 378944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-08-30 64288]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-08-30 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-08-30 80816]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 5352960]
R3 PAC7302;Eye 312; C:\Windows\system32\DRIVERS\PAC7302.SYS [2009-04-28 532480]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 tap0901;avast! SecureLine TAP Adapter; C:\Windows\system32\DRIVERS\tap0901.sys [2013-04-30 40616]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUSB;Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 952320]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-04-23 3574624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-30 118680]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:24:23, on 6.10.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Radek a Hanka\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\core.3.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files (x86)\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8538 bytes

Zdravim

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna.

:arrow:Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Dobrý den,
omlouvám se, byl jsem na služebce.

1. Kupoval jsem ho i s PC, měl by být, dle systému je aktivován a stahuji cca. každých 14 dní aktualizace a bez problému

2. Omlouvám se, ale ne.

3. Díky za upozornění

Mohu případně na Váš podnět vložit nový log.

Děkuji

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

OTL logfile created on: 14.10.2013 17:05:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Radek a Hanka\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,58% Memory free
4,00 Gb Paging File | 2,56 Gb Available in Paging File | 64,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,00 Gb Total Space | 77,36 Gb Free Space | 51,92% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,49 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Drive E: | 303,19 Gb Total Space | 242,51 Gb Free Space | 79,99% Space Free | Partition Type: NTFS
Drive H: | 292,87 Gb Total Space | 247,38 Gb Free Space | 84,47% Space Free | Partition Type: NTFS

Computer Name: HERMANOVI-PC | User Name: Radek a Hanka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.10.14 17:03:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Radek a Hanka\Desktop\OTL.exe
PRC - [2013.10.11 19:50:01 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013.10.08 08:46:35 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013.09.30 16:37:55 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.08.30 09:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.08.30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
PRC - [2013.04.03 03:06:08 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2012.09.07 01:46:50 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2010.10.06 16:44:46 | 000,488,728 | ---- | M] () -- C:\Program Files (x86)\Seznam.cz\postak.exe
PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2013.10.11 19:50:00 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013.09.30 16:37:53 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2013.03.29 13:37:34 | 000,059,384 | ---- | M] () -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\22621libfoxloader.dll
MOD - [2013.03.25 16:39:52 | 000,894,968 | ---- | M] () -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
MOD - [2010.10.06 16:44:46 | 000,488,728 | ---- | M] () -- C:\Program Files (x86)\Seznam.cz\postak.exe
MOD - [2010.10.06 16:44:36 | 000,849,176 | ---- | M] () -- C:\Program Files (x86)\Seznam.cz\email.3.dll
MOD - [2010.10.06 16:44:18 | 001,164,568 | ---- | M] () -- C:\Program Files (x86)\Seznam.cz\core.3.dll
MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Services (SafeList) ==========

SRV:64bit: - [2013.08.30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.02.11 07:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.10.11 19:50:01 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.09.30 16:37:54 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.07.25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.02.04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.09.07 01:47:08 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.10.14 00:48:41 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2013.10.06 15:24:47 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\23621188.sys -- (23621188)
DRV:64bit: - [2013.09.04 08:12:58 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2013.08.30 09:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.08.30 09:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.08.30 09:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.08.30 09:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.08.30 09:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.08.30 09:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.08.30 09:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.08.30 09:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.30 10:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.02.11 09:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.28 10:07:54 | 000,532,480 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..\SearchScopes\{0740C4CC-0B1E-4377-ACED-83030FCA8704}: "URL" = http://www.mapy.cz/?query={searchTerms} ... kSearch_12
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..\SearchScopes\{18D94C61-E70F-436A-863E-20FF0DAA1881}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... kSearch_12
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..\SearchScopes\{35C9AE2C-FB9C-4C23-9843-CE710077F2C7}: "URL" = http://encyklopedie.seznam.cz/search?q= ... kSearch_12
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..\SearchScopes\{4DE1B571-E91A-47A2-AFE8-E7EFACACB57B}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... kSearch_12
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..\SearchScopes\{6B417987-C676-4DC0-B09D-D011CA639CFB}: "URL" = http://search.seznam.cz/?q={searchTerms ... kSearch_12
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..\SearchScopes\{AA93DAA6-992B-4F53-9CE9-CDB04908099C}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... kSearch_12
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..\SearchScopes\{AB900EAA-06DE-4FE6-9401-2F0B68DF92D2}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... kSearch_12
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..\SearchScopes\{D95357C7-159C-4B45-BCBD-6AB966D14CBA}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... kSearch_12
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..\SearchScopes\{FCD0A814-5534-4AF6-851C-C0714408954C}: "URL" = http://www.novinky.cz/hledej?w={searchT ... kSearch_12
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: VacuumPlacesImproved%40lultimouomo-gmail.com:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.09.17 07:44:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013.05.09 22:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radek a Hanka\AppData\Roaming\Mozilla\Extensions
[2013.10.10 13:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radek a Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\elcv2g3b.default\extensions
[2013.08.26 23:14:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Radek a Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\elcv2g3b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.06.04 22:57:49 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Users\Radek a Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\elcv2g3b.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2013.04.29 22:24:58 | 000,024,038 | ---- | M] () (No name found) -- C:\Users\Radek a Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\elcv2g3b.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi
[2013.10.10 13:08:48 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Radek a Hanka\AppData\Roaming\Mozilla\Firefox\Profiles\elcv2g3b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.09.30 16:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.09.30 16:37:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.seznam.cz/?clid=12
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Dokumenty Google = C:\Users\Radek a Hanka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\Radek a Hanka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Seznam Li\u0161ti\u010Dka - Email = C:\Users\Radek a Hanka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0\
CHR - Extension: Seznam Li\u0161ti\u010Dka - Slovn\u00EDk = C:\Users\Radek a Hanka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: YouTube = C:\Users\Radek a Hanka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Radek a Hanka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Radek a Hanka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Radek a Hanka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Ukazatel S-Rank) - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\core.3.dll ()
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe ()
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000..\Run: [cz.seznam.software.autoupdate] C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000..\Run: [cz.seznam.software.szndesktop] C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O4 - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000..\Run: [Seznam Postak] C:\Program Files (x86)\Seznam.cz\postak.exe ()
O4 - Startup: C:\Users\Radek a Hanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_23621188.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2179740722-4287397004-2560970013-1000\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.217.52.2 91.217.52.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4CA9858-99B9-44AF-B14E-482408EF8177}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2222FD3-819A-4386-9726-7953750336E2}: DhcpNameServer = 91.217.52.2 91.217.52.3
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.10.14 17:03:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Radek a Hanka\Desktop\OTL.exe
[2013.10.14 00:48:41 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.10.14 00:48:39 | 000,000,000 | ---D | C] -- C:\Users\Radek a Hanka\AppData\Roaming\Spyware Terminator
[2013.10.14 00:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013.10.14 00:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013.10.14 00:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013.10.14 00:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.10.11 19:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.10.11 19:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.10.11 19:38:19 | 000,000,000 | ---D | C] -- C:\Users\Radek a Hanka\AppData\Local\Opera Software
[2013.10.11 19:38:16 | 000,000,000 | ---D | C] -- C:\Users\Radek a Hanka\AppData\Roaming\Opera Software
[2013.10.09 13:15:11 | 017,750,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

========== Files - Modified Within 7 Days ==========

[2013.10.14 17:08:51 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.10.14 17:03:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Radek a Hanka\Desktop\OTL.exe
[2013.10.14 16:51:05 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.10.14 16:14:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.14 12:15:05 | 000,016,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.14 12:15:05 | 000,016,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.14 12:10:07 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.10.14 12:09:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.14 12:09:45 | 1609,015,296 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.14 00:48:41 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.10.14 00:48:38 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.10.14 00:37:49 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013.10.12 14:11:54 | 001,470,062 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.10.12 14:11:54 | 000,631,054 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.10.12 14:11:54 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.10.12 14:11:54 | 000,121,708 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.10.12 14:11:54 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.10.11 19:50:01 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.10.11 19:50:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.10.11 19:42:12 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.10.11 19:38:07 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Opera 17.lnk
[2013.10.09 19:14:47 | 017,750,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

========== Files Created - No Company Name ==========

[2013.10.14 17:08:51 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.10.14 00:48:38 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.10.14 00:37:41 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013.10.11 19:42:12 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.10.11 19:38:09 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Opera 17.lnk
[2013.10.11 19:38:09 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 17.lnk
[2013.10.06 13:01:32 | 000,615,936 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2013.10.06 13:01:32 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013.09.09 10:39:30 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2013.05.23 14:31:30 | 000,000,256 | ---- | C] () -- C:\Users\Radek a Hanka\AppData\Roaming\burnaware.ini
[2013.05.08 19:16:53 | 000,000,291 | ---- | C] () -- C:\Windows\SysWow64\Remover.ini
[2013.05.08 19:16:50 | 000,000,885 | ---- | C] () -- C:\Windows\SysWow64\SP7302.ini
[2013.05.07 23:51:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.09.11 00:16:32 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\DAEMON Tools Lite
[2013.05.08 00:35:31 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Maxthon3
[2013.08.06 22:09:16 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Mobile Action
[2013.05.08 00:31:07 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Opera
[2013.10.11 19:38:16 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Opera Software
[2013.05.10 20:22:49 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\PCDr
[2013.10.14 12:15:50 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz
[2013.10.14 00:48:39 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Spyware Terminator
[2013.05.09 18:43:06 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\TeamViewer

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,592 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.05.08 00:31:20 | 000,000,962 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.08 00:31:21 | 000,000,966 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.05.08 00:46:02 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2013.01.04 07:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\SysNative\drivers\tcpip.sys
[2013.01.04 07:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2013.01.03 07:57:12 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.06.17 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Adobe
[2013.05.08 14:23:05 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\ATI
[2013.09.11 00:16:32 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\DAEMON Tools Lite
[2013.05.10 20:59:53 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Dell
[2013.06.26 21:55:32 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\dvdcss
[2013.05.07 23:57:33 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Identities
[2013.05.08 00:50:40 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Macromedia
[2013.09.30 15:09:11 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Malwarebytes
[2013.05.08 00:35:31 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Maxthon3
[2009.07.14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Media Center Programs
[2013.09.10 17:30:26 | 000,000,000 | --SD | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Microsoft
[2013.08.06 22:09:16 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Mobile Action
[2013.05.08 00:04:40 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Mozilla
[2013.05.09 12:08:50 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\NCH Software
[2013.05.08 00:31:07 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Opera
[2013.10.11 19:38:16 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Opera Software
[2013.05.10 20:22:49 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\PCDr
[2013.10.14 12:15:50 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz
[2013.10.14 17:21:08 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Skype
[2013.10.14 00:48:39 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\Spyware Terminator
[2013.09.30 14:53:50 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\SUPERAntiSpyware.com
[2013.05.09 18:43:06 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\TeamViewer
[2013.10.14 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\vlc
[2013.05.08 00:40:45 | 000,000,000 | ---D | M] -- C:\Users\Radek a Hanka\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2013.05.08 14:19:22 | 000,010,134 | R--- | M] () -- C:\Users\Radek a Hanka\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe
[2013.07.24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Radek a Hanka\AppData\Roaming\PCDr\Update\Rules\145fce7c-5ce6-482b-b5a8-5658018a79f3\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013.07.24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Radek a Hanka\AppData\Roaming\PCDr\Update\Rules\5f34ff35-27ac-4958-8b80-8713fb27c06e\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013.07.24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Radek a Hanka\AppData\Roaming\PCDr\Update\Rules\78dd3d2f-98fd-4cd9-ad94-24bd091115a7\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013.07.24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Radek a Hanka\AppData\Roaming\PCDr\Update\Rules\86e74bcd-9fa9-47a5-b99b-9ad4cde5fa04\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013.07.24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Radek a Hanka\AppData\Roaming\PCDr\Update\Rules\9436938f-bd3a-4ddd-aad8-6bcac26b2314\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2012.07.05 12:51:46 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Radek a Hanka\AppData\Roaming\PCDr\Update\Rules\edaf3639-3b10-456c-b89b-84f1da18f67d\appupdaterrules_dell\AddCertificate.exe
[2013.07.24 20:54:48 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Radek a Hanka\AppData\Roaming\PCDr\Update\Rules\ef2414f5-8b26-42e9-b544-c8cf6cbd8cc3\PCDoctor_6219.34_windows_appupdaterrules_dell\AddCertificate.exe
[2013.05.16 15:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 15:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.16 13:52:34 | 000,055,808 | ---- | M] () -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2013.04.29 12:53:34 | 000,045,560 | ---- | M] () -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013.04.12 10:10:22 | 000,092,664 | ---- | M] () -- C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013.10.14 17:14:01 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.10.14 12:10:07 | 000,000,962 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.10.14 16:51:05 | 000,000,966 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.10.11 19:50:01 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2013.10.11 19:50:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun -- [2013.07.25 08:58:22 | 020,684,656 | R--- | M] (Skype Technologies S.A.)
"Seznam Postak" = "C:\Program Files (x86)\Seznam.cz\postak.exe" -s -- [2010.10.06 16:44:46 | 000,488,728 | ---- | M] ()
"cz.seznam.software.autoupdate" = "C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\szninstall.exe" -c -- [2013.05.16 15:25:04 | 001,062,472 | ---- | M] ()
"cz.seznam.software.szndesktop" = "C:\Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -- [2013.04.12 10:10:22 | 000,092,664 | ---- | M] ()
"Sidebar" = C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE /autoRun -- [2009.07.14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.09.30 16:37:55 | 000,274,840 | ---- | M] (Mozilla Corporation) MD5=A9182CE59CFC56F9C1DDE8B3C0AE8378 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013.07.22 11:32:28 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2013.07.13 23:20:29 | 000,879,456 | ---- | M] (Opera Software) MD5=FFC67949EF7C2BF307ED91B293581DD2 -- C:\Program Files (x86)\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.10.03 08:03:07 | 000,844,752 | ---- | M] (Google Inc.) MD5=0D3745CA2F064F2D6B6388C6AA5D3BC7 -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.10.14 17:08:51 | 000,000,512 | ---- | M] () MD5=1B64A89BD9BF10D10A7885090DB1D477 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2010.03.24 20:12:34 | 000,249,680 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2010.03.24 20:12:34 | 000,018,264 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2013.05.06 03:55:22 | 000,049,976 | ---- | M] () -- \Program Files (x86)\Maxthon\Bin\MxAppLoader.exe
[2013.05.06 03:55:22 | 000,922,424 | ---- | M] () -- \Program Files (x86)\Maxthon\Bin\MxDownloader.dll
[2013.02.19 12:07:28 | 000,030,608 | ---- | M] () -- \Program Files (x86)\Seznam.cz\distribution\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2013.05.16 13:27:36 | 000,001,702 | ---- | M] () -- \Program Files (x86)\Sony Ericsson\Update Engine\licenses\loaderbinarylegal.txt
[2010.03.24 20:35:48 | 000,370,512 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2010.03.24 20:35:48 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2013.08.22 19:01:26 | 000,061,528 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2013.02.20 16:28:38 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2013.02.20 16:28:38 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013.02.20 16:28:38 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2013.02.20 16:28:38 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2013.02.20 16:28:38 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013.02.20 16:28:38 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2013.10.06 21:06:59 | 000,001,511 | ---- | M] () -- \Users\Radek a Hanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\61AFTGUA\AdLoader[1].htm
[2013.10.06 21:35:05 | 000,109,505 | ---- | M] () -- \Users\Radek a Hanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQSADJMG\AdLoader-3ce32d357de39fd9427f374be93bd0ac.min[1].js
[2013.10.11 19:42:53 | 000,000,723 | ---- | M] () -- \Users\Radek a Hanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQSADJMG\downloaderror[1].js
[2013.10.11 19:42:53 | 000,001,174 | ---- | M] () -- \Users\Radek a Hanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQSADJMG\downloader[1].js
[2013.03.29 13:37:34 | 000,059,384 | ---- | M] () -- \Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\22621libfoxloader.dll
[2013.04.15 13:32:10 | 000,060,416 | ---- | M] () -- \Users\Radek a Hanka\AppData\Roaming\Seznam.cz\bin\25253libfoxloader-x64.dll
[2013.06.04 22:58:15 | 000,000,165 | ---- | M] () -- \Users\Radek a Hanka\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.02.19 12:07:28 | 000,030,608 | ---- | M] () -- \Users\Radek a Hanka\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2013.03.25 16:27:20 | 000,000,665 | ---- | M] () -- \Users\Radek a Hanka\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 16:27:26 | 000,000,117 | ---- | M] () -- \Users\Radek a Hanka\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
[2013.01.02 00:46:36 | 000,000,977 | ---- | M] () -- \Users\Radek a Hanka\Desktop\Android 4GB\navigator\log\downloader_130102_004145.log.txt
[2013.01.03 21:22:36 | 000,010,756 | ---- | M] () -- \Users\Radek a Hanka\Desktop\Android 4GB\navigator\log\downloader_130103_211827.log.txt
[2013.01.04 00:35:08 | 000,020,005 | ---- | M] () -- \Users\Radek a Hanka\Desktop\Android 4GB\navigator\log\downloader_130103_212304.log.txt
[2013.01.04 02:39:08 | 000,003,278 | ---- | M] () -- \Users\Radek a Hanka\Desktop\Android 4GB\navigator\log\downloader_130104_023431.log.txt
[2013.01.04 16:31:52 | 000,001,788 | ---- | M] () -- \Users\Radek a Hanka\Desktop\Android 4GB\navigator\log\downloader_130104_160908.log.txt
[2013.01.04 21:49:30 | 000,000,121 | ---- | M] () -- \Users\Radek a Hanka\Desktop\Android 4GB\navigator\log\downloader_130104_214930.log.txt
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:28:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 07:26:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_66fe4899953f502c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:26:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 16:12:39 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_677d175eae65090e\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:38:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 07:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.26 20:40:31 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.26 20:40:31 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.26 20:40:31 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.26 20:40:31 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.26 20:40:31 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2009.07.14 07:37:37 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.14 07:37:37 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009.07.14 07:37:37 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009.07.14 07:37:37 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009.07.14 07:37:37 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2013.07.22 11:16:29 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2013.07.22 11:16:29 | 000,640,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winload.efi_75834aa0
[2013.07.22 11:16:29 | 000,603,976 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winload.exe_75835076
[2013.07.22 11:16:29 | 000,556,928 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winresume.efi_85cd069f
[2013.07.22 11:16:29 | 000,518,160 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.26 20:38:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 04:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

OTL Extras logfile created on: 14.10.2013 17:05:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Radek a Hanka\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,58% Memory free
4,00 Gb Paging File | 2,56 Gb Available in Paging File | 64,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,00 Gb Total Space | 77,36 Gb Free Space | 51,92% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,49 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Drive E: | 303,19 Gb Total Space | 242,51 Gb Free Space | 79,99% Space Free | Partition Type: NTFS
Drive H: | 292,87 Gb Total Space | 247,38 Gb Free Space | 84,47% Space Free | Partition Type: NTFS

Computer Name: HERMANOVI-PC | User Name: Radek a Hanka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2179740722-4287397004-2560970013-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B4D6880-A30A-4476-A713-1395E579BFF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{147E8CCE-B42B-4AAC-B03F-C4956032CEC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1531CBC8-3077-476C-87CE-EECE13F6AB4D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50E74A2D-B705-4A42-85A9-763F37B48B2B}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B7D191E-D2B4-4B4F-A59D-D5C59691B45B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{732DE040-5C89-45AE-AD1B-7FC4A1DC76A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{7564743F-F957-421C-8F76-253EBBF2FB22}" = lport=137 | protocol=17 | dir=in | app=system |
"{76AD6328-C117-4212-86BF-D7073CFFD67F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{887FB17E-F47B-48C3-B193-3ED592D81132}" = lport=139 | protocol=6 | dir=in | app=system |
"{8BB8D9A4-AAA1-47CE-B736-16FC6337D67F}" = rport=139 | protocol=6 | dir=out | app=system |
"{8EA8D770-CB39-457F-9F43-28845C775DB1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{962B3197-D45B-4100-9DEC-A0B704179221}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ACC58603-EEAC-43AD-911B-328225154672}" = lport=138 | protocol=17 | dir=in | app=system |
"{B3370926-B121-47B9-8CA5-58BF6EDD9FA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B6A2210F-F853-48E3-A724-5404BBB8E00F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4195F8A-91F1-4773-B125-E707519F2BB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C713B4CC-7570-4460-94FC-FEE50E2D0851}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D3D634CC-2D41-48A4-B382-F4D16391AA7E}" = rport=138 | protocol=17 | dir=out | app=system |
"{DEF8BE52-3BD5-43BF-AE8B-2BFF744B94EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{E863AEA1-0B76-4C35-98E2-A6FF064728E7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8C8A4E0-6F79-4659-A904-D43C37AD32C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EF035908-06AA-44CF-820A-32A33A0D7C75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F57D9507-C107-4F11-A45F-C80065DB691A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB200F41-BA0D-4D7C-B540-6D047123A6F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05043021-2753-4B05-A860-9DAA811AFC96}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{111E4557-908A-42E8-818A-D8278A3AA0AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{141794E9-236D-4CD7-AB34-903CCCAA357F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{160EF8E2-44CD-4BCB-B8E1-898CCF99FBFA}" = protocol=6 | dir=out | app=system |
"{1A926454-F5CB-4531-9CF8-F47156A9A70B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21A0369B-D637-49FA-8A9D-F5DE126C7B5E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{27F5EB3C-F53B-4026-B8CE-E192FD936C08}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29507141-E088-489B-BF4D-B134B8B25FB3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{2F5915CB-B5A5-4C27-9289-64FDED74F117}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{32E2A322-842F-49EB-AFFF-016D19E635AD}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |
"{3AFA147D-1A57-4CF4-B34F-CC9DADDC61A3}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{3FB85588-16C5-4A22-B728-FE312F4CCE03}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{420AF587-78FB-491B-952C-FED8E1676939}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{446BD638-3597-4D38-A5DB-C961D2073F68}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54B14A34-DE50-4C4E-B7E2-F51F4EE77DFD}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |
"{64D3FB4A-FE22-4AEB-BAFB-7AAFA5892F06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E491288-5F8A-40D4-9D43-F7C9663CB238}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{74BB67D0-9F95-4EF9-9E0E-09929AFBE8C4}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{8288AF6B-36F2-4D27-85D9-17ECFFB439DB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{895C0723-9195-4A78-9531-E2C1FC46274E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8CECAE46-A74E-4A9B-86F6-404CD4191F5C}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |
"{9CB3640A-1C0E-4182-A474-34BF435246B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2DF5C74-83C7-478D-8077-4D1D8C26A48D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC37141C-6E28-42AE-8895-5104A8C52082}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |
"{B6A73BEA-4DD7-4F49-956C-F454A33FEFAE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B9353FBD-3A2B-455B-BBA1-08B25C807AA0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BA0309BC-94B4-4324-A67C-075355DACB7B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{BDAEF0DA-EE3E-42D9-BD33-40562BC65DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C9545A5B-0AF6-4301-9652-3AAE801F4883}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{D3BFBABC-BDA7-4A68-81A5-E8494D68F15C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D65774CB-A1D6-4D34-9B56-E7334B4B6A7E}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{D74CBC8A-4F4C-4686-92B2-E59CD0400830}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD841F54-5B44-4DE7-B4E0-07A8709984FD}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{DD929B29-A697-40E6-A022-ACBE98EC41D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE9E105B-EEB4-4D42-AC4D-194C5BD59B09}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{E0925F16-3178-467F-AD71-57BCD0AD8CE7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7DF9683-1EF3-42C8-B7D5-55F8516331B6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB7CF6BB-77F5-47B2-9705-8F0D8AFB97B5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F76395FB-0814-4341-AD71-CC7F6DE9BB8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FC26DCFF-86C1-47BC-8549-82CF2F8E5D3F}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"TCP Query User{A7DDAC9D-BA5B-48CB-B564-F5BCF0263F5B}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{EAF7DDAB-2096-4189-9DD0-AAF37A85053B}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{0110D2D2-0815-4EA7-9DEF-4F2076574775}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{50A4F7B6-15A5-4525-85EF-FD98C423A169}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2010
"{9D00A8DA-650F-21C6-E787-78756733F15F}" = ATI Catalyst Install Manager
"{E5A509B4-D9B1-4FD9-B3EF-EDB216AA8651}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = My Dell
"WinRAR archiver" = WinRAR 5.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{74F923F2-2B11-4E2E-B638-A1772A9F7B7B}" = Eye 312
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Czech
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.174
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{Poklady starověké sluje}_is1" = Poklady starověké sluje 1.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BurnAware Free_is1" = BurnAware Free 6.2
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"Maxthon3" = Maxthon Cloud Browser
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 24.0 (x86 cs)" = Mozilla Firefox 24.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.16.1860" = Opera 12.16
"Opera 17.0.1241.45" = Opera Stable 17.0.1241.45
"szn-software-postak" = Seznam Pošťák (Všichni uživatelé tohoto počítače.)
"TeamViewer 8" = TeamViewer 8
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2179740722-4287397004-2560970013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7f4182272b52fd8f" = CZShare Manager
"SeznamInstall" = Seznam Software

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6.10.2013 12:19:10 | Computer Name = Hermanovi-PC | Source = EventSystem | ID = 4621
Description =

Error - 6.10.2013 14:56:11 | Computer Name = Hermanovi-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Users\Radek a Hanka\Downloads\esetsmartinstaller_csy.exe
se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku . Verze součásti požadovaná
aplikací je v konfliktu s jinou verzí součásti, která je již aktivní. Konfliktní
součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 6.10.2013 16:38:07 | Computer Name = Hermanovi-PC | Source = Application Hang | ID = 1002
Description = Program TFC.exe verze 3.1.9.0 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: 850 Čas
spuštění: 01cec2d39e8d67f8 Čas ukončení: 0 Cesta k aplikaci: C:\Users\Radek a Hanka\Downloads\TFC.exe

ID
hlášení:

Error - 7.10.2013 5:05:47 | Computer Name = Hermanovi-PC | Source = EventSystem | ID = 4621
Description =

Error - 7.10.2013 10:26:13 | Computer Name = Hermanovi-PC | Source = EventSystem | ID = 4621
Description =

Error - 7.10.2013 14:33:21 | Computer Name = Hermanovi-PC | Source = EventSystem | ID = 4621
Description =

Error - 9.10.2013 1:59:34 | Computer Name = Hermanovi-PC | Source = EventSystem | ID = 4621
Description =

Error - 9.10.2013 21:54:20 | Computer Name = Hermanovi-PC | Source = EventSystem | ID = 4621
Description =

Error - 12.10.2013 14:14:36 | Computer Name = Hermanovi-PC | Source = EventSystem | ID = 4621
Description =

Error - 12.10.2013 22:02:05 | Computer Name = Hermanovi-PC | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 20.7.2013 22:19:50 | Computer Name = RadekaHanka-PC | Source = MCUpdate | ID = 0
Description = 4:19:50 - Chyba při připojování k Internetu 4:19:50 - Nelze kontaktovat
server..

Error - 20.7.2013 22:20:00 | Computer Name = RadekaHanka-PC | Source = MCUpdate | ID = 0
Description = 4:19:55 - Chyba při připojování k Internetu 4:19:55 - Nelze kontaktovat
server..

Error - 20.7.2013 23:21:52 | Computer Name = RadekaHanka-PC | Source = MCUpdate | ID = 0
Description = 5:21:52 - Chyba při připojování k Internetu 5:21:52 - Nelze kontaktovat
server..

Error - 20.7.2013 23:21:58 | Computer Name = RadekaHanka-PC | Source = MCUpdate | ID = 0
Description = 5:21:57 - Chyba při připojování k Internetu 5:21:57 - Nelze kontaktovat
server..

Error - 21.7.2013 0:23:52 | Computer Name = RadekaHanka-PC | Source = MCUpdate | ID = 0
Description = 6:23:52 - Chyba při připojování k Internetu 6:23:52 - Nelze kontaktovat
server..

Error - 21.7.2013 0:23:58 | Computer Name = RadekaHanka-PC | Source = MCUpdate | ID = 0
Description = 6:23:57 - Chyba při připojování k Internetu 6:23:57 - Nelze kontaktovat
server..

Error - 21.7.2013 1:25:52 | Computer Name = RadekaHanka-PC | Source = MCUpdate | ID = 0
Description = 7:25:52 - Chyba při připojování k Internetu 7:25:52 - Nelze kontaktovat
server..

Error - 21.7.2013 1:25:58 | Computer Name = RadekaHanka-PC | Source = MCUpdate | ID = 0
Description = 7:25:57 - Chyba při připojování k Internetu 7:25:57 - Nelze kontaktovat
server..

[ System Events ]
Error - 27.8.2013 16:45:27 | Computer Name = RadekaHanka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk4\DR10.

Error - 27.8.2013 17:02:13 | Computer Name = RadekaHanka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR6.

Error - 27.8.2013 17:02:14 | Computer Name = RadekaHanka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR6.

Error - 27.8.2013 17:02:14 | Computer Name = RadekaHanka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR6.

Error - 27.8.2013 17:02:15 | Computer Name = RadekaHanka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR6.

Error - 27.8.2013 17:02:15 | Computer Name = RadekaHanka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR6.

Error - 28.8.2013 4:49:47 | Computer Name = RadekaHanka-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (10:48:54, ?28.?8.?2013) bylo neočekávané.

Error - 28.8.2013 7:26:01 | Computer Name = RadekaHanka-PC | Source = DCOM | ID = 10005
Description =

Error - 28.8.2013 7:26:01 | Computer Name = RadekaHanka-PC | Source = Service Control Manager | ID = 7038
Description = Služba upnphost se nemohla přihlásit jako NT AUTHORITY\LocalService
s aktuálně konfigurovaným heslem z důvodu následující chyby: %%50 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 28.8.2013 7:26:01 | Computer Name = RadekaHanka-PC | Source = Service Control Manager | ID = 7000
Description = Služba Hostitel zařízení UPnP neuspěla při spuštění v důsledku následující
chyby: %%1069

< End of report >

Ale na Office uz penize nezbyly ze

Hodlate s temi nelegalnimi Office neco delat??

Měl jsem je i s PC, koupil jsem ho na Au*ru.
Ani je tam nepotřebuji, používám je pouze ve firemním noťasu.

Aha, takze on ten nekdo na aukru vyhodil minimalne 8000 za licenci Ultimate, ale dalsi tisic na Office uz nezbylo co

Dale jste psal, ze aktualizace stahujete pravidelne, ale jaksi tam vidim, ze chybi SP1, ze by to bylo tim, ze je potreba overeni pravosti windows...

Uprimne, i nektere radky v logu naznacuji, ze jsou ty windows cinknute a my se tu, dl epravidel fora, nelegalnimi systemy nezabyvame...

Pc mám maximálně měsíc.
Protože mám pomalé připojení, nenechávám stahovat aktualizace pravidelně (zatím pouze jednou, nejsem často doma), strašně mi to brzdilo PC a zpomalovalo připojení.
Koupil jsem ho za 4601,- Kč.
Mě zajímala hlavně funkčnost.

Aha, takze dalsi kousek puzzle do sestavy...Cely PC za 4601 KC a samotne windows vyjdou na 8000...

Funkcnost je hezka vec, ale my se tu dle pravidel fora a mezinarodni charty aliance ASAP nelegalnimi systemy nezabyvame - nepodporuje Sw piratstvi a pachnai trestneho cinu

Je mi lito...

VIRY.CZ

Pomalé PC s WIN 7 Ultimate

Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate

Re: Pomalé PC s WIN 7 Ultimate