VIRY.CZ

Logfile of random's system information tool 1.10 (written by random/random)
Run by Ritter at 2014-09-05 08:08:51
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 15 GB (20%) free of 76 GB
Total RAM: 3582 MB (68% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\ROC_JAN2013_TB_rmv.job - C:\Program Files\AVG Secure Search\PostInstall\ROC.exe --uninstall=1

=========Mozilla firefox=========

ProfilePath - C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.seznam.cz/?sourceid=undefined&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.7]
"Description"=VLC Multimedia Plugin
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\
FasterFox_Lite@BigRedBrent
superstart@enjoyfreeware.org
vb@yandex.ru
video.downloader.plugin@ffpimp.com
yasearch@yandex.ru
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\searchplugins\
yqs-barff-yandex.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Ritter\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-10-19 142288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-20 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-07 13535776]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{FF446808-A1AB-7C1E-DFE3-DE9DEC83B6B3}"=C:\Users\Ritter\AppData\Roaming\Cogus\hebo.exe [2014-09-04 281445]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{FF446808-A1AB-7C1E-DFE3-DE9DEC83B6B3}]
C:\Users\Ritter\AppData\Roaming\Cogus\hebo.exe [2014-09-04 281445]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-09-05 08:03:31 ----D---- C:\rsit
2014-09-05 08:03:31 ----D---- C:\Program Files\trend micro
2014-09-05 08:01:31 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-09-04 21:39:24 ----D---- C:\Users\Ritter\AppData\Roaming\Ygose
2014-09-04 21:39:24 ----D---- C:\Users\Ritter\AppData\Roaming\Cogus
2014-09-04 19:43:01 ----A---- C:\ProgramData\msxspr.exe
2014-08-28 17:48:25 ----A---- C:\Windows\system32\win32k.sys
2014-08-28 17:48:25 ----A---- C:\Windows\system32\gdi32.dll
2014-08-24 14:29:05 ----D---- C:\Users\Ritter\AppData\Roaming\Yandex
2014-08-20 07:32:09 ----D---- C:\Program Files\HTC
2014-08-20 07:32:00 ----D---- C:\Program Files\Common Files\Adobe AIR
2014-08-20 07:27:06 ----D---- C:\Program Files\MyFree Codec
2014-08-20 07:24:23 ----A---- C:\Windows\system32\drivers\ssudmdm.sys
2014-08-20 07:24:23 ----A---- C:\Windows\system32\drivers\ssudbus.sys
2014-08-15 19:04:17 ----D---- C:\Windows\rescache
2014-08-14 22:18:44 ----A---- C:\Windows\system32\infocardapi.dll
2014-08-14 22:18:40 ----A---- C:\Windows\system32\icardres.dll
2014-08-14 22:18:32 ----A---- C:\Windows\system32\icardagt.exe
2014-08-14 22:18:25 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-14 19:57:51 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-14 19:57:50 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2014-08-14 19:57:50 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-14 19:57:50 ----A---- C:\Windows\system32\cdd.dll
2014-08-14 19:57:47 ----A---- C:\Windows\system32\urlmon.dll
2014-08-14 19:57:47 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 19:57:47 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 19:57:47 ----A---- C:\Windows\system32\iernonce.dll
2014-08-14 19:57:47 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-08-14 19:57:47 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-08-14 19:57:47 ----A---- C:\Windows\system32\iedkcs32.dll
2014-08-14 19:57:46 ----A---- C:\Windows\system32\msfeeds.dll
2014-08-14 19:57:46 ----A---- C:\Windows\system32\jsproxy.dll
2014-08-14 19:57:46 ----A---- C:\Windows\system32\ieUnatt.exe
2014-08-14 19:57:46 ----A---- C:\Windows\system32\dxtmsft.dll
2014-08-14 19:57:45 ----A---- C:\Windows\system32\msrating.dll
2014-08-14 19:57:45 ----A---- C:\Windows\system32\ie4uinit.exe
2014-08-14 19:57:44 ----A---- C:\Windows\system32\vbscript.dll
2014-08-14 19:57:44 ----A---- C:\Windows\system32\iesetup.dll
2014-08-14 19:57:44 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 19:57:43 ----A---- C:\Windows\system32\wininet.dll
2014-08-14 19:57:43 ----A---- C:\Windows\system32\ieapfltr.dll
2014-08-14 19:57:42 ----A---- C:\Windows\system32\ieui.dll
2014-08-14 19:57:42 ----A---- C:\Windows\system32\dxtrans.dll
2014-08-14 19:57:41 ----A---- C:\Windows\system32\mshtmled.dll
2014-08-14 19:57:41 ----A---- C:\Windows\system32\ieframe.dll
2014-08-14 19:57:40 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-08-14 19:57:40 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-08-14 19:57:40 ----A---- C:\Windows\system32\iertutil.dll
2014-08-14 19:57:39 ----A---- C:\Windows\system32\jscript9diag.dll
2014-08-14 19:57:39 ----A---- C:\Windows\system32\jscript9.dll
2014-08-14 19:57:38 ----A---- C:\Windows\system32\mshtml.dll
2014-08-14 19:55:27 ----A---- C:\Windows\system32\tzres.dll
2014-08-14 19:55:23 ----A---- C:\Windows\system32\msi.dll
2014-08-14 19:55:23 ----A---- C:\Windows\system32\authui.dll
2014-08-14 19:55:22 ----A---- C:\Windows\system32\msihnd.dll
2014-08-14 19:55:22 ----A---- C:\Windows\system32\consent.exe
2014-08-14 19:55:15 ----A---- C:\Windows\system32\aepdu.dll
2014-08-14 19:55:14 ----A---- C:\Windows\system32\aeinv.dll
2014-08-14 19:55:10 ----A---- C:\Windows\system32\shell32.dll
2014-08-14 19:55:06 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-08-14 19:55:06 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-08-14 19:55:06 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-08-14 19:55:06 ----A---- C:\Windows\system32\KBDRU.DLL
2014-08-14 19:55:06 ----A---- C:\Windows\system32\KBDBASH.DLL

======List of files/folders modified in the last 1 month======

2014-09-05 08:05:38 ----D---- C:\Windows\system32\config
2014-09-05 08:03:31 ----RD---- C:\Program Files
2014-09-05 08:03:19 ----D---- C:\Windows\Temp
2014-09-05 08:03:15 ----D---- C:\Windows\Prefetch
2014-09-05 08:02:47 ----HD---- C:\ProgramData
2014-09-05 08:02:19 ----D---- C:\Windows
2014-09-05 08:01:31 ----D---- C:\Windows\System32
2014-09-04 21:48:55 ----D---- C:\Windows\system32\LogFiles
2014-09-04 21:48:54 ----D---- C:\Windows\inf
2014-09-04 21:44:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-09-04 21:39:48 ----SD---- C:\Users\Ritter\AppData\Roaming\Microsoft
2014-09-04 21:39:24 ----D---- C:\Users\Ritter\AppData\Roaming\WinRAR
2014-09-02 16:43:26 ----SHD---- C:\System Volume Information
2014-08-29 19:27:24 ----D---- C:\Windows\winsxs
2014-08-28 17:47:08 ----D---- C:\Windows\system32\catroot
2014-08-26 07:48:48 ----D---- C:\Users\Ritter\AppData\Roaming\vlc
2014-08-24 14:33:20 ----SHD---- C:\Windows\Installer
2014-08-20 08:55:51 ----D---- C:\Windows\Microsoft.NET
2014-08-20 08:49:03 ----D---- C:\Windows\debug
2014-08-20 08:37:30 ----D---- C:\Windows\system32\DriverStore
2014-08-20 08:27:00 ----D---- C:\Windows\system32\drivers
2014-08-20 07:35:13 ----D---- C:\Windows\system32\Tasks
2014-08-20 07:33:17 ----D---- C:\Windows\system32\catroot2
2014-08-20 07:32:01 ----D---- C:\Users\Ritter\AppData\Roaming\Adobe
2014-08-20 07:32:01 ----D---- C:\ProgramData\Adobe
2014-08-20 07:32:00 ----D---- C:\Program Files\Common Files
2014-08-20 07:32:00 ----D---- C:\Program Files\Adobe
2014-08-20 07:31:30 ----D---- C:\Program Files\MSXML 4.0
2014-08-15 22:12:21 ----D---- C:\Users\Ritter\AppData\Roaming\Canon
2014-08-15 21:33:44 ----D---- C:\Windows\system32\FxsTmp
2014-08-15 10:51:01 ----RSD---- C:\Windows\assembly
2014-08-15 07:18:26 ----D---- C:\Windows\ehome
2014-08-15 07:18:25 ----D---- C:\Windows\system32\cs-CZ
2014-08-15 07:18:25 ----D---- C:\Windows\PolicyDefinitions
2014-08-15 07:18:23 ----D---- C:\Windows\system32\en-US
2014-08-15 07:18:22 ----D---- C:\Program Files\Internet Explorer
2014-08-15 07:18:19 ----SD---- C:\Windows\system32\CompatTel
2014-08-15 07:18:08 ----RSD---- C:\Windows\Fonts
2014-08-14 22:24:10 ----D---- C:\ProgramData\Microsoft Help
2014-08-14 22:23:58 ----D---- C:\Windows\system32\MRT
2014-08-14 22:21:51 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2013-02-05 37344]
R3 NETwLv32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-01-31 47360]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
R3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 dcdbas;System Management Driver; C:\Windows\system32\DRIVERS\dcdbas32.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-06-16 89856]
S3 GemCCID;GemCCID; C:\Windows\system32\DRIVERS\GemCCID.sys [2014-03-14 99840]
S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2012-04-18 15720]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-12-07 23040]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2014-04-11 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2014-04-11 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2014-04-11 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2014-04-11 130248]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-06-16 184192]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-07-09 44032]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2013-02-05 233472]
R2 LPDSVC;@%systemroot%\system32\lpdsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-07-25 108032]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-08-02 119408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-10-27 718384]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-30 1343400]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-07 196608]
S4 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]

-----------------EOF-----------------

Zdravim

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze

no je to legální z multilicence od známého tedy doufám

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*kms* /s
*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

OTL logfile created on: 5.9.2014 9:35:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ritter\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,50 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 72,93% Memory free
6,99 Gb Paging File | 6,05 Gb Available in Paging File | 86,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 14,89 Gb Free Space | 20,01% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 61,63 Mb Free Space | 61,63% Space Free | Partition Type: NTFS
Drive F: | 6,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 14,92 Gb Total Space | 14,81 Gb Free Space | 99,26% Space Free | Partition Type: NTFS

Computer Name: RITTER-PC | User Name: Ritter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014.09.05 09:33:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ritter\Desktop\OTL.exe
PRC - [2014.03.11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014.03.11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014.03.11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013.12.18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.09.13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

========== Modules (No Company Name) ==========

MOD - [2013.09.05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Services (SafeList) ==========

SRV - [2014.08.02 09:37:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.07.25 14:10:12 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014.07.09 16:03:59 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.03.11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014.03.11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.12.19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013.12.18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.01.30 19:40:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dcdbas32.sys -- (dcdbas)
DRV - [2014.06.16 08:01:38 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014.06.16 08:01:38 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2014.04.11 10:39:12 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2014.04.11 10:39:12 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2014.04.11 10:39:12 | 000,130,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2014.04.11 10:39:12 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2014.03.14 13:22:10 | 000,099,840 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GemCCID.sys -- (GemCCID)
DRV - [2014.03.11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2012.12.07 18:27:50 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.07 05:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010.01.05 04:20:10 | 001,500,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009.10.26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.07 16:59:00 | 007,470,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=6826
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\Software\Microsoft\Internet Explorer\SearchURL\fi, = http://www.firmy.cz/phr/%s
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\Software\Microsoft\Internet Explorer\SearchURL\ma, = http://www.mapy.cz/?sourceid=quicksearch_6826&query=%s
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\Software\Microsoft\Internet Explorer\SearchURL\se, = http://search.seznam.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\Software\Microsoft\Internet Explorer\SearchURL\vi, = http://videa.seznam.cz/?q=%s
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\Software\Microsoft\Internet Explorer\SearchURL\zb, = http://www.zbozi.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\..\SearchScopes\{9FC324E2-5550-416D-B042-FB64BBB99FD0}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.seznam.cz/?sourceid=quick ... earchTerms}
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\..\SearchScopes\21681F085E8B170BCE06052790F6EB1D: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\..\SearchScopes\25F42B36B108C12B6FF4B9CE9FAD1636: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\..\SearchScopes\84AB1AE5457F9BB26D9CF094641867DF: "URL" = http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\..\SearchScopes\940F9DD726236E4849E0A0EFEA73854F: "URL" = http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\..\SearchScopes\AC14245950A31B7DD197EE2B8C2E9445: "URL" = http://videa.seznam.cz/?q={searchTerms}
IE - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: FasterFox_Lite%40BigRedBrent:3.9.9Lite
FF - prefs.js..extensions.enabledAddons: %7B8f8fe09b-0bd3-4470-bc1b-8cad42b8203a%7D:0.17
FF - prefs.js..extensions.enabledAddons: superstart%40enjoyfreeware.org:7.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.23
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..keyword.URL: "http://search.seznam.cz/?sourceid=undefined&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.08.02 09:36:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.08.02 09:36:47 | 000,000,000 | ---D | M]

[2011.10.16 12:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Extensions
[2011.10.16 12:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2014.09.04 16:15:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions
[2012.06.19 10:17:45 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2014.08.15 07:21:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.06.04 08:16:46 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2012.09.21 06:41:06 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\FasterFox_Lite@BigRedBrent
[2014.06.24 16:52:18 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\superstart@enjoyfreeware.org
[2014.08.26 20:45:56 | 000,000,000 | ---D | M] (Đ’Ń–Đ·ŃĐ°Đ»ŃŚĐ˝Ń‹ŃŹ Đ·Đ°ĐşĐ»Đ°Đ´ĐşŃ–) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\vb@yandex.ru
[2012.03.27 17:12:50 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\video.downloader.plugin@ffpimp.com
[2014.08.24 14:33:41 | 000,000,000 | ---D | M] (ĐšĐ°ĐĽĐżĐ°Đ˝ĐµĐ˝Ń‚ "ĐĐ»ĐµĐĽĐµĐ˝Ń‚Ń‹ ĐŻĐ˝Đ´ĐµĐşŃĐ°") -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\yasearch@yandex.ru
[2014.08.24 14:28:57 | 000,143,785 | ---- | M] () (No name found) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi
[2014.09.04 16:15:11 | 000,389,786 | ---- | M] () (No name found) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2014.07.23 22:08:23 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.08.24 14:33:44 | 000,002,316 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\searchplugins\yqs-barff-yandex.xml
[2014.08.02 09:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.08.02 09:36:44 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2014.08.02 09:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.08.02 09:37:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.11.20 15:37:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Ritter\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} - No CLSID value found.
O3 - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-890522623-3776059514-3079626165-1001..\RunOnce: [{FF446808-A1AB-7C1E-DFE3-DE9DEC83B6B3}] C:\Users\Ritter\AppData\Roaming\Cogus\hebo.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-890522623-3776059514-3079626165-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DD043EA-909A-411F-94EB-594F2E65BB3E}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72BB8FDE-4C98-40B0-9A62-22DE91680DC2}: DhcpNameServer = 172.22.75.254 89.203.137.249 81.19.34.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABA4FECB-52BD-4B10-AD48-47B8132E6317}: DhcpNameServer = 172.22.75.254 89.203.137.249 81.19.34.2
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.09.10 16:44:06 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ce4df69d-d155-11dd-a418-00217078c253}\Shell - "" = AutoRun
O33 - MountPoints2\{ce4df69d-d155-11dd-a418-00217078c253}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2009.09.23 12:55:24 | 001,373,480 | R--- | M] (U3 LLC)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2014.09.05 09:30:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ritter\Desktop\OTL.exe
[2014.09.05 08:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.09.05 08:03:31 | 000,000,000 | ---D | C] -- C:\rsit
[2014.09.04 21:39:24 | 000,000,000 | ---D | C] -- C:\Users\Ritter\AppData\Roaming\Ygose
[2014.09.04 21:39:24 | 000,000,000 | ---D | C] -- C:\Users\Ritter\AppData\Roaming\Cogus
[2011.01.31 14:28:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ritter\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 7 Days ==========

[2014.09.05 09:36:34 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.09.05 09:33:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ritter\Desktop\OTL.exe
[2014.09.05 09:26:47 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014.09.05 09:25:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.09.05 09:25:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.09.05 08:09:40 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.09.05 08:09:40 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.09.05 08:02:43 | 000,410,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.09.05 08:02:31 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2014.09.05 08:01:25 | 2816,974,848 | -HS- | M] () -- C:\hiberfil.sys
[2014.09.04 21:48:24 | 000,154,112 | -HS- | M] () -- C:\Users\Ritter\msxspr.exe
[2014.09.04 21:44:38 | 000,669,132 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014.09.04 21:44:38 | 000,654,480 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.09.04 21:44:38 | 000,141,760 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014.09.04 21:44:38 | 000,122,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.09.04 10:56:36 | 000,154,112 | ---- | M] () -- C:\ProgramData\msxspr.exe

========== Files Created - No Company Name ==========

[2014.09.05 09:36:34 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.09.05 08:01:31 | 000,410,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.09.04 19:43:01 | 000,154,112 | ---- | C] () -- C:\ProgramData\msxspr.exe
[2014.05.09 09:30:45 | 000,416,522 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2014.02.26 20:38:25 | 009,288,740 | ---- | C] () -- C:\Users\Ritter\prilohy_21649.zip
[2013.10.11 17:07:12 | 000,154,112 | -HS- | C] () -- C:\Users\Ritter\msxspr.exe
[2013.02.14 16:20:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.02.14 16:20:10 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.01.31 16:40:18 | 000,013,824 | ---- | C] () -- C:\Users\Ritter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.31 14:28:41 | 000,081,920 | ---- | C] () -- C:\Users\Ritter\AppData\Roaming\ezpinst.exe
[2011.01.31 14:28:41 | 000,007,176 | ---- | C] () -- C:\Users\Ritter\AppData\Roaming\pcouffin.cat
[2011.01.31 14:28:41 | 000,001,144 | ---- | C] () -- C:\Users\Ritter\AppData\Roaming\pcouffin.inf
[2011.01.31 10:34:17 | 000,007,604 | ---- | C] () -- C:\Users\Ritter\AppData\Local\resmon.resmoncfg
[2011.01.30 22:40:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.30 21:47:29 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.01.30 21:47:23 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.11.09 08:11:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012.11.09 08:11:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012.11.09 08:11:33 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TuneUp Software
[2014.08.15 22:12:21 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Canon
[2014.09.04 22:06:34 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Cogus
[2014.04.07 17:17:16 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\GHISLER
[2012.11.29 09:27:30 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\ICQ
[2014.07.07 18:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\IsolatedStorage
[2011.02.22 22:08:00 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\MP3 Quality Modifier
[2011.09.15 07:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Nokia
[2011.04.15 19:17:34 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Opera
[2013.11.26 21:05:58 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Opera Software
[2011.01.31 14:23:03 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\PC Suite
[2011.10.30 20:09:26 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\QIP
[2012.10.09 11:55:13 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Samsung
[2013.02.04 13:58:18 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Seznam.cz
[2012.05.19 08:11:00 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\SMART Technologies Inc
[2014.08.05 16:07:38 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Solvusoft
[2012.08.28 15:34:58 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Temp
[2011.10.16 12:51:19 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\TomTom
[2012.11.08 08:21:34 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\TuneUp Software
[2011.01.31 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Vso
[2014.02.02 12:35:54 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Wise Registry Cleaner
[2011.08.16 07:01:26 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\xrecode2
[2014.08.24 14:33:53 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Yandex
[2014.09.04 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Ygose
[2014.05.23 17:04:48 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\ZJMedia

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 06:53:46 | 000,032,598 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.12.12 08:57:48 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.01.27 20:27:07 | 000,000,342 | ---- | C] () -- C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.09.29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2012.08.22 19:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013.01.03 07:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2013.01.04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013.07.06 07:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013.07.06 06:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2012.03.30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011.09.29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2013.05.08 08:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2011.09.29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2013.09.07 04:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011.06.21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2012.08.22 19:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2013.01.04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2011.06.21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2013.09.08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2013.05.08 07:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2012.10.03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013.11.26 13:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2011.06.21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012.10.03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012.03.30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys
[2014.04.05 04:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014.03.04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\System32\winlogon.exe
[2014.03.04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014.03.04 12:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

< >

< %systemroot%*.* /U /s >
[18 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[5 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.08.20 07:32:01 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Adobe
[2014.02.09 10:20:29 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Apple Computer
[2014.08.15 22:12:21 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Canon
[2014.09.04 22:06:34 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Cogus
[2013.02.04 14:08:05 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Dell
[2012.11.14 21:08:20 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\dvdcss
[2014.04.07 17:17:16 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\GHISLER
[2012.11.29 09:27:30 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\ICQ
[2008.12.24 02:57:59 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Identities
[2014.07.07 18:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\IsolatedStorage
[2011.01.30 20:21:50 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Macromedia
[2009.07.14 11:20:06 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Media Center Programs
[2014.09.04 21:39:48 | 000,000,000 | --SD | M] -- C:\Users\Ritter\AppData\Roaming\Microsoft
[2011.02.03 16:22:50 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Mozilla
[2011.02.22 22:08:00 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\MP3 Quality Modifier
[2011.01.31 14:51:59 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Nero
[2011.09.15 07:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Nokia
[2011.04.15 19:17:34 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Opera
[2013.11.26 21:05:58 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Opera Software
[2011.01.31 14:23:03 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\PC Suite
[2011.10.30 20:09:26 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\QIP
[2012.10.09 11:55:13 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Samsung
[2012.02.05 21:55:58 | 000,000,000 | RH-D | M] -- C:\Users\Ritter\AppData\Roaming\SecuROM
[2013.02.04 13:58:18 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Seznam.cz
[2014.08.05 16:00:18 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Skype
[2011.05.26 18:53:13 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\skypePM
[2012.05.19 08:11:00 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\SMART Technologies Inc
[2014.08.05 16:07:38 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Solvusoft
[2012.08.28 15:34:58 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Temp
[2011.10.16 12:51:19 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\TomTom
[2012.11.08 08:21:34 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\TuneUp Software
[2011.03.11 16:53:56 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\U3
[2014.08.26 07:48:48 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\vlc
[2011.01.31 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Vso
[2014.09.04 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\WinRAR
[2014.02.02 12:35:54 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Wise Registry Cleaner
[2011.08.16 07:01:26 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\xrecode2
[2014.08.24 14:33:53 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Yandex
[2014.09.04 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\Ygose
[2014.05.23 17:04:48 | 000,000,000 | ---D | M] -- C:\Users\Ritter\AppData\Roaming\ZJMedia

< %APPDATA%\*.exe /s >
[2011.01.31 14:28:42 | 000,081,920 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\ezpinst.exe
[2014.09.04 22:06:35 | 000,281,445 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\Cogus\hebo.exe
[2014.08.20 07:31:54 | 000,054,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Ritter\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.04 08:14:33 | 000,188,152 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\FlashGot.exe
[2011.02.22 22:05:28 | 000,581,120 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\MP3 Quality Modifier\Encoder.exe
[2011.02.22 22:05:28 | 000,296,960 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\MP3 Quality Modifier\Validator.exe
[2012.09.13 15:24:48 | 001,009,288 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\Seznam.cz\szninstall.exe
[2012.09.14 14:06:28 | 002,515,592 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.01.09 12:04:02 | 000,700,416 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\Seznam.cz\bin\chromeUpdatePref.exe
[2013.01.09 12:09:12 | 000,055,808 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2012.12.19 11:59:28 | 001,996,936 | ---- | M] (Seznam.cz a.s.) -- C:\Users\Ritter\AppData\Roaming\Seznam.cz\bin\MiniBrowser.exe
[2012.12.19 12:03:20 | 000,323,752 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\Seznam.cz\bin\postak.exe
[2013.01.22 14:55:12 | 000,456,696 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2012.12.19 10:12:06 | 000,092,296 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
[2009.09.23 14:55:40 | 000,116,008 | ---- | M] (U3 LLC) -- C:\Users\Ritter\AppData\Roaming\U3\temp\cleanup.exe
[2009.09.23 14:55:56 | 003,413,288 | -H-- | M] (SanDisk Corporation) -- C:\Users\Ritter\AppData\Roaming\U3\temp\Launchpad Removal.exe
[2014.09.04 21:39:16 | 000,194,048 | ---- | M] () -- C:\Users\Ritter\AppData\Roaming\WinRAR\sysymvdlp.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014.09.05 09:25:02 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.09.05 08:02:31 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.09.05 08:09:40 | 000,020,704 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.09.05 08:09:40 | 000,020,704 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.09.05 08:02:43 | 000,410,304 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2014.09.04 21:44:38 | 000,141,760 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2014.09.04 21:44:38 | 000,122,352 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014.09.04 21:44:38 | 000,669,132 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2014.09.04 21:44:38 | 000,654,480 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014.09.04 21:44:38 | 001,584,626 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014.08.02 09:37:22 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=10F36FB8CD6218CD7F818268E0F3F9C6 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014.08.01 01:16:35 | 000,812,224 | ---- | M] (Microsoft Corporation) MD5=CDF01A5C7927786A708EAEE91F14797B -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.09.05 09:36:34 | 000,000,512 | ---- | M] () MD5=741D9AFF16CCD304CB716D266BF82D08 -- C:\PhysicalMBR.bin

< >

< *kms* /s >
[2010.07.11 00:28:06 | 000,416,522 | ---- | M] () -- \Windows\AutoKMS.exe
[2010.11.20 14:19:26 | 000,071,168 | ---- | M] () -- \Windows\System32\KMSVC.DLL
[2009.07.14 10:43:17 | 000,002,560 | ---- | M] () -- \Windows\System32\cs-CZ\KMSVC.DLL.MUI
[2014.05.09 09:30:45 | 000,003,174 | ---- | M] () -- \Windows\System32\Tasks\AutoKMS
[2009.07.14 10:42:12 | 000,001,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-n..on-hkmsvc.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_10f9bb656682774a.manifest
[2009.07.14 03:48:47 | 000,008,707 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.1.7600.16385_none_11e6c4bbf79a5e2b.manifest
[2010.11.20 06:03:00 | 000,008,707 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.1.7601.17514_none_1417d883f488e1c5.manifest
[2009.07.14 10:43:17 | 000,002,560 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..on-hkmsvc.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_10f9bb656682774a\KMSVC.DLL.MUI
[2009.07.14 03:15:35 | 000,071,168 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.1.7600.16385_none_11e6c4bbf79a5e2b\KMSVC.DLL
[2010.11.20 14:19:26 | 000,071,168 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.1.7601.17514_none_1417d883f488e1c5\KMSVC.DLL

< *crack* /s >
[2013.07.09 19:36:52 | 000,004,125 | ---- | M] () -- \Users\Ritter\Desktop\SRACKY Z PLOCHY\JDownloader\jd\plugins\hoster\CrackedCom.class

< *keygen* /s >

< *loader* /s >
[2013.03.09 09:17:04 | 000,268,440 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2013.03.09 09:17:04 | 000,019,080 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2010.10.13 00:06:53 | 000,132,096 | ---- | M] () -- \Program Files\Electronic Arts\Medal of Honor\Binaries\loader.dll
[2010.09.02 05:45:20 | 000,065,536 | ---- | M] () -- \Program Files\Electronic Arts\Medal of Honor\Binaries\PhysXLocal\PhysXLoader.dll
[2014.03.31 13:29:24 | 000,067,843 | ---- | M] () -- \Program Files\Kingo Android ROOT\files\unlock-bootloader.png
[2009.05.31 04:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2014.07.25 10:40:40 | 000,069,120 | ---- | M] () -- \Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2012.08.31 02:52:20 | 000,183,736 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2014.04.02 20:13:59 | 000,278,928 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\GT-I8190\BinaryLoaderMgr.exe
[2014.04.02 20:14:06 | 000,280,472 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\GT-I8190\DeviceDownloader.dll
[2012.09.13 20:09:58 | 000,153,512 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\GT-S5570\BinaryLoaderMgr.exe
[2012.09.13 20:09:58 | 000,270,248 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\GT-S5570\FirmwareUpdate.Downloader.dll
[2012.09.23 12:16:23 | 000,183,720 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\GT-S5570I\BinaryLoaderMgr.exe
[2012.09.23 12:16:23 | 000,295,336 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\GT-S5570I\FirmwareUpdate.Downloader.dll
[2012.11.21 08:44:08 | 000,927,704 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\GT-S7562\BinaryLoaderMgr.exe
[2012.11.21 08:44:08 | 000,935,384 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\GT-S7562\DeviceDownloader.dll
[2012.12.19 12:04:16 | 000,030,608 | ---- | M] () -- \Program Files\Seznam.cz\distribution\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2010.02.10 19:10:14 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2014.01.06 11:52:30 | 003,244,032 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
[2014.01.06 11:47:04 | 000,000,702 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_advoptions.fen
[2014.01.06 11:47:04 | 000,000,790 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_debug.fen
[2014.01.06 11:47:04 | 000,000,723 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_download.fen
[2014.01.06 11:47:04 | 000,000,694 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_file_errors.fen
[2014.01.06 11:47:06 | 000,171,541 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_icons.psd
[2014.01.06 11:47:06 | 000,000,634 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_manage_devices.fen
[2014.01.06 11:47:06 | 000,002,283 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_onboard.fen
[2014.01.06 11:47:06 | 000,001,417 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_options.fen
[2014.01.06 11:47:06 | 000,002,109 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_prefs.fen
[2014.01.06 11:47:06 | 000,000,956 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error1.fen
[2014.01.06 11:47:06 | 000,001,080 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error2.fen
[2014.01.06 11:47:06 | 000,001,139 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error_estimate.fen
[2014.01.06 11:47:06 | 000,002,181 | ---- | M] () -- \Users\Guest\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_welcome.fen
[2014.02.26 21:07:38 | 000,071,894 | R--- | M] () -- \Users\Guest\AppData\Roaming\Microsoft\Installer\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}\GPUploader.exe
[2012.01.13 20:46:26 | 000,000,001 | ---- | M] () -- \Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB}\youtubedownloader.lock
[2014.06.23 20:01:44 | 000,011,440 | ---- | M] () -- \Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\superstart@enjoyfreeware.org\modules\Preloader.jsm
[2012.03.17 07:10:14 | 000,050,436 | ---- | M] () -- \Users\Ritter\AppData\Roaming\Mozilla\Firefox\Profiles\7yb533jl.default\extensions\video.downloader.plugin@ffpimp.com\chrome\content\downloader.js
[2012.09.13 15:45:58 | 000,058,424 | ---- | M] () -- \Users\Ritter\AppData\Roaming\Seznam.cz\bin\libfoxloader.dll
[2012.08.07 14:39:12 | 000,000,165 | ---- | M] () -- \Users\Ritter\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2012.12.19 12:04:16 | 000,030,608 | ---- | M] () -- \Users\Ritter\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2012.08.13 19:05:28 | 000,000,235 | ---- | M] () -- \Users\Ritter\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_0_0.install.bat
[2012.08.13 19:05:26 | 000,000,130 | ---- | M] () -- \Users\Ritter\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_0_0.uninstall.bat
[2010.09.23 14:40:24 | 000,214,528 | ---- | M] () -- \Users\Ritter\Desktop\SRACKY Z PLOCHY\JDownloader\JDownloader.exe
[2011.02.22 13:01:10 | 000,593,293 | ---- | M] () -- \Users\Ritter\Desktop\SRACKY Z PLOCHY\JDownloader\JDownloader.jar
[2011.02.22 13:00:30 | 000,000,105 | ---- | M] () -- \Users\Ritter\Desktop\SRACKY Z PLOCHY\JDownloader\jd\img\hosterlogos\uploader.pl.png
[2013.07.09 19:31:28 | 000,011,071 | ---- | M] () -- \Users\Ritter\Desktop\SRACKY Z PLOCHY\JDownloader\jd\plugins\hoster\MyDownloaderNet.class
[2013.07.09 19:31:00 | 000,004,584 | ---- | M] () -- \Users\Ritter\Desktop\SRACKY Z PLOCHY\JDownloader\jd\plugins\hoster\OmpLoaderOrg.class
[2013.07.09 19:29:35 | 000,003,880 | ---- | M] () -- \Users\Ritter\Desktop\SRACKY Z PLOCHY\JDownloader\jd\plugins\hoster\UploaderJp.class
[2013.07.09 19:29:43 | 000,007,073 | ---- | M] () -- \Users\Ritter\Desktop\SRACKY Z PLOCHY\JDownloader\jd\plugins\hoster\UploaderPl.class
[2010.09.23 14:43:08 | 000,032,222 | ---- | M] () -- \Users\Ritter\Desktop\SRACKY Z PLOCHY\JDownloader\licenses\jdownloader.license
[2014.08.20 08:55:35 | 000,188,928 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common4f49951d#\41611f21e72008ce58e08c208ae51dbf\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
[2014.08.20 08:55:35 | 000,001,892 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common4f49951d#\41611f21e72008ce58e08c208ae51dbf\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll.aux
[2010.03.24 21:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2010.03.24 21:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2009.07.14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011.09.16 14:37:48 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2011.02.02 15:35:38 | 000,009,622 | ---- | M] () -- \Windows\System32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
[2014.08.20 07:35:13 | 000,003,594 | ---- | M] () -- \Windows\System32\Tasks\Launch HTC Sync Loader
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 10:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 10:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 10:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2011.03.13 17:31:19 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2011.03.13 17:31:19 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2011.03.13 17:31:19 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 10:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 06:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:22:35 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 07:45:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.18 13:09:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:13:36 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:47:28 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 09:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 08:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 8 bytes -> C:\Users\Ritter\msxspr.exe:650286339
@Alternate Data Stream - 6248 bytes -> C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 20710 bytes -> C:\Users\Ritter\msxspr.exe:1572878109
@Alternate Data Stream - 20710 bytes -> C:\Users\Ritter\msxspr.exe:1258064258

< End of report >

OTL Extras logfile created on: 5.9.2014 9:35:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ritter\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,50 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 72,93% Memory free
6,99 Gb Paging File | 6,05 Gb Available in Paging File | 86,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 14,89 Gb Free Space | 20,01% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 61,63 Mb Free Space | 61,63% Space Free | Partition Type: NTFS
Drive F: | 6,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 14,92 Gb Total Space | 14,81 Gb Free Space | 99,26% Space Free | Partition Type: NTFS

Computer Name: RITTER-PC | User Name: Ritter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{116C7E05-8645-41A1-891E-D2DF74C68BFF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1461D825-C01A-43C6-8E8B-B9D393873ED4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18E299E4-4297-4A40-AA6E-1768EA36109D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{282E3E34-F88E-421A-B51F-10A4B2FA4847}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BAB933E-4D2A-470F-84B8-594128C07046}" = lport=138 | protocol=17 | dir=in | app=system |
"{4EB7996D-BFF6-4054-9F1A-210B1A7BCF27}" = rport=445 | protocol=6 | dir=out | app=system |
"{5DD4D27F-3DC8-42D2-87A6-D2E2AF524CF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{641B6981-7D02-44C9-A1A9-A3652378059A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69665588-D2E0-4A8F-AC14-7EB8314CD499}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C5286A5-92F6-45B6-88F6-FD7D4120F6ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{7339581A-9007-4507-96FE-E1CFC023B03F}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F082CC0-E981-4CF5-9CFA-9375F28F5CDE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8DBC4AAA-1A77-40BD-BA29-1C28A7558CBF}" = lport=139 | protocol=6 | dir=in | app=system |
"{8EF0A876-A3AB-43F9-B3E6-AA79672CBEAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{909A8A96-D363-483B-A5C1-BF15FA03C02F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{914E3271-7CE0-4D64-B5A3-FAEC0484C741}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0A32E21-FE49-441B-A756-74B2A390D5AC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C00F3F88-F458-40D7-B0F9-917928CCA6C0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4D77BC2-FB29-4E1A-AC9A-251581EECCD8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9F76AED-C059-43B1-88FA-A85F740DA692}" = lport=445 | protocol=6 | dir=in | app=system |
"{D515D6DA-3646-47C7-AD7E-B93041C3D5A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{E356EABD-ECF1-464F-9AA1-ADD051C7D060}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5474267-4F2B-4BAF-B5D1-C387904E7038}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B72936-64CC-4852-8231-3C2A7C4DF621}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0AF86A57-087C-4E4F-AB5A-F25DEEAAC918}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2AAB097C-1AFE-4E3D-A697-C983E2926A01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A88C5B6-1C46-46DA-A337-003F777C7A57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{47C0BE62-6E9D-4E87-9E55-C3315587D099}" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"{691C24E3-AA95-403C-B2A5-9567D44AC17B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79D57094-2777-4206-86CC-8C1964E6A1C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8A6187C5-772A-44F2-BA74-E9A18B18B945}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{8EA734F5-059C-449A-9404-81C9E7BC8E5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92302E5D-02AA-4848-BA2C-17C684445F6A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{9C4276FF-5942-46F3-9673-D6B5748A2A24}" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"{A072E05B-D505-4811-B77E-E40E8FE5E2EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B01B872F-4C66-4B85-B741-1D90E514F6B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B07BCCF4-3569-41C5-B8DC-E84F58220C1F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B5448C66-EF26-4352-9251-D29F2EBEB3F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C37C3272-0924-41E2-A800-7233A06E32E7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD6129D5-1CFE-440E-B960-D590F1904094}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E20D0062-183A-4A92-B9B5-525575747FCA}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{E2153E88-9E3E-4F8C-8A52-BA1673677DC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9A7BE47-A722-41EC-877E-ECA63EB1A443}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC771415-2A93-4D64-9A0D-2E53CB05CD61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FBC01E72-36DE-423A-95DF-800323BD4DBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD3A4D82-5225-4EAB-A7C6-169FAFF3A9FF}" = protocol=6 | dir=out | app=system |
"TCP Query User{12655AE3-6116-4FC8-A1A8-33326DBF9312}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2314A9DD-2B0E-458A-B581-C5D40D26F2FD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{4CC87455-5D03-4F34-B80A-E5595991FF25}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5FF97543-6EC8-45E4-920A-A2A534A5BD70}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe |
"TCP Query User{73C41731-9BC7-4574-A7E4-335389D5502B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{01E336C2-64F0-48D6-81E3-11F6648D118B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{37E1A6D1-D050-4141-8EC5-6701CA710C74}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{77F1BEE0-8B8B-4BCA-917E-56102BBFDBCE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{818C48EA-66DB-412B-8BDC-AEB3343DE450}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe |
"UDP Query User{F4043AB3-1C68-45F3-ABBF-B21210AFED0E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client CS-CZ Language Pack
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7487EA94-BA18-4406-9CD9-0A4F80AB7F2D}_is1" = WSDReader verze 3.0
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.10) - Czech
"{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1" = Kingo Android ROOT version 1.2.2.1915
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.3
"4795C4A805590BF1276BCED3EB2478E5BF545E83" = Balíček ovladače systému Windows - Intel (NETwNs32) net (01/22/2012 14.3.2.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"751A99B9D25B1127E0849AAA30110607FE2C6C32" = Balíček ovladače systému Windows - Intel (NETwNs32) net (09/30/2012 15.3.1.2)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 31.0 (x86 cs)" = Mozilla Firefox 31.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PokerStars" = PokerStars
"Totalcmd" = Total Commander (Remove or Repair)
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-890522623-3776059514-3079626165-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"SeznamInstall" = Seznam Software

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4.9.2014 15:52:02 | Computer Name = Ritter-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: firefox.exe, verze: 31.0.0.5310, časové
razítko: 0x53c75e72 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x01692c3f ID chybujícího procesu:
0xee4 Čas spuštění chybující aplikace: 0x01cfc879b2173e2d Cesta k chybující aplikaci:
C:\Program Files\Mozilla Firefox\firefox.exe Cesta k chybujícímu modulu: unknown
ID
zprávy: efddf830-346c-11e4-8842-00217078c253

Error - 4.9.2014 15:52:52 | Computer Name = Ritter-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: firefox.exe, verze: 31.0.0.5310, časové
razítko: 0x53c75e72 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x01692c3f ID chybujícího procesu:
0x7e8 Čas spuštění chybující aplikace: 0x01cfc879cff5021d Cesta k chybující aplikaci:
C:\Program Files\Mozilla Firefox\firefox.exe Cesta k chybujícímu modulu: unknown
ID
zprávy: 0dbe1d80-346d-11e4-8842-00217078c253

Error - 4.9.2014 15:53:02 | Computer Name = Ritter-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: firefox.exe, verze: 31.0.0.5310, časové
razítko: 0x53c75e72 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x01692c3f ID chybujícího procesu:
0xd04 Čas spuštění chybující aplikace: 0x01cfc879d62d7ab4 Cesta k chybující aplikaci:
C:\Program Files\Mozilla Firefox\firefox.exe Cesta k chybujícímu modulu: unknown
ID
zprávy: 13ef71f7-346d-11e4-8842-00217078c253

Error - 4.9.2014 15:56:16 | Computer Name = Ritter-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 11.0.9600.17239, časové
razítko: 0x53d22946 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x05602c3f ID chybujícího procesu:
0xbf4 Čas spuštění chybující aplikace: 0x01cfc87a42b1ce66 Cesta k chybující aplikaci:
C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu modulu: unknown
ID
zprávy: 87a16bfc-346d-11e4-8842-00217078c253

Error - 4.9.2014 15:56:49 | Computer Name = Ritter-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 11.0.9600.17239, časové
razítko: 0x53d22946 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x03ed2c3f ID chybujícího procesu:
0xb40 Čas spuštění chybující aplikace: 0x01cfc87a4dcbf96d Cesta k chybující aplikaci:
C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu modulu: unknown
ID
zprávy: 9b4e4bc0-346d-11e4-8842-00217078c253

Error - 4.9.2014 16:00:10 | Computer Name = Ritter-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: firefox.exe, verze: 31.0.0.5310, časové
razítko: 0x53c75e72 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x01692c3f ID chybujícího procesu:
0x7fc Čas spuštění chybující aplikace: 0x01cfc87ad3e5916c Cesta k chybující aplikaci:
C:\Program Files\Mozilla Firefox\firefox.exe Cesta k chybujícímu modulu: unknown
ID
zprávy: 130572f7-346e-11e4-8842-00217078c253

Error - 4.9.2014 16:00:20 | Computer Name = Ritter-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: firefox.exe, verze: 31.0.0.5310, časové
razítko: 0x53c75e72 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x01692c3f ID chybujícího procesu:
0xac4 Čas spuštění chybující aplikace: 0x01cfc87adac70bb6 Cesta k chybující aplikaci:
C:\Program Files\Mozilla Firefox\firefox.exe Cesta k chybujícímu modulu: unknown
ID
zprávy: 18c94820-346e-11e4-8842-00217078c253

Error - 4.9.2014 16:00:32 | Computer Name = Ritter-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: firefox.exe, verze: 31.0.0.5310, časové
razítko: 0x53c75e72 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x01692c3f ID chybujícího procesu:
0xf3c Čas spuštění chybující aplikace: 0x01cfc87ae1f250aa Cesta k chybující aplikaci:
C:\Program Files\Mozilla Firefox\firefox.exe Cesta k chybujícímu modulu: unknown
ID
zprávy: 1fed68f3-346e-11e4-8842-00217078c253

Error - 4.9.2014 16:06:51 | Computer Name = Ritter-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: explorer.exe, verze: 6.1.7601.17567, časové
razítko: 0x4d6727a7 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x05c72c3f ID chybujícího procesu:
0x27c Čas spuštění chybující aplikace: 0x01cfc87bb3c74526 Cesta k chybující aplikaci:
C:\Windows\explorer.exe Cesta k chybujícímu modulu: unknown ID zprávy: 01b97826-346f-11e4-8842-00217078c253

Error - 4.9.2014 16:07:26 | Computer Name = Ritter-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: explorer.exe, verze: 6.1.7601.17567, časové
razítko: 0x4d6727a7 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko:
0x00000000 Kód výjimky: 0xc0000005 Posun chyby: 0x03c52c3f ID chybujícího procesu:
0xd98 Čas spuštění chybující aplikace: 0x01cfc87bcf010248 Cesta k chybující aplikaci:
C:\Windows\explorer.exe Cesta k chybujícímu modulu: unknown ID zprávy: 169e2c2d-346f-11e4-8842-00217078c253

[ System Events ]
Error - 4.9.2014 16:00:56 | Computer Name = Ritter-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.

Error - 5.9.2014 2:12:32 | Computer Name = Ritter-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.183.1505.0 Zdroj aktualizace: %%859 Fáze aktualizace:
%%852 Zdrojová cesta: http://www.microsoft.com Typ podpisu: %%800 Typ aktualizace:
%%803 Uživatel: NT AUTHORITY\SYSTEM Aktuální verze modulu: Předchozí verze modulu:
1.1.10904.0 Kód chyby: 0x8024402c Popis chyby: Při zjišťování aktualizací došlo k
neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi
naleznete v nápovědě a podpoře.

Error - 5.9.2014 3:25:44 | Computer Name = Ritter-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.

Error - 5.9.2014 3:26:03 | Computer Name = Ritter-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR3.

Error - 5.9.2014 3:30:28 | Computer Name = Ritter-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR4.

Error - 5.9.2014 3:34:02 | Computer Name = Ritter-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR5.

Error - 5.9.2014 3:35:03 | Computer Name = Ritter-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.183.1505.0 Zdroj aktualizace: %%859 Fáze aktualizace:
%%852 Zdrojová cesta: http://www.microsoft.com Typ podpisu: %%800 Typ aktualizace:
%%803 Uživatel: NT AUTHORITY\SYSTEM Aktuální verze modulu: Předchozí verze modulu:
1.1.10904.0 Kód chyby: 0x8024402c Popis chyby: Při zjišťování aktualizací došlo k
neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi
naleznete v nápovědě a podpoře.

< End of report >

omlouvám se musím jít za 20minut do práce pokračování zítra jak se mám ohlásit?

Hlasit se nemusite, juelikoz ja ten nelegani system co tam je resit nebudu - z logu je zcela patrne pouziti aktivatoru

Zatím tedy moc díky

No tak o tom nic nevím ale díky teda to je hezké jdu si to prověřit jak to bylo tedy díky

Proverte, zjistete, ale v logu vidim aktivatoru

VIRY.CZ

Prosím o kontrolu omylem otevřena příloha s havětí díky

Prosím o kontrolu omylem otevřena příloha s havětí díky

Re: Prosím o kontrolu omylem otevřena příloha s havětí díky

Re: Prosím o kontrolu omylem otevřena příloha s havětí díky

Re: Prosím o kontrolu omylem otevřena příloha s havětí díky

Re: Prosím o kontrolu omylem otevřena příloha s havětí díky

Re: Prosím o kontrolu omylem otevřena příloha s havětí díky

Re: Prosím o kontrolu omylem otevřena příloha s havětí díky

Re: Prosím o kontrolu omylem otevřena příloha s havětí díky

Re: Prosím o kontrolu omylem otevřena příloha s havětí díky

Re: Prosím o kontrolu omylem otevřena příloha s havětí díky

Re: Prosím o kontrolu omylem otevřena příloha s havětí díky