VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Asi zavirované pc

https://forum.viry.cz:443/viewtopic.php?t=144678

Stránka 1 z 1

Asi zavirované pc

Napsal: 31 kvě 2015 12:08
od cabas
Zdravím
asi před měsícem mi ukradli účet na steamu a dostali se i na email. Zřejmě jsem kliknul na nějaký odkaz a stáhnul jsem keylogger nebo něco v tom smyslu. Ale od té doby když hraju online hry zejména Counter Strike Global Offensive tak mám ping sice 20-30 ale naskakuje loss packet na 40-50% a hra se stává nehratelnou protože to dělá každou minutu. Někde sem se dočetl že by to mohl dělat právě zmiňovaný vir nebo zavirovaný pc.
Tu je výpis z RSIT který sem dělal pomocí návodu.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Jirka at 2015-05-31 12:56:10
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 47 GB (41%) free of 114 GB
Total RAM: 8136 MB (68% free)


======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {6A96BFFA-127A-4410-8262-96250D572D95}
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
D:\EslWire\service\WireHelperSvc.exe
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 72d9c482-7ff2-4924-a54f-01ad67896012 1
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1452797208-4894451011995314802-30987480579154355173083931110175954741230123
\??\C:\Windows\system32\conhost.exe "-354226039-2066173631-703581602183317974167118496628990670016560156331072762738
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
TiraniumAntiK.exe
TkSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe"
"C:\Users\Jirka\AppData\Local\DM\TinyDM.exe" /M
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3336.0.558760710\805001546" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42,51 --gpu-vendor-id=0x10de --gpu-device-id=0x11c0 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4052 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Manual install/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A6_Stable_R9/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/*Win32kLockdown/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3336 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3336.2.250903940\951626261" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Manual install/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A6_Stable_R9/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/*Win32kLockdown/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3336 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3336.3.386577964\324486248" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Manual install/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A6_Stable_R9/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/*Win32kLockdown/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3336 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3336.4.1947194636\955644696" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\nacl64" --type=nacl-broker --channel="3336.8.1683261524\1578673387" /prefetch:-875166825
"C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\nacl64.exe" --type=nacl-loader --channel="3336.7.808615166\1068896228" --ignored=" --type=renderer " /prefetch:-1502398898
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Manual install/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A6_Stable_R9/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/*Win32kLockdown/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3336 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3336.9.178294087\685719215" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3336.12.1216133344\175658539" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
C:\Windows\system32\AUDIODG.EXE 0x1fc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Manual install/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A6_Stable_R9/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/*Win32kLockdown/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3336 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3336.20.1923465359\1737466791" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Manual install/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A6_Stable_R9/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/*Win32kLockdown/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3336 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3336.24.1278835008\377626795" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Manual install/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A6_Stable_R9/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/*Win32kLockdown/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3336 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3336.30.1267308367\392437303" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Manual install/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A6_Stable_R9/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/*Win32kLockdown/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3336 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3336.31.1800104654\1562920547" /prefetch:673131151
taskeng.exe {8E97171F-EA44-4611-943A-6EE256D36179}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Manual install/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A6_Stable_R9/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_09/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/*Win32kLockdown/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3336 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3336.35.1913101583\2132254963" /prefetch:673131151
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Jirka\Downloads\RSITx64 (1).exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\SearchIndexer.exe /Embedding

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\e2778b28-928c-4697-894d-65311608041e-1.job - C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exe /reinstallapp /runfrom=task /agentregpath='Torntv V9.0' /appid=51390 /srcid='001062' /subid='0' /zdata='0' /bic=A98E50C771C243F5A49DD86D5E49579EIE /verifier=d785fe61177178e1aa4f421fe3fb4981 /installerversion=1_34_3_28 /installerfullversion=1.34.3.28 /installationtime=1396282932 /statsdomain=http://stats.clientdataservice.com /errorsdomain=http://errors.clientdataservice.com /codedownloaddomain=http://cr.install-daddy.com /defbro=ch /allusers /autoupdateulr='http://update.clientdataservice.com/ie_ ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\e2778b28-928c-4697-894d-65311608041e-2.job - C:\Program Files (x86)\Torntv V9.0\e2778b28-928c-4697-894d-65311608041e-2.exe /enablebho /agentregpath='Torntv V9.0' /appid=51390 /srcid='001062' /subid='0' /zdata='0' /bic=A98E50C771C243F5A49DD86D5E49579EIE /verifier=d785fe61177178e1aa4f421fe3fb4981 /installerversion=1_34_3_28 /installationtime=1396282932 /statsdomain=http://stats.clientdataservice.com /errorsdomain=http://errors.clientdataservice.com /bhoguid=11111111-1111-1111-1111-110511131190 /defbro=ch /allusers /autoupdateulr='http://update.clientdataservice.com/ie_ ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\e2778b28-928c-4697-894d-65311608041e-3.job - C:\Program Files (x86)\Torntv V9.0\e2778b28-928c-4697-894d-65311608041e-3.exe /rawdata=FrZWv7baEQf/W8sattD2J5T0vjVc1E1ZgR25/T/4mFR/ZpIuPNoEZ6q7Br7+F0fbjHBoDOSKq8wvb4VmmIbAKYBnXZ1u6XR/5uOmSLjx74wH976mDNu8Ga5xN0Yqmr9Cdq3TPSXEFv9uAGnsu1Pvr3dpyjWKIrJDlCGJYqkzH3wsI5VSaem99hiZkGgUERHHEf3U91OwIv7fm0+R4mQBWxGhV5qIXg9I/i59xQSeF7XjzgDGc0V2SDjslOzTLKyyNYb4nYQZ8jcKXkp9oYvlE9eNfUtHC/I3N1MZx/SpWjlcrfi4nx3vxINSRmXHNhgp7ADX50tEeiQ36Bo2bHw53lmtM0bjkFlDD9n99D4L0Agnlqwv9gdXKxrFXeIeXs8OVJmqj8qQ26I0mfkWhdYOxfs1RZKDjyoO20Gq2nX/AhMuczBzTJiGWjiEL46PiiqW4PaxPAfz0TUUQRv0P+mCxHGt0f7NHRNmxn1gQn4XKDQ5AbN26WX3E8JdrgbssGmuIbgju89IMc4S0sXPJLaRi/AzsodyyytUfQLWJWveYWah+usoAWVldtrIYasG70GP6adumzKPvt8STQKXubRs3fegjr4xOyUdFAYGvrJlB0mZWz9FcmU1cg2iD7kbpB1ki+hOkFr0vXqxGhog06Qk5UlXl8Nr05R5o2ajiwp93R9i+jKDNNpOtLYzAPo9dXCnBWz7uMmwiGCQ/nd42PCqiiA38N4KpW+W1SVdK34l9PVOS8OdoFKdigoFOgSrWO3vETJvJBG1QNQw6VTv9RFew+RqZ8IxkKEGrCXIHtgK8B1X7VCgHdp3jdI29x4vr5HLY+UFQgLNAijoy5GmW7cEoRrG3u7jW4HIFucpucJf1z4leeoaZtRwhTT+caTPNwnBIkOh4/LXyOLnV82wj/ji8oMTxUhEn+6kCHTGCT9rqjqnHskmKS8J2FuBV7RK+57UTzXKPzV7/2Bta4wDiXlOgP/RkAtqbEQMOoGy++HFObj/v5kt6mjkHDOlXiHRN8FVNggXGDfU/htaPg7alKFlQziDm1KmM+sRMFaTMkz8MhNGbPXJ5yB+53Jh7dIkcLcatUVK51bbFg1t1n1gUMtuyDkBZE2QSY7EifsVpjfdLzFsISX2ecdbkAepQKWiwj1eW8v6XuBZWua3GtAZoPjOwBZPyydBanRYE7PjSLWFZgBIZZKFtbhWAn8uhyBjQbpJQ99w/XsDKOHjOVW38yf0HJ4Gjg4IXHz3Ti1Y4SNKn3PVnxcy+ygcgLZRRa85jUhRfdw10UyI046hYdy3E1ZanvEPO1Y8kOWrqPWtCbZOa65fWScwsNTDorB9Lg/9dOJwpl0VNTbGgTgqHg12fJgQqA==
C:\Windows\tasks\e2778b28-928c-4697-894d-65311608041e-4.job - C:\Program Files (x86)\Torntv V9.0\e2778b28-928c-4697-894d-65311608041e-4.exe /installxpi /agentregpath='Torntv V9.0' /extensionfilepath='C:\Program Files (x86)\Torntv V9.0\51390.xpi' /appid=51390 /srcid='001062' /subid='0' /zdata='0' /bic=A98E50C771C243F5A49DD86D5E49579EIE /verifier=d785fe61177178e1aa4f421fe3fb4981 /installerversion=1_34_3_28 /installerfullversion=1.34.3.28 /installationtime=1396282932 /statsdomain=http://stats.clientdataservice.com /errorsdomain=http://errors.clientdataservice.com /waitforbrowser=300 /extensionid=5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com /extensionversion=0.94 /prefsbranch=a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390 /updateurl=https://w9u6a2p6.ssl.hwcdn.net/plugin/f ... /51390.rdf /extensionname='Torntv V9.0' /extensiondesc='The must-have App extensions for Television fans! Watch free TV channels, live sports and more' /publishername='installdaddy' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='http://update.clientdataservice.com/ff_ ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\e2778b28-928c-4697-894d-65311608041e-5.job - C:\Program Files (x86)\Torntv V9.0\e2778b28-928c-4697-894d-65311608041e-5.exe /rawdata=D6EJq1z33igCWmuyA+6qMNw3nGoyOQHEybakHfB2vhIuuKlYXEbFO+wqNL6GSoW9viVfFV6w4yzOctaBH4keHHwo9TqcV7xvLEFo0ecMCsSe9+FhJIdGD0AdAM6Wi6RYzLw8u5BP0nx8GlAkZPRn6vny6Tf5GzPhAVPqs0NAxUJhmdGx7K/4CzksaYCU5hAMaNI41nY9E+oy4yVdmw5sKPqokpZ5kAIccAjtf6kwtziy71PKNnyBMdKfH66EkWo4ls/3U7tDO6cgQiCH0Lh+hODCLqtnnQeoyMr4itA/nkmd6xXiWh3JHbsibDRt0LkD045BsOp4/tTD03g6bZSg2mAROffb1QY/Vf82Vjbmv7a/nwatQPk4CM0NrrtfQObEndtHRkFwp+gZuWJsFDA5ZxODX43M0FMbTyTlCIkVtrx0zUNTPUPDsmK/ouqIVBayKSJ2MFROiCDXwHW6uyzH/mUIkammrL8XubBHECnZv5LLHWF+O7fjQAUqgWSALUYTfGSgg+MjoZ7JP4IcJ5E163wfTH+a8DZrQAFUDAo0xsDYMNdvpr1TirRBB6rryiqCT59ZpWRVmNz1V/KsMTrNLe0wtTEpwImneDSoYymeCjtlLaqy4idkNBJKNHs8/uAYfO4H+JmskhcS7brbYR/ft6mBnFC61IjgzLwaD3xBADRmKgBVsNF90XHyy/HxffeODvV/FvAlTrnwx6r+ww2hxyTJrAKXH0U7EaeDoskVYW6eYA4RioQsGA1nGMyOPaMJRVD60oiHWBk40x4ft9yOebsMXc5Fk4pVRvEPtJGC8BMCBhE9YgBgK+spwP5n6scKQl6fCbOdcCWUKxjuAMKEPscDYYoLLoRui73bf/lfYAD/LUurAzkGEl/n+hTjxJBnDJl/PJOh2vekQj1/wQI37LNwchhIM4rCITd+fVbjyskHQ1KrOrrr8FDgfUP+EN9uNUWlQXazd7Baa6OM+Gocj5zkgBiPK3FYzS5+PnCy6kB24+Q+ytq5VBpFbientxia
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-149146591-1846029809-4080100686-1000Core.job - C:\Users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-149146591-1846029809-4080100686-1000UA.job - C:\Users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01 2133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01 1724032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A424A5FB-DA4C-4BA1-BE70-956A61F8440B}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Tiranium Anti-Keylogger"=C:\Program Files\TiraniumAntiK\TkStartRun.exe [2015-04-29 228352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Tiny download manager"=C:\Users\Jirka\AppData\Local\DM\TinyDM.exe [2014-08-16 289752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
D:\OpenSubtitlesPlayer\ALLUpdate.exe [2015-02-12 2615752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\Jirka\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\Jirka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
D:\Origin\Origin.exe [2015-04-10 3632472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2015-01-28 5595848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
D:\EslWire\wire.exe [2014-12-09 3771904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-02 107912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS]
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2012-07-19 133440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S.T.R.I.K.E.3]
C:\Program Files\Mad Catz\S.T.R.I.K.E.3\STRIKE3_Profiler.exe [2013-07-18 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2014-11-27 466144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Jirka\AppData\Roaming\Spotify\Spotify.exe [2015-04-24 7168568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Jirka\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-04-24 2020920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Steam\steam.exe [2015-05-15 2888384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SteelSeries Engine]
D:\SteelSeries Engine\SteelSeriesEngine.exe [2013-11-05 242688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26 271744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tilt]
C:\Program Files (x86)\GIGABYTE\GHOST\Tilt.exe [2009-06-26 724992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tiny download manager]
C:\Users\Jirka\AppData\Local\DM\TinyDM.exe [2014-08-16 289752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ttesports]
C:\Program Files (x86)\Ttesports\ShockONE\ShockTray.exe [2010-05-20 2506240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON]
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-20 291648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2009-09-30 825184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"=C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [2012-07-09 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux4"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux5"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux7"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-05-31 12:56:10 ----D---- C:\rsit
2015-05-31 12:56:10 ----D---- C:\Program Files\trend micro
2015-05-14 01:05:16 ----D---- C:\UpdateChromeLinksLogs
2015-05-14 01:05:10 ----A---- C:\Windows\SYSWOW64\mfc71.dll
2015-05-14 01:05:10 ----A---- C:\Windows\SYSWOW64\gdiplus.dll
2015-05-05 18:03:28 ----D---- C:\Users\Jirka\AppData\Roaming\Mumble
2015-05-05 17:58:47 ----D---- C:\Program Files (x86)\Mumble

======List of files/folders modified in the last 1 month======

2015-05-31 12:56:17 ----SD---- C:\ProgramData\Microsoft
2015-05-31 12:56:10 ----RD---- C:\Program Files
2015-05-31 12:56:09 ----D---- C:\Windows\Temp
2015-05-31 12:45:44 ----D---- C:\Windows\system32\drivers\etc
2015-05-31 12:42:10 ----D---- C:\ProgramData\Spybot - Search & Destroy
2015-05-31 12:14:05 ----D---- C:\Windows\System32
2015-05-31 12:14:05 ----D---- C:\Windows\inf
2015-05-31 12:14:05 ----A---- C:\Windows\system32\PerfStringBackup.TMP
2015-05-31 12:09:11 ----A---- C:\Windows\SYSWOW64\log.txt
2015-05-31 12:08:43 ----D---- C:\Windows\system32\wdi
2015-05-31 12:07:20 ----D---- C:\Windows\SysWOW64
2015-05-31 12:06:21 ----D---- C:\Windows
2015-05-31 01:12:46 ----D---- C:\Program Files\Defraggler
2015-05-30 01:19:28 ----D---- C:\Windows\system32\config
2015-05-30 00:26:22 ----D---- C:\Users\Jirka\AppData\Roaming\TS3Client
2015-05-29 20:28:22 ----SHD---- C:\Windows\Installer
2015-05-29 19:45:52 ----D---- C:\ProgramData\CoupExtension
2015-05-29 18:25:27 ----D---- C:\Program Files\ESET
2015-05-28 22:35:35 ----RD---- C:\Program Files (x86)
2015-05-28 22:35:29 ----SHD---- C:\System Volume Information
2015-05-28 22:34:23 ----D---- C:\Windows\system32\Tasks
2015-05-26 19:21:17 ----D---- C:\Windows\system32\NDF
2015-05-26 01:01:33 ----D---- C:\Users\Jirka\AppData\Roaming\Skype
2015-05-25 20:05:05 ----D---- C:\Windows\Logs
2015-05-25 20:04:53 ----RSD---- C:\Windows\assembly
2015-05-21 11:32:05 ----RD---- C:\Program Files (x86)\Skype
2015-05-14 10:37:23 ----D---- C:\Windows\system32\catroot2
2015-05-14 01:04:19 ----D---- C:\Program Files\OBS
2015-05-14 01:04:19 ----D---- C:\Program Files (x86)\OBS
2015-05-14 01:04:09 ----D---- C:\Windows\SoftwareDistribution
2015-05-09 23:05:37 ----D---- C:\ProgramData\Origin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2015-03-10 241880]
R0 ESLWireAC;ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [2015-04-08 98080]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2012-10-25 22680]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-25 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-03-10 246000]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-03-10 169792]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2015-03-10 159480]
R3 busenum;SteelBusSvc; C:\Windows\system32\DRIVERS\SteelBus64.sys [2013-10-30 140800]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2015-05-31 25640]
R3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2015-05-31 30528]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-07-19 110744]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-02 62784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-25 194848]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 SaiK1112;SaiK1112; C:\Windows\system32\DRIVERS\SaiK1112.sys [2013-07-19 180992]
R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2013-07-19 25120]
R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2013-07-19 52640]
R3 SAlphamHid;SteelHIDSvc; C:\Windows\system32\DRIVERS\SAlpham64.sys [2013-05-31 38016]
S3 ESETCleanersDriver;ESET Cleaner Service; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [2015-03-02 170280]
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2015-05-31 25640]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-09-10 16088]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2014-04-26 27760]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2014-09-10 30424]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2015-01-28 1349576]
R2 EslWireHelper;ESL Wire Helper Service; D:\EslWire\service\WireHelperSvc.exe [2014-01-28 663056]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-06-19 634632]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-05 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-19 277824]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-06-21 884512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-19 365376]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 d0e87c27;SW-Sustainer; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15 268464]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EasyAntiCheat;EasyAntiCheat; C:\Windows\syswow64\EasyAntiCheat.exe [2015-02-05 174112]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29 107912]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 Origin Client Service;Origin Client Service; D:\Origin\OriginClientService.exe [2015-04-10 1931632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-05-15 837824]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]



Za každou drahou odpověď budu vděčný :)

Re: Asi zavirované pc

Napsal: 31 kvě 2015 12:28
od vyosek
Zdravim :)

:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
  • Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Re: Asi zavirované pc

Napsal: 31 kvě 2015 12:36
od cabas
díky já teď jedu pryč tak jak přídu tak to udělám a pak odpovím :)

Re: Asi zavirované pc

Napsal: 31 kvě 2015 12:37
od vyosek
Ou Kej :thumbsup:

Re: Asi zavirované pc

Napsal: 31 kvě 2015 19:40
od cabas
OTL logfile created on: 31.5.2015 20:26:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jirka\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,95 Gb Total Physical Memory | 4,88 Gb Available Physical Memory | 61,42% Memory free
15,89 Gb Paging File | 12,07 Gb Available in Paging File | 75,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 45,84 Gb Free Space | 41,04% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 794,05 Gb Free Space | 85,24% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JIRKA-PC | User Name: Jirka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2015.05.31 20:24:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jirka\Downloads\OTL.exe
PRC - [2015.05.15 03:58:00 | 001,851,584 | ---- | M] (Valve Corporation) -- D:\Steam\bin\steamwebhelper.exe
PRC - [2015.05.15 03:57:58 | 002,888,384 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2015.05.15 03:57:58 | 000,837,824 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2015.05.01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015.05.01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015.04.28 04:07:36 | 000,812,872 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015.01.28 14:08:58 | 001,349,576 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2014.12.19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.08.16 00:01:32 | 000,289,752 | ---- | M] (http://www.tinydm.com/) -- C:\Users\Jirka\AppData\Local\DM\TinyDM.exe
PRC - [2014.07.25 15:51:18 | 002,403,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014.07.25 15:51:13 | 001,720,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014.06.27 12:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014.06.24 11:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014.04.25 15:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.07.19 09:53:16 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.05 13:23:34 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012.01.13 14:04:16 | 000,219,760 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe


========== Modules (No Company Name) ==========

MOD - [2015.05.15 03:58:02 | 002,396,352 | ---- | M] () -- D:\Steam\video.dll
MOD - [2015.05.15 03:57:58 | 000,703,168 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2015.05.11 21:01:44 | 036,302,728 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2015.05.11 21:01:44 | 008,958,344 | ---- | M] () -- D:\Steam\bin\pdf.dll
MOD - [2015.04.28 04:07:35 | 014,980,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
MOD - [2015.04.28 04:07:34 | 001,252,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
MOD - [2015.04.28 04:07:33 | 000,080,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
MOD - [2015.04.23 04:16:30 | 004,962,816 | ---- | M] () -- D:\Steam\v8.dll
MOD - [2015.04.23 04:16:24 | 001,556,992 | ---- | M] () -- D:\Steam\icui18n.dll
MOD - [2015.04.23 04:16:24 | 001,187,840 | ---- | M] () -- D:\Steam\icuuc.dll
MOD - [2015.04.16 19:40:32 | 000,776,192 | ---- | M] () -- D:\Steam\SDL2.dll
MOD - [2014.12.01 23:31:16 | 002,396,672 | ---- | M] () -- D:\Steam\libavcodec-56.dll
MOD - [2014.12.01 23:31:16 | 000,485,888 | ---- | M] () -- D:\Steam\libswscale-3.dll
MOD - [2014.12.01 23:31:16 | 000,479,744 | ---- | M] () -- D:\Steam\libavformat-56.dll
MOD - [2014.12.01 23:31:16 | 000,442,880 | ---- | M] () -- D:\Steam\libavutil-54.dll
MOD - [2014.12.01 23:31:16 | 000,332,800 | ---- | M] () -- D:\Steam\libavresample-2.dll
MOD - [2012.11.20 17:38:18 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll
MOD - [2012.11.14 14:44:36 | 002,875,463 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
MOD - [2012.11.14 14:00:32 | 001,499,204 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
MOD - [2012.11.14 10:42:52 | 000,651,331 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\work.dll
MOD - [2012.11.09 16:51:08 | 001,429,582 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
MOD - [2012.09.18 14:45:26 | 001,335,362 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
MOD - [2012.09.17 16:25:28 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
MOD - [2012.05.08 15:01:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
MOD - [2012.01.13 14:04:16 | 000,219,760 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
MOD - [2011.10.18 09:26:16 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
MOD - [2011.09.14 17:12:30 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
MOD - [2011.03.01 19:00:58 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
MOD - [2010.06.24 15:50:08 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
MOD - [2010.06.10 15:52:24 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
MOD - [2010.03.12 05:40:58 | 004,449,632 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\platform.dll
MOD - [2010.03.12 05:40:56 | 000,423,256 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\device.dll
MOD - [2008.05.07 15:22:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
MOD - [2003.02.14 14:11:46 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015.01.28 14:08:58 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2014.07.25 15:51:10 | 018,956,064 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012.06.19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (d0e87c27)
SRV - [2015.05.15 03:57:58 | 000,837,824 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015.05.01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015.05.01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015.04.15 10:50:27 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.04.10 17:20:10 | 001,931,632 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- D:\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2015.02.05 19:59:35 | 000,174,112 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2014.12.19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.07.25 15:51:13 | 001,720,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.01.28 12:40:54 | 000,663,056 | ---- | M] () [Auto | Running] -- D:\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2012.07.19 09:53:16 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.05 13:23:34 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011.08.30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015.04.08 19:59:50 | 000,098,080 | ---- | M] (<Turtle Entertainment>) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2015.03.10 17:24:42 | 000,246,000 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2015.03.10 17:24:42 | 000,241,880 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\edevmon.sys -- (edevmon)
DRV:64bit: - [2015.03.10 17:24:42 | 000,169,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2015.03.10 17:24:42 | 000,159,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2015.03.02 23:33:34 | 000,170,280 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESETCleanersDriver.sys -- (ESETCleanersDriver)
DRV:64bit: - [2014.09.10 17:18:52 | 000,030,424 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsomc.sys -- (ggsomc)
DRV:64bit: - [2014.09.10 17:18:52 | 000,016,088 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2014.07.25 15:51:10 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014.04.26 18:51:24 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2014.03.31 18:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013.10.30 18:15:32 | 000,140,800 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2013.07.19 11:15:22 | 000,052,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2013.07.19 11:15:22 | 000,025,120 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2013.07.19 11:15:18 | 000,180,992 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK1112.sys -- (SaiK1112)
DRV:64bit: - [2013.06.25 15:45:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.05.31 16:19:10 | 000,038,016 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.10.25 09:01:20 | 000,022,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2012.07.19 11:14:28 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012.07.02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.05.20 18:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.05.20 18:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.05.20 18:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.08.21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2015.05.31 19:50:07 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2015.05.31 19:50:00 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2015.05.31 01:18:44 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..\SearchScopes,DefaultScope = {CFA0AB0A-866E-40BE-9308-6F0B1C9C0F45}
IE - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..\SearchScopes\{24556AEB-0A2A-444D-826D-34DC34ADD510}: "URL" = http://search.yahoo.com/search?p={searc ... type=10809
IE - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..\SearchScopes\{6582190F-8C38-46C3-82A4-63831C168815}: "URL" = http://search.findwide.com/serp?guid={A ... earchTerms}
IE - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..\SearchScopes\{9C1D31B7-659C-4B5D-A4FA-D9528AAABDC5}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_12454
IE - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..\SearchScopes\{CFA0AB0A-866E-40BE-9308-6F0B1C9C0F45}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: D:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jirka\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jirka\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jirka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Jirka\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: D:\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2013.11.25 02:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Extensions
[2014.06.20 00:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2014.06.20 00:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2014.06.20 00:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\h76m4rqe.default\extensions
[2013.08.08 14:07:04 | 000,249,988 | ---- | M] () (No name found) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi
[2014.03.31 17:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.11.25 02:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.11.25 02:53:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\6.6_0\
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1.1_0\
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.5_0\
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik\2.2015.522.11440_0\
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnhnfikffkjbdnfallfpgikamegbbag\1.0_0\
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.7.1_0\
CHR - Extension: No name found = C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

Hosts file not found
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {A424A5FB-DA4C-4BA1-BE70-956A61F8440B} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..\Toolbar\WebBrowser: (no name) - {A424A5FB-DA4C-4BA1-BE70-956A61F8440B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-149146591-1846029809-4080100686-1000..\Run: [Tiny download manager] C:\Users\Jirka\AppData\Local\DM\TinyDM.exe (http://www.tinydm.com/)
O4:64bit: - HKLM..\RunOnce: [Tiranium Anti-Keylogger] C:\Program Files\TiraniumAntiK\TkStartRun.exe (CEO Tiranium Security)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..Trusted Domains: localhost ([]http in Internet)
O15 - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-149146591-1846029809-4080100686-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.100.100.1 10.100.100.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22911F38-96FE-4DE6-BA0A-F7541B0473A9}: DhcpNameServer = 10.100.100.1 10.100.100.6
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL) - File not found
O20 - AppInit_DLLs: (c:\progra~2\sw-boo~1\assist~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cb1b00ca-cd57-11e3-b23b-94de80242fc0}\Shell - "" = AutoRun
O33 - MountPoints2\{cb1b00ca-cd57-11e3-b23b-94de80242fc0}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll (x264vfw project)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2015.05.31 12:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.05.31 12:56:10 | 000,000,000 | ---D | C] -- C:\rsit
[2015.05.28 20:06:59 | 000,000,000 | ---D | C] -- C:\Users\Jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2015.05.31 20:04:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-149146591-1846029809-4080100686-1000UA.job
[2015.05.31 19:57:01 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.05.31 19:57:01 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.05.31 19:50:07 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2015.05.31 19:50:07 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2015.05.31 19:50:00 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2015.05.31 19:50:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.05.31 19:49:11 | 000,003,114 | ---- | M] () -- C:\Windows\tasks\e2778b28-928c-4697-894d-65311608041e-3.job
[2015.05.31 19:49:11 | 000,001,410 | ---- | M] () -- C:\Windows\tasks\e2778b28-928c-4697-894d-65311608041e-2.job
[2015.05.31 19:49:10 | 000,002,476 | ---- | M] () -- C:\Windows\tasks\e2778b28-928c-4697-894d-65311608041e-4.job
[2015.05.31 19:49:10 | 000,002,426 | ---- | M] () -- C:\Windows\tasks\e2778b28-928c-4697-894d-65311608041e-5.job
[2015.05.31 19:49:10 | 000,001,484 | ---- | M] () -- C:\Windows\tasks\e2778b28-928c-4697-894d-65311608041e-1.job
[2015.05.31 19:49:10 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.05.31 19:49:07 | 2103,566,335 | -HS- | M] () -- C:\hiberfil.sys
[2015.05.31 13:36:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.05.31 01:20:36 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-149146591-1846029809-4080100686-1000Core.job
[2015.05.31 01:18:44 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015.05.31 12:07:20 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2015.04.01 18:11:39 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2015.03.02 23:33:56 | 000,000,137 | ---- | C] () -- C:\Windows\wininit.ini
[2014.08.15 14:56:22 | 000,001,297 | ---- | C] () -- C:\Users\Jirka\AppData\Local\recently-used.xbel
[2014.08.07 16:47:50 | 001,747,280 | ---- | C] () -- C:\Users\Jirka\ts3_recording_14_08_07_16_47_47.wav
[2013.07.17 20:29:57 | 000,003,584 | ---- | C] () -- C:\Users\Jirka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.14 21:15:12 | 001,192,959 | ---- | C] () -- C:\Windows\unins000.exe
[2013.06.14 21:15:12 | 000,057,438 | ---- | C] () -- C:\Windows\unins000.dat
[2013.06.13 22:45:19 | 000,007,605 | ---- | C] () -- C:\Users\Jirka\AppData\Local\Resmon.ResmonCfg
[2013.06.13 19:46:51 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.06.13 19:46:51 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.06.13 19:46:51 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013.06.13 19:46:49 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.06.13 19:46:46 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.06.13 04:03:47 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013.06.13 03:52:38 | 001,554,840 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.13 03:51:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.07.07 16:51:56 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\AVG
[2014.12.07 14:27:19 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DAEMON Tools Lite
[2014.11.18 16:35:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Electronic Arts
[2013.06.13 04:13:19 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ESET
[2013.11.02 01:56:17 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GameRanger
[2013.06.13 04:11:52 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GHISLER
[2015.04.29 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\HeroesAndGeneralsDesktop
[2014.12.07 14:27:19 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\inkscape
[2013.11.02 01:59:15 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\IrfanView
[2013.07.24 14:41:28 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Leadertech
[2015.03.12 14:59:11 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\LibreOffice
[2013.06.28 22:24:06 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\LolClient
[2014.04.22 17:56:56 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mount&Blade Warband
[2015.05.05 20:43:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mumble
[2014.07.25 20:00:25 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\OBS
[2014.07.07 16:51:10 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\OpenCandy
[2014.05.07 16:21:59 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Opera Software
[2014.11.08 12:32:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Origin
[2013.06.28 19:55:35 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Riot Games
[2015.04.30 13:12:45 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Seznam.cz
[2013.07.02 14:21:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Shifters Anticheat
[2013.06.21 14:45:05 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Sony
[2015.02.08 21:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\SpinTires
[2015.04.30 13:12:58 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Spotify
[2013.12.25 19:06:14 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\SteelSeries
[2014.05.09 22:38:26 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TeamViewer
[2015.02.04 18:56:51 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Teeworlds
[2015.05.30 00:26:22 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TS3Client
[2014.03.01 00:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,548 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.06.13 19:02:14 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.03.31 17:54:30 | 000,003,114 | ---- | C] () -- C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-3.job
[2014.03.31 17:54:31 | 000,002,476 | ---- | C] () -- C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-4.job
[2014.03.31 17:54:33 | 000,001,484 | ---- | C] () -- C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-1.job
[2014.03.31 17:54:35 | 000,001,410 | ---- | C] () -- C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-2.job
[2014.03.31 17:54:37 | 000,002,426 | ---- | C] () -- C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-5.job
[2014.11.02 21:53:04 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149146591-1846029809-4080100686-1000Core.job
[2014.11.02 21:53:04 | 000,000,962 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149146591-1846029809-4080100686-1000UA.job
[2015.04.29 20:31:11 | 000,000,946 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.04.29 20:31:12 | 000,000,950 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2014.06.24 11:42:02 | 004,818,848 | ---- | M] (Safer-Networking Ltd.) MD5=280C014187E24860A7C860329513208F -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013.05.08 08:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010.11.20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.01.04 07:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2013.01.03 07:57:12 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2013.09.07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2013.05.08 08:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2013.07.06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2013.11.26 13:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[6 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.06.13 19:46:58 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Adobe
[2014.07.07 16:51:56 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\AVG
[2014.12.07 14:27:19 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DAEMON Tools Lite
[2014.11.18 16:35:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Electronic Arts
[2013.06.13 04:13:19 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ESET
[2013.11.02 01:56:17 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GameRanger
[2013.06.13 04:11:52 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GHISLER
[2015.04.29 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\HeroesAndGeneralsDesktop
[2013.06.13 03:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Identities
[2014.12.07 14:27:19 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\inkscape
[2013.06.13 03:52:46 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\InstallShield
[2013.11.02 01:59:15 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\IrfanView
[2014.03.23 15:24:36 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\LavasoftStatistics
[2013.07.24 14:41:28 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Leadertech
[2015.03.12 14:59:11 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\LibreOffice
[2013.06.28 22:24:06 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\LolClient
[2013.06.13 19:43:15 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Macromedia
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Media Center Programs
[2015.04.30 14:47:06 | 000,000,000 | --SD | M] -- C:\Users\Jirka\AppData\Roaming\Microsoft
[2014.10.16 19:23:59 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\mIRC
[2014.04.22 17:56:56 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mount&Blade Warband
[2013.11.25 02:53:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla
[2015.05.05 20:43:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mumble
[2013.06.25 15:47:24 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\NVIDIA
[2014.07.25 20:00:25 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\OBS
[2014.07.07 16:51:10 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\OpenCandy
[2014.05.07 16:21:59 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Opera Software
[2014.11.08 12:32:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Origin
[2013.06.28 19:55:35 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Riot Games
[2013.07.22 00:16:18 | 000,000,000 | RH-D | M] -- C:\Users\Jirka\AppData\Roaming\SecuROM
[2015.04.30 13:12:45 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Seznam.cz
[2013.07.02 14:21:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Shifters Anticheat
[2015.05.26 01:01:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Skype
[2013.06.21 14:45:05 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Sony
[2015.02.08 21:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\SpinTires
[2015.04.30 13:12:58 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Spotify
[2013.12.25 19:06:14 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\SteelSeries
[2014.05.09 22:38:26 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TeamViewer
[2015.02.04 18:56:51 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Teeworlds
[2015.05.30 00:26:22 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TS3Client
[2014.12.30 01:22:40 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\vlc
[2014.03.01 00:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Wargaming.net
[2013.06.13 04:12:16 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2014.11.18 16:35:39 | 000,042,750 | ---- | M] (Electronic Arts) -- C:\Users\Jirka\AppData\Roaming\Electronic Arts\Game Face\uninstall.exe
[2014.03.18 16:46:13 | 000,192,512 | R--- | M] () -- C:\Users\Jirka\AppData\Roaming\Microsoft\Installer\{114C48CB-65F8-4EC6-83CD-B3F936BFF795}\Icon.exe
[2014.11.04 22:55:06 | 000,252,928 | ---- | M] (obsproject.com) -- C:\Users\Jirka\AppData\Roaming\OBS\updates\updater.exe
[2014.04.10 00:33:06 | 027,826,600 | ---- | M] (AVG) -- C:\Users\Jirka\AppData\Roaming\OpenCandy\7CC4C1EB70254F53B8B099D25B4448B0\AVG-PC-TuneUp2014.exe
[2013.05.16 15:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 15:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.29 12:53:34 | 000,045,560 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013.04.12 10:10:22 | 000,092,664 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
[2013.04.16 13:52:34 | 000,055,808 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Seznam.cz\data\ffinstall\ffkill.exe
[2011.12.19 11:04:28 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Users\Jirka\AppData\Roaming\Seznam.cz\data\ffinstall\reg.exe
[2013.04.16 13:52:36 | 000,077,824 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Seznam.cz\data\ffinstall\regctrl.exe
[2015.04.24 15:27:50 | 007,168,568 | ---- | M] (Spotify Ltd) -- C:\Users\Jirka\AppData\Roaming\Spotify\Spotify.exe
[2015.04.24 15:27:51 | 000,778,808 | ---- | M] (Spotify Ltd) -- C:\Users\Jirka\AppData\Roaming\Spotify\SpotifyCrashService.exe
[2015.04.24 15:27:51 | 000,124,472 | ---- | M] (Spotify Ltd) -- C:\Users\Jirka\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2015.04.24 15:27:51 | 002,020,920 | ---- | M] (Spotify Ltd) -- C:\Users\Jirka\AppData\Roaming\Spotify\SpotifyWebHelper.exe
[2015.04.11 22:24:39 | 039,771,536 | ---- | M] (Spotify Ltd) -- C:\Users\Jirka\AppData\Roaming\Spotify\Spotify_new.exe
[2015.04.24 15:27:52 | 000,073,272 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Spotify\wow_helper.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2015.05.31 19:50:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2015.05.31 19:49:10 | 000,001,484 | ---- | M] () -- C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-1.job
[2015.05.31 19:49:11 | 000,001,410 | ---- | M] () -- C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-2.job
[2015.05.31 19:49:11 | 000,003,114 | ---- | M] () -- C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-3.job
[2015.05.31 19:49:10 | 000,002,476 | ---- | M] () -- C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-4.job
[2015.05.31 19:49:10 | 000,002,426 | ---- | M] () -- C:\Windows\Tasks\e2778b28-928c-4697-894d-65311608041e-5.job
[2015.05.31 20:36:00 | 000,000,946 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.05.31 20:36:04 | 000,000,950 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2015.05.31 01:20:36 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149146591-1846029809-4080100686-1000Core.job
[2015.05.31 20:04:00 | 000,000,962 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149146591-1846029809-4080100686-1000UA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2015.05.31 19:50:07 | 000,000,004 | ---- | M] () -- C:\Windows\system32\GVTunner.ref
[2015.05.31 19:52:15 | 000,000,044 | ---- | M] () -- C:\Windows\system32\log.txt

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Tiny download manager" = "C:\Users\Jirka\AppData\Local\DM\TinyDM.exe" /M -- [2014.08.16 00:01:32 | 000,289,752 | ---- | M] (http://www.tinydm.com/)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014.02.01 10:12:02 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=B04EE6BFF70C11D478680BB74E1D33AB -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2015.04.28 04:07:36 | 000,812,872 | ---- | M] (Google Inc.) MD5=7EDA1D46618C2F5801E4A47D80AE89ED -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2013.12.18 16:11:16 | 000,000,161 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files (x86)\TornTV.com\TornTV Downloader.exe.config.vir
[2013.12.19 21:10:36 | 000,281,088 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files (x86)\TornTV.com\TornTV Downloader.exe.vir
[2013.12.19 21:10:36 | 000,157,184 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files (x86)\TornTV.com\TornTV Downloader.pdb.vir
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2014.05.25 20:45:54 | 000,006,866 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\pythonloader.py
[2015.02.21 10:29:46 | 000,000,171 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\pythonloader.uno.ini
[2015.02.21 10:27:42 | 000,047,904 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\pythonloaderlo.dll
[2015.02.21 03:01:08 | 000,124,486 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\classes\libloader-1.1.6.jar
[2015.02.21 03:34:56 | 000,013,883 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\python-core-3.3.3\lib\unittest\loader.py
[2015.02.21 03:34:56 | 000,050,271 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\python-core-3.3.3\lib\unittest\test\test_loader.py
[2015.02.21 10:25:56 | 000,084,256 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\URE\bin\javaloaderlo.dll
[2015.02.21 02:47:14 | 000,004,766 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\URE\java\unoloader.jar
[2014.07.25 15:50:49 | 001,170,208 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2013.06.04 10:57:24 | 000,057,224 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013.06.04 10:57:24 | 000,065,416 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2013.06.04 10:57:24 | 000,083,848 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013.06.04 10:57:24 | 000,088,968 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2014.10.27 13:57:20 | 000,001,702 | ---- | M] () -- \Program Files (x86)\Sony Mobile\Update Engine\licenses\loaderbinarylegal.txt
[2009.09.30 18:57:30 | 000,593,248 | ---- | M] () -- \Program Files\Microsoft Xbox 360 Accessories\Downloader.exe
[2013.05.16 16:41:22 | 001,152,288 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{80AF8C67-C0C3-4050-B3B6-0F4C7976BEE2}\ExtensionLoader.dll
[2010.03.15 11:27:20 | 000,054,784 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2015.02.05 23:28:01 | 000,019,765 | ---- | M] () -- \Users\Jirka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\2.1.0.23_0\js\configLoader.js
[2015.02.05 23:28:01 | 000,002,597 | ---- | M] () -- \Users\Jirka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\2.1.0.23_0\js\scriptLoader.js
[2014.08.13 14:14:30 | 000,009,418 | ---- | M] () -- \Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\gifloader.gif
[2014.07.24 14:53:16 | 000,072,638 | ---- | M] () -- \Users\Jirka\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.07.24 14:53:16 | 000,003,032 | ---- | M] () -- \Users\Jirka\AppData\Local\Skype\Apps\login\images\loader.png
[2014.07.24 14:53:16 | 000,006,012 | ---- | M] () -- \Users\Jirka\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.07.24 14:53:16 | 000,021,956 | ---- | M] () -- \Users\Jirka\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.07.24 14:53:16 | 000,009,772 | ---- | M] () -- \Users\Jirka\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.04.15 13:32:10 | 000,060,416 | ---- | M] () -- \Users\Jirka\AppData\Roaming\Seznam.cz\bin\15119libfoxloader-x64.dll
[2013.03.29 13:37:34 | 000,059,384 | ---- | M] () -- \Users\Jirka\AppData\Roaming\Seznam.cz\bin\15119libfoxloader.dll
[2014.02.13 11:03:27 | 000,000,165 | ---- | M] () -- \Users\Jirka\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.03.25 16:27:20 | 000,000,665 | ---- | M] () -- \Users\Jirka\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 16:27:26 | 000,000,117 | ---- | M] () -- \Users\Jirka\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
[2013.06.13 20:47:09 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2009.07.14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.06.26 09:23:10 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 12\shockwave_Projector_Loader.dcr
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2013.06.26 09:23:10 | 000,012,532 | ---- | M] () -- \Windows\SysWOW64\Adobe\Shockwave 12\shockwave_Projector_Loader.dcr
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:28:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:41:11 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_66b5981d957562a1\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 07:26:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_66fe4899953f502c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:26:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:36:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_67316604ae9dcf7e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 16:12:39 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_677d175eae65090e\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:38:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 07:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 04:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 17:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 17:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 17:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 17:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 17:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2013.06.13 17:47:58 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2013.06.13 17:47:58 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2013.06.13 17:47:58 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2013.06.13 17:47:58 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2013.06.13 17:47:58 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 17:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2015.01.13 00:17:25 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_cs-cz_91e42f042cd18522.manifest
[2015.01.16 08:36:46 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_cs-cz_91e62f982ccfb7d0.manifest
[2009.07.14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010.11.20 06:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2015.01.12 05:50:53 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22921_none_b9c87a8c9c6eeb55.manifest
[2015.01.16 08:37:02 | 000,005,511 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_b9ca7b209c6d1e03.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:56:23 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 03:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

Re: Asi zavirované pc

Napsal: 31 kvě 2015 19:42
od cabas
OTL Extras logfile created on: 31.5.2015 20:26:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jirka\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,95 Gb Total Physical Memory | 4,88 Gb Available Physical Memory | 61,42% Memory free
15,89 Gb Paging File | 12,07 Gb Available in Paging File | 75,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 45,84 Gb Free Space | 41,04% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 794,05 Gb Free Space | 85,24% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JIRKA-PC | User Name: Jirka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050D9F5D-AAAD-40AC-B21A-226EE3E70F3D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{08AED5CA-F91F-45C6-8587-DE020EDDBD7F}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{11AA3B25-261D-4EB7-B892-4A7D24542299}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{1362698A-8346-40A9-9627-8D21DC0235F3}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{1932BEBD-DB52-4EA7-9DD3-1E957A39AEA2}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{2313F04E-ED66-4928-855C-6F1CC824C31F}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{2393C44A-F986-485A-99EC-0378DAC88168}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{2985B7E3-3534-48BE-AB3D-A70452D70D08}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{2E2D4D47-4CE5-426C-84AC-A101E3736C76}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{371A75C8-5616-44F0-91FB-B1C75F2F0C52}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{37FB2D3B-F1E4-42BF-8496-B1A1F276EFB7}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{493EA3D2-7629-424D-9270-74C98334E3DB}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{4B2BB3E6-BE33-4787-8523-C482F8AD7C57}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{4F2ED6E3-AB46-4EC4-8DF3-DD67CBE19226}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{5485CDD5-8F2F-4AAB-8023-6A525C24AD16}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{57FFBAB6-5732-42A9-9FB6-57D06222F3BF}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A8C698B-44A4-4FBF-8924-F9EDEC63AEC3}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{5C8E98D1-CB8A-47BD-98CD-1DB0224AD7C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6223F835-FE4B-4A83-B820-2B463C49EB04}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{6446D22B-C2C1-42DF-8AC9-86206A7B4403}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{6C64057C-B8F0-4EBB-AAB3-60829F47F942}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F23B47C-ECCA-4A0D-9A69-CB6D18458637}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{73EF38F7-AD5B-4BB5-BBB3-8121C4E4D82E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7414B22D-86AA-4383-8A77-C23D4699784F}" = lport=139 | protocol=6 | dir=in | app=system |
"{7B5AD7D1-F767-4256-8CE4-E1DDCBF14611}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{7CC563FE-3CFB-480A-BA97-EC305500227E}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{86A3798A-98E2-43DE-B089-EA2EB6822089}" = lport=445 | protocol=6 | dir=in | app=system |
"{87344B40-14EE-4B23-88AA-F1B7969C4FE0}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{88C39FA9-B30F-45E1-B7C7-FB248CEBD0A3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{88E33D82-CC0E-4A09-A4AA-FD58A334D377}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{8AC2A263-F523-492C-8D95-58EAD3882665}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8CC28221-2EF5-42AA-8191-5968D060B478}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{8EB6D18F-0382-420A-B0B0-3F64874A7788}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{95F7B31A-14B4-4C84-9022-0A8B3C24ADB4}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{96D48DAC-E596-4B84-AB05-7FD07E0DE4DC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A33C9777-5A7B-485D-8EAC-A0233EC1913C}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{B070A43C-0390-4A4E-AEB5-55EA3898C253}" = rport=138 | protocol=17 | dir=out | app=system |
"{BD5DB905-B076-43C2-9F93-B7E76B14D666}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C15C83CC-B7BA-43B5-8EC2-D724A53B351F}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C34717D0-5588-4AC7-AA20-6A77A1B6B95C}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{C4171ECF-B253-4B4D-90C9-495B9E6366D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF007B34-4D0A-430C-ADC1-2B0C005FDD27}" = rport=137 | protocol=17 | dir=out | app=system |
"{CFC23EBE-718A-4492-9FE7-09DD23A5AB00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D023862B-0875-4EE4-BA4C-98A1144C6521}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{D17A6632-73B9-468F-996D-951AD22FE61E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DFAF7D14-D29C-4BCF-8A0A-3B0440FF9851}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{DFC854EA-B5BD-4A0E-8FCE-086A9DB39F1A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1217881-1F59-4036-BD89-7F23D7A8D699}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{EA996972-5AE8-4000-BBB8-DADDCF482887}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{ED84C8A7-E938-4004-9D8C-0FD6012325E4}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{F0F2C89A-725B-457A-81D6-9E98E2C0EA11}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{F376B451-8501-4611-9B5E-6B933DC6EE85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6D95856-39ED-49C7-8F1C-A78B2E7B8AF7}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{F923B22C-7B14-43F2-AD88-65CD2C004CA4}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA9F5B7C-694E-4F7B-B2A9-8C831FA7A57A}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{FADE2B39-D5D3-4EE3-958A-2FD5BCF8AD2C}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{FCF88AA7-70BB-4952-B0F6-FE931C6EE2FD}" = lport=20010 | protocol=17 | dir=in | name=war thunder |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CA4600-0A15-49BC-A00E-CD927B203A89}" = protocol=6 | dir=in | app=c:\program files (x86)\sony mobile\update engine\sony mobile update engine.exe |
"{0294102A-F98A-4803-A8CD-887A8D0243EE}" = protocol=6 | dir=in | app=d:\warthunder\launcher.exe |
"{080EC3A8-F440-4372-87D6-A3B6BFB19388}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{0CB2D0C2-9115-46D5-83E7-512914A98029}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13FEF2EE-79DF-4AF7-B626-1EEF36A3ACD7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{14F89FD6-2632-4EBD-9ACC-CA475CEB0A12}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{16CC3DE1-BC41-47E6-B8FB-6B9A604EB961}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{24D20A05-47C5-49DA-A106-E992274C756C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{318EEB22-CD93-46F2-8B8A-E636F96AA13F}" = dir=in | name=asd |
"{324AE596-573B-4A6B-8579-2C8BE080EB3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36350298-7ABA-4B36-8041-84F90A56DF50}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{39D6EEF2-4EED-4211-A369-438CE957AB30}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{405195BC-A9A6-45EF-B666-8CBF48C0E414}" = protocol=17 | dir=in | app=c:\program files (x86)\sony mobile\update engine\sony mobile update engine.exe |
"{41CD2CD5-F4F9-4154-A531-083F1D218F18}" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\bios_run.exe |
"{42784E24-BE6A-459E-A819-2F05A5C81C02}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{452434A3-30DF-4B41-A357-BE0556D87D5E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{46868301-698A-4E0E-B4CC-62568191AF27}" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"{4C50688E-5047-4C87-A749-45FE478E6EFC}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\fifa 15\fifasetup\fifaconfig.exe |
"{4ED54B1A-98C8-4FC6-A78C-47884E72FA1F}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\fifa 15\fifasetup\fifaconfig.exe |
"{4F45E780-EBAF-4FF0-9E20-E5FC5EAB7DEB}" = protocol=17 | dir=in | app=d:\warthunder\launcher.exe |
"{57FF2D3A-1345-4DED-BBB1-4050128FB4D7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\euro truck simulator 2\bin\win_x64\eurotrucks2.exe |
"{5D3E5B01-4E2E-4F9E-95E3-6F40AA6D6CA6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the witcher 3\bin\x64\witcher3.exe |
"{5F60442B-1A54-4E2F-8AB7-FDC51D0767A2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{63839A68-42DB-4CD1-A83E-304FF26DEA66}" = protocol=6 | dir=in | app=d:\warthunder\launcher.exe |
"{666BCCDD-23C4-43DE-A4D8-D12C97D6B997}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6677650C-4918-43DF-9939-339651684620}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{72607344-E774-4597-98CB-5BEF741C3C14}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A878162-2EE2-43A5-B2CC-2C051B561DB8}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{867ED94D-0050-4D87-B21A-841382710542}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{86B27399-2BF7-407E-8A05-CFDBAE682ECF}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{8836B776-FD3A-42D5-81C1-A02BB2E07A9E}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{9347C6F8-5D8E-460F-A92A-E0FE19180DCB}" = dir=in | app=d:\eslwire\wire.exe |
"{93BEBC53-9404-45B8-B9FD-B2C37369B9CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{957F127B-C02B-42AD-A89A-3DF3255D5550}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{95B12763-6280-4896-B4FE-BFC157C7DAE7}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{AD88454B-B6FE-4272-9EFD-6CD8A43FE454}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the witcher 2\launcher.exe |
"{C14A6760-4D41-47E0-9FC6-EC40DD1D365E}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\fifa 15\fifasetup\fifaconfig.exe |
"{C3BB5236-F470-413E-B764-9227EF1B6D5E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6581ACD-C48B-46AA-BEB6-509D55C117AA}" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"{C92F8FFC-0B7E-4C18-8CBD-8D8C469A17B2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\euro truck simulator 2\bin\win_x64\eurotrucks2.exe |
"{CA04D2F3-0533-4F01-8C83-8EE382C49D83}" = protocol=17 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{CB07039A-039C-475C-AC91-A0A2AF17B762}" = dir=out | app=d:\eslwire\wire.exe |
"{CBA3E905-BC46-4586-81E0-387166DD6C90}" = protocol=17 | dir=in | app=c:\program files (x86)\sony mobile\update engine\sony mobile update engine.exe |
"{DCAAD6CE-257A-4F6B-B607-B25F45C752D6}" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\bios_run.exe |
"{DCE6EC61-5337-48A6-9BD9-E4AB5A5A2D99}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{E1475AF3-3C91-4374-A746-34B73D372CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\sony mobile\update engine\sony mobile update engine.exe |
"{E46BD377-FA77-472E-8040-28B43CF1710E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{EB4C45D9-E483-4DB1-96D4-68848EA9F67E}" = protocol=17 | dir=in | app=d:\warthunder\launcher.exe |
"{EDCC5C89-D556-4755-8575-86411FBAF232}" = protocol=6 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{F6086EC2-DCAC-4478-8726-33BC3DF657DD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the witcher 3\bin\x64\witcher3.exe |
"{F708DCBE-6E4C-4622-9120-C2DD241D5F50}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\fifa 15\fifasetup\fifaconfig.exe |
"{FC23F206-07A0-4246-84F6-7428589BB47D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the witcher 2\launcher.exe |
"TCP Query User{10E805B6-323E-4939-B458-8E99D4208FB2}C:\users\jirka\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jirka\appdata\roaming\spotify\spotify.exe |
"TCP Query User{158F288B-F50D-45C5-82C0-78FF0BB22236}D:\asm\dota2\steamapps\common\half-life\hl.exe" = protocol=6 | dir=in | app=d:\asm\dota2\steamapps\common\half-life\hl.exe |
"TCP Query User{15A4E58E-8C3B-45A8-A997-57E6914EDBF6}D:\program files (x86)\origin games\fifa 15\fifa15.exe" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\fifa 15\fifa15.exe |
"TCP Query User{28172A39-E8C2-4A47-B563-91FC899332DA}E:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\wr741n\easysetupassistant.exe |
"TCP Query User{2DBB10A3-7CA9-463B-9A55-56C3A1D9AA6B}D:\warthunder\aces.exe" = protocol=6 | dir=in | app=d:\warthunder\aces.exe |
"TCP Query User{50AC1C6C-37BA-4BC2-B20E-8DB8ADFFFFDA}D:\asm\dota2\steamapps\common\dota 2 beta\dota.exe" = protocol=6 | dir=in | app=d:\asm\dota2\steamapps\common\dota 2 beta\dota.exe |
"TCP Query User{60EFF105-E1B7-40E6-BF44-A83DB97C5512}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"TCP Query User{7C78574E-DD38-43B6-842C-127A72D583E3}E:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\wr741n\easysetupassistant.exe |
"TCP Query User{7D8BD302-C34C-4C02-8EFD-4BA7B8E7BB03}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{86BDCB53-5FD7-46F7-A46C-EF0EC5FBDFAC}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{E9EE7216-1DB6-4A27-A933-5AAB4EE650E9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{152B12BB-56F2-4CC1-AF7B-7AC121D9F181}D:\program files (x86)\origin games\fifa 15\fifa15.exe" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\fifa 15\fifa15.exe |
"UDP Query User{431A6D7D-BB41-48BB-B52B-288FECF545EA}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{623AC947-D133-4728-B0D3-128BDF707DD2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{6D4A8B84-9D1A-4FA6-874A-0D1958333317}E:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\wr741n\easysetupassistant.exe |
"UDP Query User{83085914-2DBA-4352-A409-924FFA4D330B}D:\warthunder\aces.exe" = protocol=17 | dir=in | app=d:\warthunder\aces.exe |
"UDP Query User{90647DB4-DBA2-4FE0-A40E-4F63ED70820B}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{9F6D2E38-3858-4B3C-A904-73C20C745B2E}D:\asm\dota2\steamapps\common\dota 2 beta\dota.exe" = protocol=17 | dir=in | app=d:\asm\dota2\steamapps\common\dota 2 beta\dota.exe |
"UDP Query User{A16FF72F-D506-4F50-8A88-EEFE9D0000E3}E:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\wr741n\easysetupassistant.exe |
"UDP Query User{A778F994-7F1C-44CF-A032-6CE2F80EA043}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"UDP Query User{B0E7B55F-7A51-4089-98FF-D70A2AED5177}C:\users\jirka\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jirka\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F2A86BD2-E797-46B2-B183-057A59053AE1}D:\asm\dota2\steamapps\common\half-life\hl.exe" = protocol=17 | dir=in | app=d:\asm\dota2\steamapps\common\half-life\hl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{114C48CB-65F8-4EC6-83CD-B3F936BFF795}" = S.T.R.I.K.E.3
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 15.3.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 15.3.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{D56E0F0E-CC77-4BED-B63A-95432AFDC114}" = ESET NOD32 Antivirus
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ESL Wire_is1" = ESL Wire 1.18.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SteelSeries Engine" = SteelSeries Engine
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E784CFD-CEB1-42E1-9C42-FC2497DD653E}" = Mumble 1.2.8
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 71
"{28D1723C-31C4-4A83-9799-DFFB3739026D}" = Warface Launcher (Beta)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{37476589-E48E-439E-A706-56189E2ED4C4}_is1" = NoMore Ads
"{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}" = EA SPORTS™ FIFA 15
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B12.1025.1
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.1121.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A754DA6-6E12-40AF-BAF0-B7D60C6BE005}" = LibreOffice 4.4.1.2
"{4B4DB54B-A017-4E82-8995-AC752FEBCDD8}_is1" = Tt eSPORTS ShockONE gaming headset Driver V1.0
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8305}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}" = SW-Sustainer 1.80
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00B0-0405-0000-0000000FF1CE}" = Doplněk Microsoft Save as PDF pro aplikace sady Microsoft Office 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.11) - Czech
"{AC968B0F-024A-4323-BD6B-C2A85D183F34}" = GHOST
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"aTube Catcher" = aTube Catcher
"DAEMON Tools Lite" = DAEMON Tools Lite
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"Inkscape" = Inkscape 0.48.4
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.1121.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.5
"League of Legends 3.0.1" = League of Legends
"mIRC" = mIRC
"OpenSubtitlesPlayer_is1" = OpenSubtitlesPlayer V6.X
"Origin" = Origin
"SpeedFan" = SpeedFan (remove only)
"Steam" = Steam
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 220260" = Farming Simulator 2013
"Steam App 227300" = Euro Truck Simulator 2
"Steam App 227940" = Heroes & Generals
"Steam App 236390" = War Thunder
"Steam App 242920" = Banished
"Steam App 263280" = Spintires
"Steam App 292030" = The Witcher 3: Wild Hunt
"Steam App 295110" = H1Z1
"Steam App 48700" = Mount & Blade: Warband
"Steam App 570" = Dota 2
"Steam App 730" = Counter-Strike: Global Offensive
"Update Engine" = Sony Mobile Update Engine
"VLC media player" = VLC media player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-149146591-1846029809-4080100686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.8.0.0
"playnowradio" = Play Now Radio
"Search Protection" = Search Protection
"SeznamInstall" = Seznam Software
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31.5.2015 14:35:41 | Computer Name = Jirka-PC | Source = ESENT | ID = 486
Description = Windows (5348) Windows: Pokus o přesunutí souboru C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
do složky C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log se
nezdařil. Došlo k systémové chybě 2 (0x00000002): Systém nemůže nalézt uvedený soubor.
. Operace přesunutí souboru se nezdaří a dojde k chybě -1811 (0xfffff8ed).

Error - 31.5.2015 14:35:41 | Computer Name = Jirka-PC | Source = ESENT | ID = 413
Description = Windows (5348) Windows: Nový soubor protokolu nelze vytvořit, protože
není možné zapisovat na jednotku protokolu. Jednotka může být označena jen pro
čtení, na disku je nedostatek místa nebo je jednotka chybně nakonfigurována či poškozena.
Chyba -1811

Error - 31.5.2015 14:37:36 | Computer Name = Jirka-PC | Source = ESENT | ID = 486
Description = Windows (5028) Windows: Pokus o přesunutí souboru C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
do složky C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log se
nezdařil. Došlo k systémové chybě 2 (0x00000002): Systém nemůže nalézt uvedený soubor.
. Operace přesunutí souboru se nezdaří a dojde k chybě -1811 (0xfffff8ed).

Error - 31.5.2015 14:37:36 | Computer Name = Jirka-PC | Source = ESENT | ID = 413
Description = Windows (5028) Windows: Nový soubor protokolu nelze vytvořit, protože
není možné zapisovat na jednotku protokolu. Jednotka může být označena jen pro
čtení, na disku je nedostatek místa nebo je jednotka chybně nakonfigurována či poškozena.
Chyba -1811

Error - 31.5.2015 14:37:48 | Computer Name = Jirka-PC | Source = ESENT | ID = 486
Description = Windows (4632) Windows: Pokus o přesunutí souboru C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
do složky C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log se
nezdařil. Došlo k systémové chybě 2 (0x00000002): Systém nemůže nalézt uvedený soubor.
. Operace přesunutí souboru se nezdaří a dojde k chybě -1811 (0xfffff8ed).

Error - 31.5.2015 14:37:48 | Computer Name = Jirka-PC | Source = ESENT | ID = 413
Description = Windows (4632) Windows: Nový soubor protokolu nelze vytvořit, protože
není možné zapisovat na jednotku protokolu. Jednotka může být označena jen pro
čtení, na disku je nedostatek místa nebo je jednotka chybně nakonfigurována či poškozena.
Chyba -1811

Error - 31.5.2015 14:38:22 | Computer Name = Jirka-PC | Source = ESENT | ID = 486
Description = Windows (6032) Windows: Pokus o přesunutí souboru C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
do složky C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log se
nezdařil. Došlo k systémové chybě 2 (0x00000002): Systém nemůže nalézt uvedený soubor.
. Operace přesunutí souboru se nezdaří a dojde k chybě -1811 (0xfffff8ed).

Error - 31.5.2015 14:38:22 | Computer Name = Jirka-PC | Source = ESENT | ID = 413
Description = Windows (6032) Windows: Nový soubor protokolu nelze vytvořit, protože
není možné zapisovat na jednotku protokolu. Jednotka může být označena jen pro
čtení, na disku je nedostatek místa nebo je jednotka chybně nakonfigurována či poškozena.
Chyba -1811

Error - 31.5.2015 14:38:25 | Computer Name = Jirka-PC | Source = ESENT | ID = 486
Description = Windows (5560) Windows: Pokus o přesunutí souboru C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
do složky C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log se
nezdařil. Došlo k systémové chybě 2 (0x00000002): Systém nemůže nalézt uvedený soubor.
. Operace přesunutí souboru se nezdaří a dojde k chybě -1811 (0xfffff8ed).

Error - 31.5.2015 14:38:25 | Computer Name = Jirka-PC | Source = ESENT | ID = 413
Description = Windows (5560) Windows: Nový soubor protokolu nelze vytvořit, protože
není možné zapisovat na jednotku protokolu. Jednotka může být označena jen pro
čtení, na disku je nedostatek místa nebo je jednotka chybně nakonfigurována či poškozena.
Chyba -1811

[ System Events ]
Error - 31.5.2015 14:35:41 | Computer Name = Jirka-PC | Source = Service Control Manager | ID = 7024
Description = Služba Windows Search ukončena s chybou %%-1073473536, specifickou
pro službu.

Error - 31.5.2015 14:35:41 | Computer Name = Jirka-PC | Source = Service Control Manager | ID = 7034
Description = Služba Windows Search byla neočekávaně ukončena. Tento stav nastal
již 30krát.

Error - 31.5.2015 14:37:37 | Computer Name = Jirka-PC | Source = Service Control Manager | ID = 7024
Description = Služba Windows Search ukončena s chybou %%-1073473536, specifickou
pro službu.

Error - 31.5.2015 14:37:37 | Computer Name = Jirka-PC | Source = Service Control Manager | ID = 7034
Description = Služba Windows Search byla neočekávaně ukončena. Tento stav nastal
již 31krát.

Error - 31.5.2015 14:37:48 | Computer Name = Jirka-PC | Source = Service Control Manager | ID = 7024
Description = Služba Windows Search ukončena s chybou %%-1073473536, specifickou
pro službu.

Error - 31.5.2015 14:37:48 | Computer Name = Jirka-PC | Source = Service Control Manager | ID = 7034
Description = Služba Windows Search byla neočekávaně ukončena. Tento stav nastal
již 32krát.

Error - 31.5.2015 14:38:23 | Computer Name = Jirka-PC | Source = Service Control Manager | ID = 7024
Description = Služba Windows Search ukončena s chybou %%-1073473536, specifickou
pro službu.

Error - 31.5.2015 14:38:23 | Computer Name = Jirka-PC | Source = Service Control Manager | ID = 7034
Description = Služba Windows Search byla neočekávaně ukončena. Tento stav nastal
již 33krát.

Error - 31.5.2015 14:38:26 | Computer Name = Jirka-PC | Source = Service Control Manager | ID = 7024
Description = Služba Windows Search ukončena s chybou %%-1073473536, specifickou
pro službu.

Error - 31.5.2015 14:38:26 | Computer Name = Jirka-PC | Source = Service Control Manager | ID = 7034
Description = Služba Windows Search byla neočekávaně ukončena. Tento stav nastal
již 34krát.


< End of report >

Re: Asi zavirované pc

Napsal: 02 čer 2015 10:20
od cabas
halo? :D

Re: Asi zavirované pc

Napsal: 02 čer 2015 10:50
od vyosek
:arrow: Jen se zeptam pouzivate legalni operacni system, nejvyssi licence (v hodnote nejake tisic) Ultimate zrovna neni bezna domaci verze :?:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz