VIRY.CZ

Logfile of random's system information tool 1.10 (written by random/random)
Run by Radek at 2016-06-07 18:22:12
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 197 GB (32%) free of 610 GB
Total RAM: 3292 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:01, on 7.6.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Smart File Advisor\SFAUpdater.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\wscript.exe
C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Radek\Downloads\RSIT.exe
C:\Program Files\trend micro\Radek.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... kId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=cmd /c
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Smart File Advisor] "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc
O4 - HKLM\..\Run: [SFAUpdater] "C:\Program Files\Smart File Advisor\SFAUpdater.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Minecraft] wscript.exe //B "C:\Users\Radek\AppData\Roaming\Minecraft.vbs"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Radek\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Minecraft] wscript.exe //B "C:\Users\Radek\AppData\Roaming\Minecraft.vbs"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Minecraft.vbs
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Installer TrueKey (InstallerService) - Unknown owner - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (file missing)
O23 - Service: Intel(R) Biometric and Context Agent Service (IntelBCAsvc) - Intel(R) Corporation - C:\Program Files\Intel\BCA\pabeSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\Radek\AppData\Local\Torch\Update\TorchCrashHandler.exe
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: TrueKeyServiceHelper - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe

--
End of file - 7891 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\fqxs8r1t.default-1462973134106

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.197 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.77.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\TorchVLC]
"Description"=VLC Multimedia Plugin
"Path"=C:\Users\Radek\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}]
True Key Helper - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17 987888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29 462400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-10 679680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-10 193136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29 173120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1}
{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - True Key - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17 987888]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-10 193136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-08-16 10820200]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-04-05 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-04-05 175640]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-04-05 169496]
"Smart File Advisor"=C:\Program Files\Smart File Advisor\sfa.exe [2014-10-10 283248]
"SFAUpdater"=C:\Program Files\Smart File Advisor\SFAUpdater.exe [2014-10-10 655472]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-06-04 7400064]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2016-03-20 595480]
"Minecraft"=wscript.exe //B C:\Users\Radek\AppData\Roaming\Minecraft.vbs []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=C:\Users\Radek\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"Minecraft"=wscript.exe //B C:\Users\Radek\AppData\Roaming\Minecraft.vbs []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
C:\Program Files\Pando Networks\Media Booster\PMB.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2015-09-23 457088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2013-12-13 831488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16]
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2013-12-13 831488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Radek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
C:\PROGRA~1\MYPCBA~1\MYPCBA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Radek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stickies.lnk]
C:\PROGRA~1\Stickies\stickies.exe [2014-03-26 1122304]

C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Minecraft.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-03-31 227328]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv50"=C:\PROGRA~1\SPlayer\ir50_32.dll
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-06-07 18:22:12 ----D---- C:\rsit
2016-06-07 18:22:12 ----D---- C:\Program Files\trend micro
2016-05-11 15:20:56 ----D---- C:\Program Files\Mozilla Maintenance Service
2016-05-11 15:16:37 ----D---- C:\Users\Radek\AppData\Roaming\Google
2016-05-11 15:13:46 ----D---- C:\Users\Radek\AppData\Roaming\TeamViewer
2016-05-11 12:46:35 ----A---- C:\Windows\system32\jnwmon.dll
2016-05-11 12:46:34 ----A---- C:\Windows\system32\gdi32.dll
2016-05-11 12:46:33 ----A---- C:\Windows\system32\d3d10level9.dll
2016-05-11 12:46:32 ----A---- C:\Windows\system32\WindowsCodecs.dll
2016-05-11 12:46:03 ----A---- C:\Windows\system32\InkEd.dll
2016-05-11 12:46:01 ----A---- C:\Windows\system32\win32k.sys
2016-05-11 12:45:58 ----A---- C:\Windows\system32\tzres.dll
2016-05-11 12:45:50 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 12:45:50 ----A---- C:\Windows\system32\iernonce.dll
2016-05-11 12:45:50 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-05-11 12:45:50 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-05-11 12:45:49 ----A---- C:\Windows\system32\urlmon.dll
2016-05-11 12:45:49 ----A---- C:\Windows\system32\occache.dll
2016-05-11 12:45:49 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 12:45:49 ----A---- C:\Windows\system32\inseng.dll
2016-05-11 12:45:49 ----A---- C:\Windows\system32\iedkcs32.dll
2016-05-11 12:45:49 ----A---- C:\Windows\system32\ie4uinit.exe
2016-05-11 12:45:48 ----A---- C:\Windows\system32\jsproxy.dll
2016-05-11 12:45:48 ----A---- C:\Windows\system32\jscript9diag.dll
2016-05-11 12:45:48 ----A---- C:\Windows\system32\ieUnatt.exe
2016-05-11 12:45:48 ----A---- C:\Windows\system32\ieapfltr.dll
2016-05-11 12:45:48 ----A---- C:\Windows\system32\dxtmsft.dll
2016-05-11 12:45:47 ----A---- C:\Windows\system32\msfeeds.dll
2016-05-11 12:45:46 ----A---- C:\Windows\system32\webcheck.dll
2016-05-11 12:45:46 ----A---- C:\Windows\system32\msrating.dll
2016-05-11 12:45:46 ----A---- C:\Windows\system32\iesetup.dll
2016-05-11 12:45:45 ----A---- C:\Windows\system32\wininet.dll
2016-05-11 12:45:45 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 12:45:44 ----A---- C:\Windows\system32\ieui.dll
2016-05-11 12:45:44 ----A---- C:\Windows\system32\dxtrans.dll
2016-05-11 12:45:43 ----A---- C:\Windows\system32\ieframe.dll
2016-05-11 12:45:42 ----A---- C:\Windows\system32\mshtmled.dll
2016-05-11 12:45:41 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-05-11 12:45:40 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-05-11 12:45:40 ----A---- C:\Windows\system32\iertutil.dll
2016-05-11 12:45:39 ----A---- C:\Windows\system32\mshtml.dll
2016-05-11 12:45:38 ----A---- C:\Windows\system32\jscript9.dll
2016-05-11 12:45:37 ----A---- C:\Windows\system32\jscript.dll
2016-05-11 12:45:36 ----A---- C:\Windows\system32\vbscript.dll
2016-05-11 12:45:22 ----A---- C:\Windows\system32\kerberos.dll
2016-05-11 12:45:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-05-11 12:45:20 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-05-11 12:45:20 ----A---- C:\Windows\system32\ntdll.dll
2016-05-11 12:45:18 ----A---- C:\Windows\system32\lsasrv.dll
2016-05-11 12:45:18 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-05-11 12:45:18 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-05-11 12:45:17 ----A---- C:\Windows\system32\wdigest.dll
2016-05-11 12:45:17 ----A---- C:\Windows\system32\sspicli.dll
2016-05-11 12:45:17 ----A---- C:\Windows\system32\srcore.dll
2016-05-11 12:45:17 ----A---- C:\Windows\system32\smss.exe
2016-05-11 12:45:17 ----A---- C:\Windows\system32\schannel.dll
2016-05-11 12:45:17 ----A---- C:\Windows\system32\rpchttp.dll
2016-05-11 12:45:17 ----A---- C:\Windows\system32\rpcrt4.dll
2016-05-11 12:45:17 ----A---- C:\Windows\system32\ncrypt.dll
2016-05-11 12:45:17 ----A---- C:\Windows\system32\msv1_0.dll
2016-05-11 12:45:17 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-05-11 12:45:17 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-05-11 12:45:17 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-05-11 12:45:17 ----A---- C:\Windows\system32\advapi32.dll
2016-05-11 12:45:16 ----A---- C:\Windows\system32\TSpkg.dll
2016-05-11 12:45:16 ----A---- C:\Windows\system32\srclient.dll
2016-05-11 12:45:16 ----A---- C:\Windows\system32\csrsrv.dll
2016-05-11 12:45:16 ----A---- C:\Windows\system32\apisetschema.dll
2016-05-11 12:45:15 ----A---- C:\Windows\system32\sspisrv.dll
2016-05-11 12:45:15 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-05-11 12:45:15 ----A---- C:\Windows\system32\secur32.dll
2016-05-11 12:45:15 ----A---- C:\Windows\system32\rstrui.exe
2016-05-11 12:45:15 ----A---- C:\Windows\system32\msobjs.dll
2016-05-11 12:45:15 ----A---- C:\Windows\system32\msaudite.dll
2016-05-11 12:45:15 ----A---- C:\Windows\system32\lsass.exe
2016-05-11 12:45:15 ----A---- C:\Windows\system32\drivers\appid.sys
2016-05-11 12:45:15 ----A---- C:\Windows\system32\cryptbase.dll
2016-05-11 12:45:15 ----A---- C:\Windows\system32\credssp.dll
2016-05-11 12:45:15 ----A---- C:\Windows\system32\auditpol.exe
2016-05-11 12:45:15 ----A---- C:\Windows\system32\appidsvc.dll
2016-05-11 12:45:15 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 12:45:15 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 12:45:15 ----A---- C:\Windows\system32\appidapi.dll
2016-05-11 12:45:15 ----A---- C:\Windows\system32\adtschema.dll
2016-05-11 12:45:04 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2016-05-11 12:45:04 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2016-05-11 12:45:04 ----A---- C:\Windows\system32\cdd.dll
2016-05-10 19:38:12 ----D---- C:\ProgramData\Google
2016-05-10 19:36:40 ----A---- C:\Windows\system32\aswBoot.exe
2016-05-10 19:21:04 ----A---- C:\Windows\system32\drivers\aswKbd.sys
2016-05-10 19:21:03 ----A---- C:\Windows\system32\drivers\aswNetSec.sys
2016-05-10 19:20:36 ----A---- C:\Windows\avastSS.scr
2016-05-10 19:20:22 ----A---- C:\Windows\system32\drivers\aswNetNd6.sys

======List of files/folders modified in the last 1 month======

2016-06-07 18:22:23 ----D---- C:\Windows\Temp
2016-06-07 18:22:12 ----D---- C:\Program Files
2016-06-07 18:18:35 ----D---- C:\Users\Radek\AppData\Roaming\Seznam.cz
2016-06-07 18:15:44 ----D---- C:\Windows\system32\config
2016-06-07 18:12:11 ----D---- C:\ProgramData\TorchCrashHandler
2016-06-07 18:11:48 ----D---- C:\Program Files\TrueKey
2016-06-06 20:48:49 ----D---- C:\Users\Radek\AppData\Roaming\.minecraft
2016-06-06 18:54:41 ----SHD---- C:\Windows\Installer
2016-06-06 18:54:26 ----D---- C:\Program Files\McAfee
2016-06-05 11:48:19 ----D---- C:\Scenes
2016-06-05 11:48:19 ----D---- C:\KD
2016-06-05 11:48:19 ----A---- C:\Windows\win.ini
2016-06-05 11:47:46 ----D---- C:\Windows\Prefetch
2016-06-02 21:10:06 ----HD---- C:\ProgramData
2016-06-01 07:18:13 ----D---- C:\Users\Radek\AppData\Roaming\vlc
2016-05-29 11:00:27 ----D---- C:\Windows\System32
2016-05-29 11:00:27 ----D---- C:\Windows\inf
2016-05-29 11:00:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-05-26 22:28:59 ----D---- C:\Windows\winsxs
2016-05-26 22:28:58 ----SD---- C:\Windows\system32\GWX
2016-05-21 09:18:19 ----D---- C:\Windows\system32\catroot2
2016-05-16 19:33:12 ----D---- C:\ProgramData\McAfee
2016-05-13 03:00:13 ----D---- C:\Windows\system32\appraiser
2016-05-12 17:56:31 ----SHD---- C:\System Volume Information
2016-05-12 17:56:30 ----D---- C:\Windows\Logs
2016-05-12 09:05:30 ----D---- C:\Windows\rescache
2016-05-11 16:01:20 ----D---- C:\Windows\Microsoft.NET
2016-05-11 16:01:16 ----RSD---- C:\Windows\assembly
2016-05-11 15:32:15 ----D---- C:\Install
2016-05-11 15:21:02 ----D---- C:\Program Files\Mozilla Firefox
2016-05-11 15:07:29 ----D---- C:\Windows\ehome
2016-05-11 15:07:29 ----D---- C:\Program Files\Windows Journal
2016-05-11 15:07:28 ----D---- C:\Windows\system32\en-US
2016-05-11 15:07:28 ----D---- C:\Windows\system32\cs-CZ
2016-05-11 15:07:27 ----D---- C:\Program Files\Internet Explorer
2016-05-11 15:07:26 ----D---- C:\Windows\system32\drivers
2016-05-11 13:00:58 ----D---- C:\Windows\system32\MRT
2016-05-11 12:52:39 ----A---- C:\Windows\system32\MRT.exe
2016-05-11 12:43:07 ----D---- C:\Windows\Tasks
2016-05-11 12:43:06 ----D---- C:\Windows\system32\Tasks
2016-05-10 20:13:13 ----D---- C:\Program Files\The Logo Creator v4
2016-05-10 20:12:31 ----HD---- C:\Program Files\InstallShield Installation Information
2016-05-10 20:09:53 ----D---- C:\Program Files\Google
2016-05-10 20:09:10 ----D---- C:\Program Files\Free Videos To DVD
2016-05-10 19:36:32 ----D---- C:\Windows
2016-05-10 19:21:17 ----D---- C:\Windows\system32\DriverStore
2016-05-10 19:20:40 ----D---- C:\ProgramData\AVAST Software
2016-05-10 19:20:26 ----D---- C:\Program Files\AVAST Software

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-05-10 58776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-05-10 221368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2016-01-02 329384]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-05-10 35096]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-05-10 334776]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-05-10 91232]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-05-10 815792]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-05-10 449640]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eusk2par;Aladdin SmartKey Parallel Driver; \??\C:\Windows\system32\Drivers\eusk2par.sys [2008-12-18 25680]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-05-10 32792]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-05-10 91168]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-05-10 124808]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2016-05-10 26776]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-03-31 8744448]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-08-16 3648424]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-01 393320]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-01-02 26168]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-01-02 40504]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys []
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys []
S3 eusk3usb;SmartKey 3 USB; C:\Windows\System32\Drivers\eusk3usb.sys [2005-08-22 43968]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2013-02-05 49664]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2015-08-14 13528]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2013-01-15 25200]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2015-08-14 26328]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;YunOS USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S4 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-05-10 243296]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-05-10 370656]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service; C:\Program Files\Intel\BCA\pabeSvc.exe [2015-11-25 2353816]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TorchCrashHandler;Torch Crash Handler; C:\Users\Radek\AppData\Local\Torch\Update\TorchCrashHandler.exe [2014-02-24 1216520]
R2 TrueKey;Intel Security True Key; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2016-05-16 879952]
R2 TrueKeyScheduler;Intel Security True Key Scheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [2016-05-16 16792]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 1713904]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S2 InstallerService;Service Installer TrueKey; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2013-02-05 1512448]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-05-10 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-04-23 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-05-03 146888]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2015-06-10 155520]
S3 TrueKeyServiceHelper;TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2016-05-16 73968]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-19 1343400]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2012-12-16 72704]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-02 269504]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
S4 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.10 2016-06-07 18:23:05

======MBR======

0x33C08ED0BC007CFB5007501FFCBE1B7CBF1B065057B9E501F3A4CBBDBE07B104386E007C09751383C510E2F4CD188BF583C610497419382C74F6A0B507B4078BF0AC3C0074FCBB0700B40ECD10EBF2884E10E84600732AFE4610807E040B740B807E040C7405A0B60775D2804602068346080683560A00E821007305A0B607EBBC813EFE7D55AA740B807E100074C8A0B707EBA98BFC1E578BF5CBBF05008A5600B408CD1372238AC1243F988ADE8AFC43F7E38BD186D6B106D2EE42F7E239560A77237205394608731CB80102BB007C8B4E028B5600CD1373514F744E32E48A5600CD13EBE48A560060BBAA55B441CD13723681FB55AA7530F6C101742B61606A006A00FF760AFF76086A0068007C6A016A10B4428BF4CD136161730E4F740B32E48A5600CD13EBD661F9C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002C4463A00B87E300000001010007FEFFFF3F000000809D841E00FEFFFF0FFEFFFFBF9D841E82AEB31B000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

Adobe Flash Player 19 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_19_0_0_245_ActiveX.exe -maintain activex
Adobe Flash Player 21 NPAPI-->C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_197_Plugin.exe -maintain plugin
Adobe Reader XI (11.0.07) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Adobe Shockwave Player 12.2-->"C:\Windows\system32\Adobe\Shockwave 12\uninstaller.exe"
Avast Premier-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
FormatFactory 2.96-->C:\Program Files\FreeTime\FormatFactory\uninst.exe
Fotogalerie-->MsiExec.exe /X{AEA7CE08-09DC-4186-99FD-66A26F3B8B21}
Fotolab Fotosvet-->"C:\Program Files\Fotolab\Fotolab Fotosvet\uninstall.exe"
GIMP 2.8.14-->"C:\Program Files\GIMP 2\uninst\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_F3B2E431EE169D71.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HF Designer 5.2-->"C:\Program Files\HF Designer\unins000.exe"
Intel Security True Key-->C:\Program Files\TrueKey\Mcafee.TrueKey.Uninstaller.Exe
Intel(R) Biometric and Context Agent Redistributables-->MsiExec.exe /X{DD17408A-4066-45D6-8F83-F329C3AFAA6D}
Intel(R) Biometric and Context Agent-->MsiExec.exe /X{A8C4BCA1-00FE-4CC4-B8E4-E56CEA270C89}
Intel(R) Graphics Media Accelerator Driver-->C:\Program Files\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
IrfanView (remove only)-->"C:\Program Files\IrfanView\iv_uninstall.exe"
Java 8 Update 77-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218077F0}
Junk Mail filter update-->MsiExec.exe /I{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}
KitchenDraw 5.0-->C:\KD\UNWISE.EXE C:\KD\INSTALL.LOG
KitchenDraw 6.0-->"c:\KD\unins000.exe"
LibreOffice 3.3-->MsiExec.exe /I{CEE2613D-3B53-4447-BA2D-E88C08272581}
Microsoft .NET Framework 4.5.2 (CSY)-->MsiExec.exe /X{69EDC871-8A8A-34A8-B511-FF7CE3C4B0B7}
Microsoft .NET Framework 4.5.2 (čeština)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\CSY\\Setup.exe /repair /x86 /lcid 1029
Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86
Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{3911CF56-9EF2-39BA-846A-C27BD3CD0685}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850405-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Movie Maker-->MsiExec.exe /X{379A0618-EF50-423C-9637-EEB2D25A4BB4}
Movie Maker-->MsiExec.exe /X{45898170-E68C-4F02-AA35-C2186BF347A3}
Movies Search App for Firefox (Dist. by Koyote-Lab, Inc.)-->C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\FF\uninstall.exe /UN=FF /PID=KYT2-DTX /PCD=IMH
Movies Search App for Internet Explorer (Dist. by Koyote-Lab, Inc.)-->C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe /UN=IE /PID=KYT2-DTX /PCD=IMH
Mozilla Firefox 46.0.1 (x86 cs)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
Mozilla Sunbird (0.9)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MyPhoneExplorer-->C:\Program Files\MyPhoneExplorer\uninstall.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Optimik 2.36c-->"C:\Program Files\Optimik\unins000.exe"
Ovečky-->C:\Program Files\Ovečky\Uninstall.exe
Photo Common-->MsiExec.exe /X{23AAEBF8-12B1-43EA-B75D-CDC613CA6CB4}
Photo Gallery-->MsiExec.exe /X{0F929651-F516-4956-90F2-FFBD2CD5D30E}
Realtek Ethernet Controller Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
SafeZone Stable 1.48.2066.101-->"C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" /uninstall
Samsung Printer Live Update-->C:\Program Files\SamsungPrinterLiveUpdateInstaller\uninstall.exe
Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {CCEC28F6-82A2-35B0-8FE6-39C22A698F23}
Security Update for Microsoft .NET Framework 4.5.2 (KB3074550)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {A4953275-5880-3E7F-ABC2-BE1904624135}
Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {63474770-8265-373F-8E8A-63BE4DB58739}
Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {DB389F39-13F5-33DE-B9A2-C2AF6E3D4EDE}
Security Update for Microsoft .NET Framework 4.5.2 (KB3122656)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {BCC414C0-8FCC-3249-B692-4A832E0A9326}
Security Update for Microsoft .NET Framework 4.5.2 (KB3127229)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {DB5B33BE-851E-30AC-AFEC-32082B3448EC}
Security Update for Microsoft .NET Framework 4.5.2 (KB3135996)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {0B89053B-566E-3125-810C-4CFC467F6F39}
Security Update for Microsoft .NET Framework 4.5.2 (KB3142033)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {493E2572-1668-339D-A3C8-A39CBBB2B4E1}
Smart File Advisor 1.1.6-->"C:\Program Files\Smart File Advisor\unins000.exe"
Sony Mobile Update Engine-->C:\Program Files\Sony Mobile\Update Engine\uninst.exe
Sony PC Companion 2.10.303-->"C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0409 -removeonly
Stickies 7.1a-->C:\Windows\uninstallstickies.bat
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Tajemná písmena-->C:\Program Files\Tajemná písmena\Uninstall.exe
Tajuplný ostrov-->C:\Program Files\Tajuplný ostrov\Uninstall.exe
TeamViewer 7-->C:\Program Files\TeamViewer\Version7\uninstall.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Turtix-->C:\Program Files\Turtix\Uninstall.exe
Universal Adb Driver-->MsiExec.exe /I{D9C4202E-6D51-4B06-A8F1-22316E654BCA}
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
UsbFix-->C:\UsbFix\Un-UsbFix.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
VLC media player-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{03D562B5-C4E2-4846-A920-33178788BE00}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{9976E0BD-56A6-4A32-8597-B80FCE62063A}
Windows Live Family Safety-->MsiExec.exe /I{15F16DD9-670C-4B8F-9F92-BC358AB814BD}
Windows Live Family Safety-->MsiExec.exe /X{BF286606-9E68-472C-BAEA-41162F2BF4D1}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{8256F87F-8554-4457-8C3D-3F3324697D9F}
Windows Live Installer-->MsiExec.exe /I{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}
Windows Live Mail-->MsiExec.exe /I{B6FF40EA-AEF2-46FF-9516-9A6512901B97}
Windows Live Mail-->MsiExec.exe /I{D604900F-A275-416C-AF9D-CDEDF58B72DB}
Windows Live Messenger-->MsiExec.exe /X{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}
Windows Live Messenger-->MsiExec.exe /X{C82E0493-CDCF-4583-8DAE-59CC7EC4B2FE}
Windows Live MIME IFilter-->MsiExec.exe /I{D8E4163F-7ED2-429A-B8C5-C7CE5B797831}
Windows Live Photo Common-->MsiExec.exe /X{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}
Windows Live PIMT Platform-->MsiExec.exe /I{E3445598-4424-4EE2-B71C-C23325F7FB71}
Windows Live SOXE Definitions-->MsiExec.exe /I{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}
Windows Live SOXE-->MsiExec.exe /I{6B6923B9-8719-425B-916C-CD2908F31AAF}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{D310DD60-9EF2-4C9C-AD66-A58185A1C7CB}
Windows Live UX Platform-->MsiExec.exe /I{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}
Windows Live Writer Resources-->MsiExec.exe /X{BADEEBDE-ABAF-4650-9149-51614651A1A0}
Windows Live Writer-->MsiExec.exe /X{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}
Windows Live Writer-->MsiExec.exe /X{E5603D65-60FC-47A6-AAC3-D5448227E963}
Windows Live Writer-->MsiExec.exe /X{EFBCA571-617D-484A-9ECA-E301BB6D0750}
Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}
WinRAR 4.20 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
Zoner Photo Studio 16-->"C:\Program Files\Zoner\Photo Studio 16\unins000.exe"
Ztracený poklad 1.2-->"C:\Program Files\Ztracený poklad\unins000.exe"

======System event log======

Computer Name: Radek-PC
Event Code: 7036
Message: Stav služby Služba Plánovač multimédií byl změněn na: Zastaveno
Record Number: 379714
Source Name: Service Control Manager
Time Written: 20160110174824.439723-000
Event Type: Informace
User:

Computer Name: Radek-PC
Event Code: 7036
Message: Stav služby Funkčnost aplikací byl změněn na: Zastaveno
Record Number: 379713
Source Name: Service Control Manager
Time Written: 20160110174749.199261-000
Event Type: Informace
User:

Computer Name: Radek-PC
Event Code: 7036
Message: Stav služby Služba WinHTTP WPAD byl změněn na: Zastaveno
Record Number: 379712
Source Name: Service Control Manager
Time Written: 20160110174325.215597-000
Event Type: Informace
User:

Computer Name: Radek-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Windows PowerShell.
Record Number: 379711
Source Name: Microsoft-Windows-Eventlog
Time Written: 20160110174320.775586-000
Event Type: Informace
User: Radek-PC\Radek

Computer Name: Radek-PC
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 379710
Source Name: Microsoft-Windows-Eventlog
Time Written: 20160110174320.728786-000
Event Type: Informace
User: Radek-PC\Radek

=====Application event log=====

Computer Name: Radek-PC
Event Code: 1033
Message: Zásady budou vyloučeny, protože jsou definovány jen s atributem Pouze přepsat.
Názvy zásad=(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Telnet-Client-EnableTelnetClient) (Telnet-Server-EnableTelnetServer) (TiffIFilterLicensing-EnableTiffIFilter) (nfs-admincmdtools-enabled) (nfs-adminmmc-enabled) (nfs-clientcmdtools-enabled) (nfs-clientcore-enabled) (sua-EnableSUA)
ID aplikace=55c92734-d682-4d71-983e-d6ec3f16059f
ID SKU=7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Record Number: 84712
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20160110195057.000000-000
Event Type: Informace
User:

Computer Name: Radek-PC
Event Code: 1066
Message: Inicializační stav pro objekty služby
C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000

Record Number: 84711
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20160110195056.000000-000
Event Type: Informace
User:

Computer Name: Radek-PC
Event Code: 900
Message: Služba Ochrana softwaru se spouští.

Record Number: 84710
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20160110195056.000000-000
Event Type: Informace
User:

Computer Name: Radek-PC
Event Code: 10001
Message: Ukončování relace 1, zahájení ‎2016‎-‎01‎-‎10T18:06:27.540297300Z.
Record Number: 84709
Source Name: Microsoft-Windows-RestartManager
Time Written: 20160110180627.555897-000
Event Type: Informace
User: Radek-PC\Radek

Computer Name: Radek-PC
Event Code: 10000
Message: Zahajování relace 1 – ‎2016‎-‎01‎-‎10T18:06:27.540297300Z.
Record Number: 84708
Source Name: Microsoft-Windows-RestartManager
Time Written: 20160110180627.540297-000
Event Type: Informace
User: Radek-PC\Radek

=====Security event log=====

Computer Name: Radek-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 108080
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160110183947.198436-000
Event Type: Úspěšný audit
User:

Computer Name: Radek-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RADEK-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x24c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 108079
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160110183947.198436-000
Event Type: Úspěšný audit
User:

Computer Name: Radek-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 108078
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160110180214.925428-000
Event Type: Úspěšný audit
User:

Computer Name: Radek-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: RADEK-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x24c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 108077
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160110180214.925428-000
Event Type: Úspěšný audit
User:

Computer Name: Radek-PC
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-13920682-1251540043-472326298-1000
Název účtu: Radek
Název domény: Radek-PC
ID přihlášení: 0x1ba2b
Record Number: 108076
Source Name: Microsoft-Windows-Eventlog
Time Written: 20160110174320.666386-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared;C:\Program Files\Xpress Software\AIDC\Advanced ID Creator
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a

-----------------EOF-----------------

Zdravím!
Jak je na tom váš oper. systém s legalitou?

Zdravím, mělo by být vše v pořádku, štítek i aktivace je v pořádku.

OK. Udělejte tento sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy.

OTL Extras logfile created on: 7.6.2016 21:46:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Radek\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,22 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 51,43% Memory free
6,43 Gb Paging File | 4,81 Gb Available in Paging File | 74,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 226,66 Gb Free Space | 38,02% Space Free | Partition Type: NTFS
Drive D: | 109,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 244,14 Gb Total Space | 2,42 Gb Free Space | 0,99% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 15,89 Gb Free Space | 7,17% Space Free | Partition Type: NTFS

Computer Name: RADEK-PC | User Name: Radek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-13920682-1251540043-472326298-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE prezentace] -- "C:\Program Files\Fotolab\Fotolab Fotosvet\CEWE prezentace.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet] -- "C:\Program Files\Fotolab\Fotolab Fotosvet\Fotolab Fotosvet.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02443430-1816-4DC5-B44A-B9B8B5D804D7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0DB55C80-F696-4872-8A29-1FB181809426}" = lport=138 | protocol=17 | dir=in | app=system |
"{232AEEA9-8334-4211-B5F5-1017E55993B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25101A7E-4E3A-4C01-B363-66256022EC47}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{284CE83F-26BB-4774-82D2-775F644803BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{2E5B4C17-2BFD-4851-B6D4-5BA29EA70EA9}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{321AD310-2DD6-4601-AA5E-9167A9FC89A1}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{422E4E35-7ABE-4458-A5C3-07EB2B4DF1DA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{44812B82-2E8C-4BC6-AC96-866270FA8F01}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{52ACBCAE-7EFA-4502-B173-E67C75EB8BB1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5837EE36-624F-4599-8761-1CAC97401C83}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{633AE330-4F5A-4A63-84C9-A36CB985DE41}" = lport=137 | protocol=17 | dir=in | app=system |
"{6B318683-64A4-41EE-A5C5-F7FB8FB0A17C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6F622A75-19CE-4D93-AC49-4E9415306A24}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{765109C2-698E-4E28-B07A-941DB184BFC3}" = lport=7852 | protocol=6 | dir=in | name=war thunder |
"{7D0BFA8E-1F08-4E45-87EA-BA78C303CE44}" = rport=137 | protocol=17 | dir=out | app=system |
"{7E23E9BF-58B4-4A28-8278-DCBBA58C201C}" = lport=445 | protocol=6 | dir=in | app=system |
"{86FC59F9-A1BA-41D3-A650-63B7FFB8EB44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8D8E4681-0929-4648-B973-1129C9A80ABA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90FE4889-BE57-469A-898A-7F33E3D4BD39}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91BC9028-79EC-4BD2-BB5B-5EE001CE2E1B}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{91BE4508-A952-451D-B48A-77C73381B80B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95FED4F9-FF6D-466B-91DA-2024F2E6E5F8}" = lport=7853 | protocol=6 | dir=in | name=war thunder |
"{A15C7946-2A8D-4A28-A68F-E5A91924790C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6242DA5-00F9-4A96-BC04-4CF30FBAAA4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C56B238F-2A5F-43E6-9823-3AFF715297FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5F01B3A-6DEA-4D3F-9AB2-4978DB422321}" = rport=138 | protocol=17 | dir=out | app=system |
"{C8A7C5B5-0E3E-4B3F-9829-B10C2F821610}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{CF09C014-D70A-44E3-94B2-C63E2090E828}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFDC0956-A67E-40E2-8639-C1A1DA059A61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0104FC5-B62E-4D53-AF10-3B1C26D4F493}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6DC7DA4-E552-421F-82D9-6437F82AA178}" = lport=139 | protocol=6 | dir=in | app=system |
"{E13BD079-A252-4928-B622-ECE57393CC4A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E702F12D-A858-4596-91D5-A778BC22BA11}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{F4D424C4-5452-4451-B886-27A304C32317}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{F4FF1FD0-A107-4065-8D4D-256326209217}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC73E331-4B85-418D-B52A-0CE608E9C570}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD1135E5-2571-49F1-9A1D-D1FD218837DE}" = lport=33333 | protocol=6 | dir=in | name=war thunder |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D21149-D4FF-471C-B071-9E0FE9668EDA}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{167D2C54-14DB-4AFE-B625-47EA671189BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B30E0E4-1F90-42A1-B7B0-CF0633C3F46E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1BE584B6-B8F9-473F-836E-938846495B8A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2BD7E028-B4A6-4B40-BC28-5F1786FDD0CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{335705F2-481C-4923-AA3F-C67B62249491}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{3673DCF8-99C4-40F6-A346-CC65BFAC125B}" = protocol=17 | dir=in | app=c:\program files\sony mobile\update engine\sony mobile update engine.exe |
"{3BC2A5C6-AE37-4F0B-9D87-6775E8722D46}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E3C212B-51D3-4934-A6C9-6AF16F596480}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46752FF5-9BF2-4984-968B-EAAC42B66494}" = dir=in | app=c:\users\radek\appdata\local\torch\plugins\hola\hola_plugin.exe |
"{467A8610-5487-415C-812B-73F0AF8DDCA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AB8EA5D-4590-4091-98E3-BCF5397CB9B1}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{4C0D6703-CA53-4580-A3D0-22E1B9BC49C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57DA0B07-3973-4BFA-BC16-EB1B47ABFE74}" = dir=out | app=c:\games\world_of_tanks\wotlauncher.exe |
"{581C0F6C-1E11-478F-B2F6-41ABF3B22C23}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{58B4EF85-A775-4BD1-9F1A-1C8E33F5E8E4}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{610EBBDF-43AA-40D8-8A96-FD07B1D78571}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{68D371D9-C9D5-4FC2-B5D7-4E30B10682FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{767CA61E-7FC7-4464-9A23-D226D16BF9A1}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{76884D5D-267C-4612-95DD-4D7172327E56}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{79D3C0FA-B8FE-49B1-9EC4-3BD948B2D365}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{81D9986A-5490-4D19-B05F-A4E3C025613C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{84FCD33A-EBC8-4DBE-85C5-094142893C74}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8E574FF1-F3E9-4E3B-9B40-535144C51F60}" = dir=in | app=c:\users\radek\appdata\local\torch\application\torch.exe |
"{9F98AE8E-75D6-42CA-9580-A308C4F43747}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A57C91A0-FC15-4469-A365-736D293926DA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{A9D158AB-6FE4-4A15-8B24-0BD7896D10EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADC36552-8D9A-4E1F-86AD-D3CFDECB7709}" = protocol=6 | dir=in | app=c:\program files\sony mobile\update engine\sony mobile update engine.exe |
"{B6434F78-5738-4F76-A9F8-0E2DC751FC9E}" = dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"{B8BEECCB-4FD5-4D76-8813-8EE46E825CBE}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{BB7CFFC1-7E9D-4DF4-95DB-3DC99F6A2E2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CACED96F-8AC4-46F1-9F33-7A0186E267E2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{CC4A4A95-0904-4165-99F7-C66989A1EE3A}" = dir=out | app=c:\games\world_of_tanks\worldoftanks.exe |
"{D34C8690-A975-4D1B-943D-22DE45529D33}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{D3B4D40A-4B9A-4FF7-B129-4465AA832680}" = protocol=17 | dir=in | app=c:\program files\movies app\datamngr\srtool~1\ie\dtuser.exe |
"{D9D1AC7B-0B10-447F-A824-A76C1F3F7CF0}" = dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"{DD90D6DC-382B-46B9-9328-5BCF9EC61D8A}" = protocol=6 | dir=in | app=c:\program files\movies app\datamngr\srtool~1\ie\dtuser.exe |
"{FE3156AA-0304-486C-89F8-939794BD3B45}" = protocol=6 | dir=out | app=system |
"TCP Query User{386B1FD7-F3E8-4C5D-A41E-4FD061394BC8}C:\program files\java\jre1.8.0_77\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_77\bin\javaw.exe |
"TCP Query User{390669AE-98EB-4C5D-A429-54C38F248E3B}C:\games\world_of_warships\wowslauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_warships\wowslauncher.exe |
"TCP Query User{83BDF750-B9DA-4350-9FC2-808274370421}C:\program files\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\program files\flatout\flatout.exe |
"TCP Query User{9D241028-3836-43DF-8E5A-A97F44965CC1}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{EE09D9EE-0BCE-42A0-94FD-01AE5154D4C9}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{FF21BF30-330A-493A-BF1A-D6B96D8E34CD}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{7C1EE2B2-7D21-4BFC-B1C6-A1F72D5B9C6D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{8E7DA1B5-F3B1-4736-93A5-7663D389AC0D}C:\program files\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\program files\flatout\flatout.exe |
"UDP Query User{A38940E0-A684-4E32-AA8F-9D632F3681E7}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{AABCA1D4-0A00-4631-A310-7CF81CF57A4C}C:\program files\java\jre1.8.0_77\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_77\bin\javaw.exe |
"UDP Query User{D06E5B40-D378-4443-9418-6F8DE8ADED0D}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{D581F1FA-1E18-4E24-9A84-8742805E01FB}C:\games\world_of_warships\wowslauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_warships\wowslauncher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15F16DD9-670C-4B8F-9F92-BC358AB814BD}" = Windows Live Family Safety
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23AAEBF8-12B1-43EA-B75D-CDC613CA6CB4}" = Photo Common
"{26A24AE4-039D-4CA4-87B4-2F83218077F0}" = Java 8 Update 77
"{379A0618-EF50-423C-9637-EEB2D25A4BB4}" = Movie Maker
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{49A30D6B-CCD8-4741-91FD-0E3FCC0D3A13}_is1" = Ztracený poklad 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69EDC871-8A8A-34A8-B511-FF7CE3C4B0B7}" = Microsoft .NET Framework 4.5.2 (CSY)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90850405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.2 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9976E0BD-56A6-4A32-8597-B80FCE62063A}" = Windows Live Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8C4BCA1-00FE-4CC4-B8E4-E56CEA270C89}" = Intel(R) Biometric and Context Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Czech
"{AEA7CE08-09DC-4186-99FD-66A26F3B8B21}" = Fotogalerie
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6FF40EA-AEF2-46FF-9516-9A6512901B97}" = Windows Live Mail
"{BADEEBDE-ABAF-4650-9149-51614651A1A0}" = Windows Live Writer Resources
"{BF286606-9E68-472C-BAEA-41162F2BF4D1}" = Windows Live Family Safety
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C82E0493-CDCF-4583-8DAE-59CC7EC4B2FE}" = Windows Live Messenger
"{CEE2613D-3B53-4447-BA2D-E88C08272581}" = LibreOffice 3.3
"{D310DD60-9EF2-4C9C-AD66-A58185A1C7CB}" = Windows Live UX Platform Language Pack
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8E4163F-7ED2-429A-B8C5-C7CE5B797831}" = Windows Live MIME IFilter
"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver
"{DD17408A-4066-45D6-8F83-F329C3AFAA6D}" = Intel(R) Biometric and Context Agent Redistributables
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E5603D65-60FC-47A6-AAC3-D5448227E963}" = Windows Live Writer
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.303
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 19 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.2
"Avast" = Avast Free Antivirus
"CCleaner" = CCleaner
"FormatFactory" = FormatFactory 2.96
"Fotolab Fotosvet" = Fotolab Fotosvet
"GIMP-2_is1" = GIMP 2.8.14
"Google Chrome" = Google Chrome
"HappyFoto-Designer_is1" = HF Designer 5.2
"imeshkoyotesoftmoviestoolbarFF" = Movies Search App for Firefox (Dist. by Koyote-Lab, Inc.)
"imeshkoyotesoftmoviestoolbarIE" = Movies Search App for Internet Explorer (Dist. by Koyote-Lab, Inc.)
"IrfanView" = IrfanView (remove only)
"KitchenDraw 5.0" = KitchenDraw 5.0
"KitchenDraw_is1" = KitchenDraw 6.0
"Mozilla Firefox 46.0.1 (x86 cs)" = Mozilla Firefox 46.0.1 (x86 cs)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Optimik_is1" = Optimik 2.36c
"Ovečky" = Ovečky
"SafeZone 1.48.2066.101" = SafeZone Stable 1.48.2066.101
"Samsung Printer Live Update" = Samsung Printer Live Update
"Smart File Advisor_is1" = Smart File Advisor 1.1.6
"Tajemná písmena" = Tajemná písmena
"Tajuplný ostrov" = Tajuplný ostrov
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"TrueKey" = Intel Security True Key
"Turtix" = Turtix
"Update Engine" = Sony Mobile Update Engine
"Usbfix" = UsbFix
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"ZhornStickies" = Stickies 7.1a
"ZonerPhotoStudio16_CZ_is1" = Zoner Photo Studio 16

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-13920682-1251540043-472326298-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1" = World of Warships
"SeznamInstall" = Seznam Software
"SquareClock_Production_Home_Siko_Web" = Siko Web Kitchen Planner
"Torch" = Torch
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29.5.2016 4:40:47 | Computer Name = Radek-PC | Source = System Restore | ID = 8193
Description =

Error - 29.5.2016 15:00:14 | Computer Name = Radek-PC | Source = System Restore | ID = 8193
Description =

Error - 30.5.2016 17:21:44 | Computer Name = Radek-PC | Source = System Restore | ID = 8193
Description =

Error - 30.5.2016 18:00:01 | Computer Name = Radek-PC | Source = System Restore | ID = 8193
Description =

Error - 31.5.2016 1:27:25 | Computer Name = Radek-PC | Source = System Restore | ID = 8193
Description =

Error - 31.5.2016 20:04:19 | Computer Name = Radek-PC | Source = System Restore | ID = 8193
Description =

Error - 2.6.2016 14:48:51 | Computer Name = Radek-PC | Source = System Restore | ID = 8193
Description =

Error - 3.6.2016 9:04:49 | Computer Name = Radek-PC | Source = System Restore | ID = 8193
Description =

Error - 5.6.2016 3:44:27 | Computer Name = Radek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: kd_app.exe, verze: 0.0.0.0, časové razítko:
0x7acc478b Název chybujícího modulu: USER32.dll, verze: 6.1.7601.19061, časové razítko:
0x56423964 Kód výjimky: 0xc0000005 Posun chyby: 0x00014065 ID chybujícího procesu:
0x1694 Čas spuštění chybující aplikace: 0x01d1befe100d7f02 Cesta k chybující aplikaci:
C:\KD\kd_app.exe Cesta k chybujícímu modulu: C:\Windows\system32\USER32.dll ID zprávy:
53f7453a-2af1-11e6-b8ca-50e54920e336

Error - 7.6.2016 12:17:21 | Computer Name = Radek-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 5.6.2016 2:56:04 | Computer Name = Radek-PC | Source = Service Control Manager | ID = 7001
Description = Služba Protokol PNRP (Peer Name Resolution Protocol) závisí na službě
Správce identit sítě rovnocenných počítačů, která neuspěla při spuštění v důsledku
následující chyby: %%1053

Error - 5.6.2016 6:01:44 | Computer Name = Radek-PC | Source = Service Control Manager | ID = 7000
Description = Služba Service Installer TrueKey neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 5.6.2016 12:09:51 | Computer Name = Radek-PC | Source = Service Control Manager | ID = 7000
Description = Služba Service Installer TrueKey neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 6.6.2016 12:50:45 | Computer Name = Radek-PC | Source = Service Control Manager | ID = 7000
Description = Služba Service Installer TrueKey neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 7.6.2016 12:12:05 | Computer Name = Radek-PC | Source = Service Control Manager | ID = 7000
Description = Služba Service Installer TrueKey neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 7.6.2016 12:37:12 | Computer Name = Radek-PC | Source = Service Control Manager | ID = 7000
Description = Služba Service Installer TrueKey neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 7.6.2016 13:01:16 | Computer Name = Radek-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR3.

Error - 7.6.2016 13:01:16 | Computer Name = Radek-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR3.

Error - 7.6.2016 13:01:17 | Computer Name = Radek-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR3.

Error - 7.6.2016 13:01:17 | Computer Name = Radek-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR3.

< End of report >

L logfile created on: 7.6.2016 21:46:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Radek\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,22 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 51,43% Memory free
6,43 Gb Paging File | 4,81 Gb Available in Paging File | 74,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 226,66 Gb Free Space | 38,02% Space Free | Partition Type: NTFS
Drive D: | 109,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 244,14 Gb Total Space | 2,42 Gb Free Space | 0,99% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 15,89 Gb Free Space | 7,17% Space Free | Partition Type: NTFS

Computer Name: RADEK-PC | User Name: Radek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016.06.07 21:44:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Radek\Downloads\OTL.exe
PRC - [2016.06.07 18:41:09 | 007,391,632 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2016.06.07 18:41:08 | 000,243,296 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2016.05.16 15:26:56 | 000,016,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\TrueKey\McTkSchedulerService.exe
PRC - [2016.05.16 15:26:28 | 000,879,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
PRC - [2016.05.13 19:43:00 | 006,690,008 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2016.05.03 05:30:33 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2016.03.20 22:57:26 | 000,927,256 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2016.01.22 07:12:59 | 002,973,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2015.11.25 14:25:08 | 002,353,816 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\BCA\pabeSvc.exe
PRC - [2015.05.26 13:38:58 | 000,457,384 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
PRC - [2014.12.18 23:18:39 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014.10.10 23:54:12 | 000,655,472 | ---- | M] (Filefacts.net) -- C:\Program Files\Smart File Advisor\SFAUpdater.exe
PRC - [2014.02.24 02:11:59 | 001,216,520 | ---- | M] (TorchMedia Inc.) -- C:\Users\Radek\AppData\Local\Torch\Update\TorchCrashHandler.exe
PRC - [2010.11.20 14:16:56 | 000,776,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (No Company Name) ==========

MOD - [2016.06.07 18:41:11 | 040,539,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2016.06.07 18:41:09 | 000,479,680 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2016.06.07 18:41:09 | 000,135,816 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2016.06.07 18:41:09 | 000,123,344 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015.05.26 13:38:58 | 000,457,384 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2015.05.26 13:38:34 | 000,862,888 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
MOD - [2015.05.26 13:37:42 | 000,078,504 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\9984libfoxloader.dll
MOD - [2015.02.17 10:35:00 | 000,764,416 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\libchinst.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -- (InstallerService)
SRV - [2016.06.07 18:41:08 | 000,243,296 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2016.05.16 15:36:10 | 000,073,968 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe -- (TrueKeyServiceHelper)
SRV - [2016.05.16 15:26:56 | 000,016,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McTkSchedulerService.exe -- (TrueKeyScheduler)
SRV - [2016.05.16 15:26:28 | 000,879,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe -- (TrueKey)
SRV - [2016.05.03 05:31:11 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016.04.23 05:58:39 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2016.04.02 20:03:28 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.11.25 14:25:08 | 002,353,816 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BCA\pabeSvc.exe -- (IntelBCAsvc)
SRV - [2015.07.22 19:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015.06.10 11:11:26 | 000,155,520 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2014.02.24 02:11:59 | 001,216,520 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Radek\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.10.19 12:23:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.08.31 16:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\EtronXHCI.sys -- (EtronXHCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\EtronHub3.sys -- (EtronHub3)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (at1a26cf)
DRV - [2016.06.07 18:44:39 | 000,035,096 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2016.06.07 18:41:12 | 000,449,640 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2016.06.07 18:41:12 | 000,221,368 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2016.06.07 18:41:12 | 000,124,808 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2016.06.07 18:41:12 | 000,091,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2016.06.07 18:41:12 | 000,091,168 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2016.06.07 18:41:12 | 000,058,776 | ---- | M] (AVAST Software) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2016.06.07 18:41:12 | 000,032,792 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2016.06.07 18:41:07 | 000,815,792 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2016.01.02 17:58:08 | 000,040,504 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtliteusbbus.sys -- (dtliteusbbus)
DRV - [2016.01.02 17:57:39 | 000,026,168 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV - [2016.01.02 17:57:37 | 000,329,384 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2015.08.14 21:36:50 | 000,026,328 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsomc.sys -- (ggsomc)
DRV - [2015.08.14 21:36:50 | 000,013,528 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2015.06.11 19:15:04 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2014.09.03 00:08:56 | 000,052,368 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw.sys -- ({6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw)
DRV - [2013.01.15 19:54:12 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.05.13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.05.13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.05.13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.05.13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.05.13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008.12.18 12:13:18 | 000,025,680 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2005.08.22 14:02:02 | 000,043,968 | ---- | M] (Eutron) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eusk3usb.sys -- (eusk3usb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2000}: "URL" = http://www.default-search.net/search?si ... earchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}: "URL" = http://www.default-search.net/search?si ... earchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\SearchScopes\{11D54CF3-10F6-4549-8C55-785087FAC7C9}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_14875
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\SearchScopes\{5CE01EB5-4E04-4D4D-8965-6CD331552D92}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_12454
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcer ... arch_14875
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\SearchScopes\{89B320DA-9286-4AB7-B6F3-89F06757AFF4}: "URL" = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2000}: "URL" = http://www.default-search.net/search?si ... earchTerms}
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}: "URL" = http://www.default-search.net/search?si ... earchTerms}
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\SearchScopes\{BB6AA2F5-EF82-4A75-BFEF-357030F1FB54}: "URL" = http://websearch.ask.com/redirect?clien ... DD14218EDD
IE - HKU\S-1-5-21-13920682-1251540043-472326298-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.77.2: C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2: C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\TorchVLC: C:\Users\Radek\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Radek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2016.06.07 18:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2014.01.14 18:43:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2011.09.19 11:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radek\AppData\Roaming\Mozilla\Extensions
[2016.05.11 15:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\fqxs8r1t.default-1462973134106\extensions
[2014.01.14 18:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radek\AppData\Roaming\Mozilla\Sunbird\Profiles\9t981bs4.default\extensions
[2016.05.28 11:23:03 | 000,006,303 | ---- | M] () (No name found) -- C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\fqxs8r1t.default-1462973134106\features\{67181a48-ab2e-4efe-8b1d-b3b03cbe0b5a}\e10srollout@mozilla.org.xpi
[2016.05.28 11:23:04 | 000,686,304 | ---- | M] () (No name found) -- C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\fqxs8r1t.default-1462973134106\features\{67181a48-ab2e-4efe-8b1d-b3b03cbe0b5a}\firefox@getpocket.com.xpi
[2016.05.28 11:23:05 | 002,043,369 | ---- | M] () (No name found) -- C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\fqxs8r1t.default-1462973134106\features\{67181a48-ab2e-4efe-8b1d-b3b03cbe0b5a}\loop@mozilla.org.xpi
[2016.05.11 15:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

O1 HOSTS File: ([2016.05.11 15:15:07 | 000,000,826 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (True Key Helper) - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll (Intel Security)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (True Key) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll (Intel Security)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\Toolbar\WebBrowser: (no name) - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No CLSID value found.
O3 - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Minecraft] wscript.exe //B "C:\Users\Radek\AppData\Roaming\Minecraft.vbs" File not found
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [SFAUpdater] C:\Program Files\Smart File Advisor\SFAUpdater.exe (Filefacts.net)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKU\S-1-5-21-13920682-1251540043-472326298-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-13920682-1251540043-472326298-1000..\Run: [cz.seznam.software.autoupdate] C:\Users\Radek\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKU\S-1-5-21-13920682-1251540043-472326298-1000..\Run: [cz.seznam.software.szndesktop] C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O4 - HKU\S-1-5-21-13920682-1251540043-472326298-1000..\Run: [Minecraft] wscript.exe //B "C:\Users\Radek\AppData\Roaming\Minecraft.vbs" File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Minecraft.vbs ()
F3 - HKU\S-1-5-21-13920682-1251540043-472326298-1000 WinNT: Load - (cmd /c) - C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..Trusted Domains: localhost ([]http in Internet)
O15 - HKU\S-1-5-21-13920682-1251540043-472326298-1000\..Trusted Domains: samsungsetup.com ([www] http in Důvěryhodné weby)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD7B00FB-A18D-4569-A16E-C8CED458A970}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-13920682-1251540043-472326298-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.09.25 21:07:52 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2015.09.25 21:07:52 | 000,000,000 | RHSD | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2015.09.25 21:07:52 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{00b32511-b15e-11e5-a174-50e54920e336}\Shell - "" = AutoRun
O33 - MountPoints2\{00b32511-b15e-11e5-a174-50e54920e336}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{bf512bc3-5d54-11e2-86c2-50e54920e336}\Shell - "" = AutoRun
O33 - MountPoints2\{bf512bc3-5d54-11e2-86c2-50e54920e336}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (c:\program files\movies app\datamngr\x64\apcrtldr.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Program Files\SPlayer\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2016.06.07 18:44:40 | 000,035,096 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2016.06.07 18:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2016.06.07 18:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016.06.07 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\Radek\AppData\Roaming\AVAST Software
[2016.06.07 18:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2016.06.07 18:41:54 | 000,124,808 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2016.06.07 18:41:53 | 000,449,640 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2016.06.07 18:41:53 | 000,221,368 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswVmm.sys
[2016.06.07 18:41:53 | 000,058,776 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRvrt.sys
[2016.06.07 18:41:52 | 000,091,168 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2016.06.07 18:41:52 | 000,032,792 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswHwid.sys
[2016.06.07 18:41:51 | 000,091,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2016.06.07 18:41:50 | 000,815,792 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2016.06.07 18:41:30 | 000,334,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2016.06.07 18:41:09 | 000,052,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2016.06.07 18:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2016.06.07 18:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2016.06.07 18:22:12 | 000,000,000 | ---D | C] -- C:\rsit
[2016.06.05 22:01:35 | 000,000,000 | ---D | C] -- C:\Users\Radek\AppData\Local\SquareClock.Production_Home_Siko_Web
[2016.05.11 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\Radek\Desktop\Původní data aplikace Firefox
[2016.05.11 15:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2016.05.11 15:16:37 | 000,000,000 | ---D | C] -- C:\Users\Radek\AppData\Roaming\Google
[2016.05.11 15:13:46 | 000,000,000 | ---D | C] -- C:\Users\Radek\AppData\Roaming\TeamViewer
[2016.05.11 12:46:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jnwmon.dll
[2016.05.11 12:46:33 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2016.05.11 12:46:03 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2016.05.11 12:46:01 | 002,397,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2016.05.11 12:45:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2016.05.11 12:45:50 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2016.05.11 12:45:50 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2016.05.11 12:45:50 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2016.05.11 12:45:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2016.05.11 12:45:49 | 000,689,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2016.05.11 12:45:49 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2016.05.11 12:45:49 | 000,346,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2016.05.11 12:45:49 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2016.05.11 12:45:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2016.05.11 12:45:48 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2016.05.11 12:45:48 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2016.05.11 12:45:48 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2016.05.11 12:45:48 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2016.05.11 12:45:47 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2016.05.11 12:45:47 | 000,693,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2016.05.11 12:45:46 | 002,056,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2016.05.11 12:45:46 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2016.05.11 12:45:46 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2016.05.11 12:45:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2016.05.11 12:45:44 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2016.05.11 12:45:44 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2016.05.11 12:45:42 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2016.05.11 12:45:41 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2016.05.11 12:45:40 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2016.05.11 12:45:38 | 004,611,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2016.05.11 12:45:21 | 003,998,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2016.05.11 12:45:20 | 003,943,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2016.05.11 12:45:17 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2016.05.11 12:45:17 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2016.05.11 12:45:17 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2016.05.11 12:45:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2016.05.11 12:45:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2016.05.11 12:45:15 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2016.05.11 12:45:15 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2016.05.11 12:45:15 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2016.05.11 12:45:15 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2016.05.11 12:45:15 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2016.05.11 12:45:15 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll
[2016.05.11 12:45:15 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2016.05.11 12:45:15 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2016.05.11 12:45:15 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2016.05.11 12:45:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2016.05.11 12:45:04 | 000,218,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2016.05.11 12:45:04 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2016.05.10 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\Radek\AppData\Local\AVAST Software
[2016.05.10 19:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2016.05.09 16:11:41 | 000,000,000 | ---D | C] -- C:\Users\Radek\Desktop\Mobile všešcky
[2015.11.02 22:01:46 | 001,691,304 | ---- | C] (Mozilla Foundation) -- C:\Users\Radek\AppData\Roaming\nss3.dll
[2015.11.02 22:01:46 | 000,970,912 | ---- | C] (Microsoft Corporation) -- C:\Users\Radek\AppData\Roaming\msvcr120.dll
[2015.11.02 22:01:46 | 000,455,328 | ---- | C] (Microsoft Corporation) -- C:\Users\Radek\AppData\Roaming\msvcp120.dll
[2015.11.02 22:00:22 | 000,095,232 | ---- | C] (Spark) -- C:\ProgramData\svhost
[2015.11.02 22:00:14 | 000,095,232 | ---- | C] (Spark) -- C:\Users\Radek\AppData\Roaming\novonj.exe
[2015.11.02 22:00:10 | 000,233,984 | ---- | C] (BernyR) -- C:\Users\Radek\AppData\Roaming\tetro.exe
[2015.11.02 22:00:05 | 000,261,120 | ---- | C] (Gretech Corporation) -- C:\Users\Radek\AppData\Roaming\444.exe
[2015.11.02 22:00:02 | 000,388,608 | ---- | C] (Techland) -- C:\Users\Radek\AppData\Roaming\111 (2).exe
[2015.11.02 21:59:58 | 000,186,880 | ---- | C] (BernyR) -- C:\Users\Radek\AppData\Roaming\1njnoco.exe
[2013.02.24 19:48:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Radek\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016.06.07 21:48:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016.06.07 21:48:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016.06.07 21:16:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016.06.07 19:02:36 | 000,668,542 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2016.06.07 19:02:36 | 000,653,930 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2016.06.07 19:02:36 | 000,141,202 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2016.06.07 19:02:36 | 000,121,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2016.06.07 18:55:58 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.06.07 18:55:58 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.06.07 18:47:31 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[2016.06.07 18:46:47 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016.06.07 18:44:39 | 000,035,096 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2016.06.07 18:43:00 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016.06.07 18:42:27 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2016.06.07 18:41:12 | 000,449,640 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2016.06.07 18:41:12 | 000,221,368 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswVmm.sys
[2016.06.07 18:41:12 | 000,124,808 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2016.06.07 18:41:12 | 000,091,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2016.06.07 18:41:12 | 000,091,168 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2016.06.07 18:41:12 | 000,058,776 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRvrt.sys
[2016.06.07 18:41:12 | 000,032,792 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswHwid.sys
[2016.06.07 18:41:09 | 000,334,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2016.06.07 18:41:09 | 000,052,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2016.06.07 18:41:07 | 000,815,792 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2016.06.07 18:37:13 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016.06.07 18:37:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.06.07 18:37:02 | 2589,270,016 | -HS- | M] () -- C:\hiberfil.sys
[2016.06.07 18:22:05 | 001,107,968 | ---- | M] () -- C:\Users\Radek\Desktop\RSIT.exe
[2016.06.05 22:02:13 | 000,002,194 | ---- | M] () -- C:\Users\Radek\Desktop\Siko Web Kitchen Planner.lnk
[2016.06.05 11:46:40 | 000,134,589 | ---- | M] () -- C:\Users\Radek\Desktop\půdorys frýša.jpg
[2016.06.05 11:46:05 | 000,091,204 | ---- | M] () -- C:\Users\Radek\Desktop\kuchyn frýša.jpg
[2016.06.05 11:45:46 | 000,001,000 | --S- | M] () -- C:\Users\Public\Documents\mssystem.cfg
[2016.05.11 15:21:01 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016.05.11 15:09:40 | 000,300,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016.06.07 21:48:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016.06.07 18:47:31 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[2016.06.07 18:47:31 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[2016.06.07 18:46:47 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2016.06.07 18:46:47 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016.06.07 18:43:00 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016.06.07 18:42:27 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2016.06.07 18:22:02 | 001,107,968 | ---- | C] () -- C:\Users\Radek\Desktop\RSIT.exe
[2016.06.05 22:02:13 | 000,002,194 | ---- | C] () -- C:\Users\Radek\Desktop\Siko Web Kitchen Planner.lnk
[2016.06.05 11:46:40 | 000,134,589 | ---- | C] () -- C:\Users\Radek\Desktop\půdorys frýša.jpg
[2016.06.05 11:46:05 | 000,091,204 | ---- | C] () -- C:\Users\Radek\Desktop\kuchyn frýša.jpg
[2016.05.11 15:21:01 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2016.05.11 15:21:01 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016.03.29 20:31:02 | 000,116,837 | ---- | C] () -- C:\Users\Radek\AppData\Roaming\Minecraft.vbs
[2016.01.23 11:07:45 | 000,005,389 | ---- | C] () -- C:\Users\Radek\AppData\Local\recently-used.xbel
[2016.01.11 08:26:55 | 000,300,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2015.11.21 14:14:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2014.12.17 10:56:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2014.12.17 10:54:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2014.07.18 23:15:38 | 000,018,280 | ---- | C] () -- C:\Windows\System32\roboot.exe
[2014.03.08 11:57:01 | 000,005,319 | ---- | C] () -- C:\Users\Radek\AppData\Roaming\froggy_scorebox
[2014.03.08 11:57:01 | 000,000,906 | ---- | C] () -- C:\Users\Radek\AppData\Roaming\pl_accounts.pl_acc
[2014.03.08 11:57:01 | 000,000,556 | ---- | C] () -- C:\Users\Radek\AppData\Roaming\Troll.options
[2014.01.21 23:01:03 | 000,021,504 | ---- | C] () -- C:\Users\Radek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.24 19:48:24 | 000,087,608 | ---- | C] () -- C:\Users\Radek\AppData\Roaming\inst.exe
[2013.02.24 19:48:24 | 000,007,887 | ---- | C] () -- C:\Users\Radek\AppData\Roaming\pcouffin.cat
[2013.02.24 19:48:24 | 000,001,144 | ---- | C] () -- C:\Users\Radek\AppData\Roaming\pcouffin.inf
[2012.10.19 13:25:59 | 000,000,126 | ---- | C] () -- C:\Users\Radek\AppData\Roaming\default.pls
[2011.09.19 12:06:00 | 000,001,024 | ---- | C] () -- C:\Users\Radek\.rnd

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.01.22 08:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2016.06.06 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\.minecraft
[2014.12.17 16:14:31 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\.mono
[2014.02.22 10:29:34 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Alawar
[2014.01.22 20:17:11 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Ashampoo
[2016.06.07 18:42:40 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\AVAST Software
[2014.01.22 23:27:13 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\avidemux
[2014.09.03 16:19:52 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\CLiPW
[2013.02.24 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Coolbox
[2016.01.10 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\DAEMON Tools Lite
[2015.11.02 19:31:36 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\dclogs
[2013.02.24 20:34:19 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Digiarty
[2012.10.27 11:32:11 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Exec
[2014.09.06 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\FirefoxToolbar
[2016.01.31 17:03:49 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\FreeMoviesToDVD
[2014.02.21 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Friday's games
[2014.02.03 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Gaijin Ent
[2011.09.19 11:57:32 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\GHISLER
[2014.12.26 16:05:45 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\ImperiaOnline
[2014.07.18 22:12:29 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\inkscape
[2013.01.01 22:22:57 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\IrfanView
[2014.02.21 10:48:15 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Land Of Runes
[2013.02.24 20:06:55 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Leawo
[2012.11.02 20:33:51 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\LibreOffice
[2012.12.01 18:59:38 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Marine Aquarium Lite
[2015.11.27 12:47:35 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Maxthon3
[2014.09.03 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Media Freeware
[2016.02.24 17:07:30 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\MyPhoneExplorer
[2015.11.16 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\OpenOffice
[2014.07.18 22:15:08 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Opera Software
[2012.10.20 17:53:50 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Rovio
[2016.01.02 17:57:33 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\RPEng
[2014.07.22 10:29:27 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Settings Manager
[2016.06.07 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Seznam.cz
[2013.01.06 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\SPlayer
[2014.08.24 20:54:52 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\stickies
[2015.10.05 17:22:34 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Summitsoft
[2014.07.18 23:17:12 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\systweak
[2016.05.11 15:13:46 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\TeamViewer
[2013.02.24 20:07:24 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\tiger-k
[2014.11.28 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Unity
[2013.02.24 20:12:36 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\VobSub
[2013.02.24 19:48:24 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Vso
[2014.07.27 10:42:37 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\wargaming.net
[2016.02.26 20:20:30 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Windows Live Writer
[2014.01.18 16:54:03 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Zoner

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 06:53:46 | 000,032,520 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.10.22 12:14:52 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.10.22 12:38:15 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.10.22 12:38:16 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2016.01.22 07:12:59 | 002,973,184 | ---- | M] (Microsoft Corporation) MD5=2A156D5EBF221EF2A6AE7CE452324DAC -- C:\Windows\explorer.exe
[2016.01.22 07:12:59 | 002,973,184 | ---- | M] (Microsoft Corporation) MD5=2A156D5EBF221EF2A6AE7CE452324DAC -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.19135_none_53a73c47d80e17a9\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2016.01.22 08:07:00 | 002,973,696 | ---- | M] (Microsoft Corporation) MD5=CEA6C2000AEC6CAF3CD6F3F73848E40A -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23338_none_5433dbd6f129009f\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2015.04.13 05:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\System32\services.exe
[2015.04.13 05:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_d1614ac32b8ec5cf\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2015.04.11 05:53:55 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=97981140500E86E5BBAD7B76BA890146 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_d1d9ee0844ba1cc2\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013.01.03 07:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013.01.04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2012.03.30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2014.12.18 23:18:52 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2013.01.04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2014.12.18 23:18:52 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012.10.03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2012.10.03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012.03.30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys
[2014.04.05 04:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2014.07.16 04:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014.07.17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014.07.17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014.03.04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014.03.04 12:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\348fa23db5676581511d3bd9823857c3\*.tmp files -> C:\Windows\SoftwareDistribution\Download\348fa23db5676581511d3bd9823857c3\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2016.06.06 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\.minecraft
[2014.12.17 16:14:31 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\.mono
[2012.12.16 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Adobe
[2014.02.22 10:29:34 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Alawar
[2014.01.22 20:17:11 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Ashampoo
[2016.06.07 18:42:40 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\AVAST Software
[2014.01.22 23:27:13 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\avidemux
[2014.09.03 16:19:52 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\CLiPW
[2013.02.24 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Coolbox
[2012.12.21 11:33:17 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Corel
[2016.01.10 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\DAEMON Tools Lite
[2015.11.02 19:31:36 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\dclogs
[2013.02.24 20:34:19 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Digiarty
[2013.02.25 17:07:26 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\dvdcss
[2012.10.27 11:32:11 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Exec
[2014.09.06 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\FirefoxToolbar
[2016.01.31 17:03:49 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\FreeMoviesToDVD
[2014.02.21 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Friday's games
[2014.02.03 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Gaijin Ent
[2011.09.19 11:57:32 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\GHISLER
[2016.05.11 15:16:37 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Google
[2011.09.19 10:45:52 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Identities
[2014.12.26 16:05:45 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\ImperiaOnline
[2014.07.18 22:12:29 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\inkscape
[2013.01.01 22:22:57 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\IrfanView
[2014.02.21 10:48:15 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Land Of Runes
[2013.02.24 20:06:55 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Leawo
[2012.11.02 20:33:51 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\LibreOffice
[2012.10.19 12:17:10 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Macromedia
[2012.12.01 18:59:38 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Marine Aquarium Lite
[2015.11.27 12:47:35 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Maxthon3
[2009.07.14 11:20:06 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Media Center Programs
[2014.09.03 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Media Freeware
[2015.11.16 21:01:09 | 000,000,000 | --SD | M] -- C:\Users\Radek\AppData\Roaming\Microsoft
[2016.01.11 22:51:07 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Mozilla
[2016.02.24 17:07:30 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\MyPhoneExplorer
[2014.09.04 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\NCH Software
[2012.12.22 13:29:46 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Nero
[2015.11.16 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\OpenOffice
[2014.07.18 22:15:08 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Opera Software
[2012.10.20 17:53:50 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Rovio
[2016.01.02 17:57:33 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\RPEng
[2014.07.22 10:29:27 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Settings Manager
[2016.06.07 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Seznam.cz
[2013.01.06 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\SPlayer
[2014.08.24 20:54:52 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\stickies
[2015.10.05 17:22:34 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Summitsoft
[2016.03.29 20:28:19 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Sun
[2014.07.18 23:17:12 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\systweak
[2014.01.14 18:43:18 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Talkback
[2016.05.11 15:13:46 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\TeamViewer
[2013.02.24 20:07:24 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\tiger-k
[2014.11.28 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Unity
[2016.06.01 07:18:13 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\vlc
[2013.02.24 20:12:36 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\VobSub
[2013.02.24 19:48:24 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Vso
[2014.07.27 10:42:37 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\wargaming.net
[2016.02.26 20:20:30 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Windows Live Writer
[2012.10.20 17:53:12 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\WinRAR
[2014.01.18 16:54:03 | 000,000,000 | ---D | M] -- C:\Users\Radek\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2015.11.02 22:00:06 | 000,388,608 | ---- | M] (Techland) -- C:\Users\Radek\AppData\Roaming\111 (2).exe
[2015.11.02 22:00:00 | 000,186,880 | ---- | M] (BernyR) -- C:\Users\Radek\AppData\Roaming\1njnoco.exe
[2015.11.02 22:00:08 | 000,261,120 | ---- | M] (Gretech Corporation) -- C:\Users\Radek\AppData\Roaming\444.exe
[2013.02.24 19:48:24 | 000,087,608 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\inst.exe
[2015.11.02 22:00:15 | 000,095,232 | ---- | M] (Spark) -- C:\Users\Radek\AppData\Roaming\novonj.exe
[2015.11.02 22:00:13 | 000,233,984 | ---- | M] (BernyR) -- C:\Users\Radek\AppData\Roaming\tetro.exe
[2015.05.08 14:50:52 | 001,799,448 | ---- | M] (Maxthon International ltd.) -- C:\Users\Radek\AppData\Roaming\Maxthon3\Public\MxUp\MxUp.exe
[2014.02.16 12:02:36 | 000,071,894 | R--- | M] () -- C:\Users\Radek\AppData\Roaming\Microsoft\Installer\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}\GPUploader.exe
[2012.12.21 11:32:51 | 000,010,134 | R--- | M] () -- C:\Users\Radek\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
[2012.12.21 11:32:51 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Radek\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
[2007.11.27 09:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe
[2016.01.02 17:58:07 | 002,970,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Radek\AppData\Roaming\RPEng\17F423F4104F4BF780CD6E6E313200CD\AVG_PCTuneUp_1314.exe
[2016.01.02 17:57:37 | 000,201,880 | ---- | M] (Install helper Team) -- C:\Users\Radek\AppData\Roaming\RPEng\17F423F4104F4BF780CD6E6E313200CD\dhe986.exe
[2013.05.16 15:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 15:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2015.05.26 13:36:54 | 000,073,896 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2015.05.26 13:38:58 | 000,457,384 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2015.05.26 13:38:44 | 000,103,080 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
[2014.07.16 18:58:20 | 000,645,400 | ---- | M] (Systweak Software ) -- C:\Users\Radek\AppData\Roaming\systweak\ssd\SSDPTstub.exe
[2002.12.11 10:20:18 | 000,061,440 | ---- | M] (Gabest) -- C:\Users\Radek\AppData\Roaming\VobSub\submux.exe
[2002.12.11 10:20:40 | 000,098,304 | ---- | M] (Gabest) -- C:\Users\Radek\AppData\Roaming\VobSub\subresync.exe
[2013.02.24 20:12:36 | 000,059,134 | ---- | M] () -- C:\Users\Radek\AppData\Roaming\VobSub\Uninstall VobSub.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2016.06.07 22:16:09 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2016.06.07 18:37:13 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2016.06.07 21:48:00 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2016.06.07 18:41:12 | 000,032,792 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswHwid.sys
[2016.06.07 18:44:39 | 000,035,096 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswKbd.sys
[2016.06.07 18:41:12 | 000,091,168 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2016.06.07 18:41:12 | 000,091,232 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr2.sys
[2016.06.07 18:41:12 | 000,058,776 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRvrt.sys
[2016.06.07 18:41:07 | 000,815,792 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSnx.sys
[2016.06.07 18:41:12 | 000,449,640 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSP.sys
[2016.06.07 18:41:12 | 000,124,808 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswStm.sys
[2016.06.07 18:41:12 | 000,221,368 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswVmm.sys

< %systemroot%\system32\*.* /3 >
[2016.06.07 18:55:58 | 000,017,168 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.06.07 18:55:58 | 000,017,168 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.06.07 18:41:09 | 000,334,280 | ---- | M] (AVAST Software) -- C:\Windows\system32\aswBoot.exe
[2016.06.07 18:17:02 | 000,014,439 | ---- | M] () -- C:\Windows\system32\debug.log
[2016.06.07 19:02:36 | 000,141,202 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2016.06.07 19:02:36 | 000,121,802 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2016.06.07 19:02:36 | 000,668,542 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2016.06.07 19:02:36 | 000,653,930 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2016.06.07 19:02:36 | 001,583,226 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"cz.seznam.software.autoupdate" = "C:\Users\Radek\AppData\Roaming\Seznam.cz\szninstall.exe" -c -- [2013.05.16 15:25:04 | 001,062,472 | ---- | M] ()
"cz.seznam.software.szndesktop" = "C:\Users\Radek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -- [2015.05.26 13:38:44 | 000,103,080 | ---- | M] ()
"Minecraft" = wscript.exe //B "C:\Users\Radek\AppData\Roaming\Minecraft.vbs" -- [2013.10.12 03:15:48 | 000,141,824 | ---- | M] (Microsoft Corporation)
"CCleaner Monitoring" = "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR -- [2016.05.13 19:43:00 | 006,690,008 | ---- | M] (Piriform Ltd)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2016.05.03 05:30:33 | 000,392,136 | ---- | M] (Mozilla Corporation) MD5=7DF8845A1CF92C227E81DBBC6F6434DF -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2016.04.23 18:24:50 | 000,815,304 | ---- | M] (Microsoft Corporation) MD5=455FBE995E8E809DA3EBB78C447202D9 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2016.06.04 03:57:01 | 000,941,720 | ---- | M] (Google Inc.) MD5=6CF0ACD321C93EB978C4908DEB79B7FB -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2016.06.07 21:48:04 | 000,000,512 | ---- | M] () MD5=6E779F0A09A3A03A222301654126B2C9 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2014.08.26 23:07:28 | 000,062,238 | ---- | M] () -- \Program Files\GIMP 2\share\gimp\2.0\patterns\cracked.pat

< *keygen* /s >

< *loader* /s >
[2010.07.05 13:30:50 | 000,071,208 | ---- | M] () -- \Games\World_of_Tanks\PhysXLoader.dll
[2016.02.29 19:59:17 | 000,010,323 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\app_loader\loader.pyc
[2016.02.29 19:59:17 | 000,001,518 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\eulaversionloader.pyc
[2016.02.29 19:59:17 | 000,002,209 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\graphicspresetsloader.pyc
[2016.02.29 19:59:17 | 000,007,493 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\guicolorsloader.pyc
[2016.02.29 19:59:17 | 000,004,097 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\guisoundsloader.pyc
[2016.02.29 19:59:17 | 000,002,753 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\windowsstoreddataloader.pyc
[2016.02.29 19:59:17 | 000,001,519 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\scaleform\framework\entities\abstract\loadermanagermeta.pyc
[2016.02.29 19:59:17 | 000,006,194 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\scaleform\framework\managers\loaders.pyc
[2016.02.29 19:59:17 | 000,011,861 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\shared\remotedatadownloader.pyc
[2016.02.29 19:59:17 | 000,003,419 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\helpers\rssdownloader.pyc
[2016.02.29 19:59:17 | 000,011,716 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\tutorial\loader.pyc
[2015.12.09 22:42:18 | 000,011,336 | ---- | M] () -- \Games\World_of_Tanks\res_bw\scripts\common\lib\unittest\loader.pyc
[2015.12.09 22:42:18 | 000,049,402 | ---- | M] () -- \Games\World_of_Tanks\res_bw\scripts\common\lib\unittest\test\test_loader.pyc
[2015.06.24 12:59:50 | 000,034,951 | ---- | M] () -- \Games\World_of_Warships\res\gui\flash\sfm_loader.swf
[2015.07.11 08:31:33 | 000,010,364 | ---- | M] () -- \Games\World_of_Warships\res\scripts\client\SFM\core\SFMTreeLoader.pyc
[2015.07.11 08:31:34 | 000,013,348 | ---- | M] () -- \Games\World_of_Warships\res\scripts\common\Lib\unittest\loader.pyc
[2015.07.11 08:31:34 | 000,029,728 | ---- | M] () -- \Games\World_of_Warships\res\scripts\common\Lib\unittest\test\test_loader.pyc
[2016.06.07 18:41:08 | 000,087,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2016.06.07 18:41:06 | 000,060,128 | ---- | M] () -- \Program Files\AVAST Software\Avast\ie_loader.exe
[2016.06.07 18:41:09 | 000,019,136 | ---- | M] () -- \Program Files\AVAST Software\Avast\setup\CRT\avast.vc140.crt\x86\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.04.15 14:52:55 | 001,755,262 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\1.48.2066.101\resources\bundled_extensions\video-downloader.crx
[2016.04.15 14:52:55 | 001,755,262 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\resources\bundled_extensions\video-downloader.crx
[2014.10.14 12:01:44 | 000,382,464 | ---- | M] () -- \Program Files\Fotolab\Fotolab Fotosvet\CWImageLoader0.dll
[2011.03.08 10:43:28 | 000,013,734 | ---- | M] () -- \Program Files\GIMP 2\Python\Lib\unittest\loader.py
[2014.10.30 12:03:48 | 000,001,682 | ---- | M] () -- \Program Files\HF Designer\Loader.elf
[2014.10.30 12:03:48 | 001,083,968 | ---- | M] () -- \Program Files\HF Designer\Loader.exe
[2016.05.17 16:39:54 | 000,001,087 | ---- | M] () -- \Program Files\Intel Security\True Key\Application\data\scripts\cs-loader.js
[2011.03.15 23:49:50 | 000,006,263 | ---- | M] () -- \Program Files\LibreOffice 3\Basis\program\pythonloader.py
[2011.09.19 11:48:07 | 000,020,992 | ---- | M] () -- \Program Files\LibreOffice 3\Basis\program\pythonloader.uno.dll
[2011.03.16 07:12:38 | 000,000,171 | ---- | M] () -- \Program Files\LibreOffice 3\Basis\program\pythonloader.uno.ini
[2011.03.15 21:50:14 | 000,066,250 | ---- | M] () -- \Program Files\LibreOffice 3\share\extensions\report-builder\libloader-1.0.0.jar
[2011.09.19 11:48:10 | 000,030,208 | ---- | M] () -- \Program Files\LibreOffice 3\URE\bin\javaloader.uno.dll
[2011.03.15 21:35:58 | 000,003,873 | ---- | M] () -- \Program Files\LibreOffice 3\URE\java\unoloader.jar
[2014.07.09 08:52:06 | 000,006,820 | ---- | M] () -- \Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\panels\images\ajax-loader.gif
[2015.02.18 17:27:02 | 000,031,516 | ---- | M] () -- \Program Files\Seznam.cz\distribution\install\cz.seznam.software.libfoxloader-3.1.2-win32.zip
[2015.08.03 11:44:14 | 000,001,702 | ---- | M] () -- \Program Files\Sony Mobile\Update Engine\licenses\loaderbinarylegal.txt
[2013.03.05 11:11:10 | 000,432,128 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Facebook\ZPSPluginLoader.exe
[2013.03.05 14:03:44 | 000,443,904 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 15:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Flickr\ZPSPluginLoader.exe
[2013.03.05 13:34:20 | 000,192,512 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Picasa\ZPSPluginLoader.exe
[2013.12.13 17:35:50 | 000,103,936 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Program32\8bfLoader.exe
[2013.12.13 17:35:58 | 000,018,944 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Program32\WICLoader.exe
[2016.05.10 13:27:26 | 000,006,673 | ---- | M] () -- \Users\Radek\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh\1.13.642_0\js\www\util\pub\pre_loader.js
[2014.02.16 12:02:36 | 000,071,894 | R--- | M] () -- \Users\Radek\AppData\Roaming\Microsoft\Installer\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}\GPUploader.exe
[2015.05.26 13:35:36 | 000,079,872 | ---- | M] () -- \Users\Radek\AppData\Roaming\Seznam.cz\bin\9984libfoxloader-x64.dll
[2015.05.26 13:37:42 | 000,078,504 | ---- | M] () -- \Users\Radek\AppData\Roaming\Seznam.cz\bin\9984libfoxloader.dll
[2015.11.16 21:00:09 | 000,000,164 | ---- | M] () -- \Users\Radek\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2015.02.18 17:27:02 | 000,031,516 | ---- | M] () -- \Users\Radek\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.1.2-win32.zip
[2015.01.06 16:17:14 | 000,000,665 | ---- | M] () -- \Users\Radek\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_2_5.install.bat
[2015.01.06 16:17:14 | 000,000,117 | ---- | M] () -- \Users\Radek\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_2_5.uninstall.bat
[2014.12.17 14:43:49 | 000,000,073 | ---- | M] () -- \Users\Radek\AppData\Roaming\Unity\WebPlayerPrefs\data_2eultimate_2ddisassembly_2ecom\prefloader2_5ffacebook_5f208a9_2eunity3d.upp
[2015.06.26 12:21:09 | 000,000,077 | ---- | M] () -- \Users\Radek\AppData\Roaming\Unity\WebPlayerPrefs\data_2eultimate_2ddisassembly_2ecom\prefloader2_5ffacebook_5f208o7_2eunity3d.upp
[2015.02.20 21:28:03 | 000,000,564 | ---- | M] () -- \Users\Radek\AppData\Roaming\Unity\WebPlayerPrefs\z6g7t5i5_2essl_2ehwcdn_2enet\prefrc2_2e7-redcrucible_5floader_2eunity3d.upp
[2012.05.22 16:24:08 | 854,573,984 | ---- | M] () -- \Users\Radek\Desktop\DDDDDDDDDDDDDDDDDDDDDDDDDDDD\Prerusene-ticho-2012.TVRip.cz.by.Salud.of.PowerUploaders.avi
[2009.07.14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2016.03.18 00:24:26 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2015.10.19 12:26:02 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 12\shockwave_Projector_Loader.dcr
[2013.07.08 13:04:40 | 000,009,622 | ---- | M] () -- \Windows\System32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2016.05.11 12:51:37 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_cs-cz_35d7452c7465d13a.manifest
[2016.05.11 12:51:37 | 000,034,536 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_cs-cz_35d7452c7465d13a_winload.exe.mui_3bc5b827
[2016.05.11 12:51:37 | 000,030,440 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_cs-cz_35d7452c7465d13a_winresume.exe.mui_ff8b5358
[2016.05.11 12:51:37 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_5dbb90b4e403376d.manifest
[2016.05.11 12:51:37 | 000,534,816 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_5dbb90b4e403376d_winload.exe_75835076
[2016.05.11 12:51:38 | 000,470,704 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_5dbb90b4e403376d_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2015.05.13 20:56:34 | 000,000,612 | ---- | M] () -- \Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2009.07.14 10:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2015.02.03 05:54:10 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_352654f75b66aedd.manifest
[2015.08.04 20:15:30 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18950_cs-cz_351a888d5b6fabc5.manifest
[2015.10.01 20:23:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_353bd0bd5b56a48b.manifest
[2014.12.13 03:50:10 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22908_cs-cz_35e2355e745d8d6b.manifest
[2015.01.13 00:09:15 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_cs-cz_35c59380747413ec.manifest
[2015.01.16 08:24:33 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_cs-cz_35c794147472469a.manifest
[2015.01.27 06:12:13 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22943_cs-cz_35b1f43c74827e7c.manifest
[2015.02.03 06:04:47 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_35b6f5ae747dfd2f.manifest
[2015.03.17 07:30:44 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23002_cs-cz_35dc0bc4746328a3.manifest
[2015.04.27 21:41:46 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23040_cs-cz_35aecb80748565b9.manifest
[2015.05.25 20:50:50 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_cs-cz_35905c50749bec3a.manifest
[2015.07.15 05:32:43 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_cs-cz_35ca6efa746fc308.manifest
[2015.07.15 20:44:27 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_cs-cz_35bf9f0e7477def9.manifest
[2015.07.23 03:24:51 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23142_cs-cz_35b0cdfa7483958e.manifest
[2015.08.04 20:38:06 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23153_cs-cz_35a6fe58748acad6.manifest
[2015.09.28 22:45:05 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23223_cs-cz_35c770027472742a.manifest
[2015.10.01 20:14:51 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23226_cs-cz_35ca70e0746fc02f.manifest
[2015.10.20 03:19:05 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23250_cs-cz_35a3ff60748d7bf8.manifest
[2015.12.30 21:30:42 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23313_cs-cz_35d241d4746a5560.manifest
[2016.01.17 02:54:34 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23334_cs-cz_35bda2467479a699.manifest
[2016.01.22 08:42:13 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_cs-cz_35c1a36e74760bf5.manifest
[2016.02.10 21:03:27 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23349_cs-cz_35b7d3cc747d413d.manifest
[2016.03.16 21:09:18 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23391_cs-cz_3579c1e074ad023a.manifest
[2016.03.18 01:01:03 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23392_cs-cz_357ac22a74ac1b91.manifest
[2016.04.09 09:21:02 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_cs-cz_35d7452c7465d13a.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 06:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2015.02.03 05:32:58 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_5d0aa07fcb041510.manifest
[2015.08.04 20:12:04 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18950_none_5cfed415cb0d11f8.manifest
[2015.10.01 20:21:33 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_5d201c45caf40abe.manifest
[2014.12.12 08:03:57 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22908_none_5dc680e6e3faf39e.manifest
[2015.01.12 05:35:19 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22921_none_5da9df08e4117a1f.manifest
[2015.01.14 08:45:13 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_5dabdf9ce40faccd.manifest
[2015.01.27 05:51:15 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22943_none_5d963fc4e41fe4af.manifest
[2015.02.03 05:54:42 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_5d9b4136e41b6362.manifest
[2015.03.17 07:06:11 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23002_none_5dc0574ce4008ed6.manifest
[2015.04.27 21:17:27 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23040_none_5d931708e422cbec.manifest
[2015.05.25 20:35:55 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23072_none_5d74a7d8e439526d.manifest
[2015.07.15 05:25:32 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_5daeba82e40d293b.manifest
[2015.07.15 20:16:39 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23136_none_5da3ea96e415452c.manifest
[2015.07.23 02:23:37 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23142_none_5d951982e420fbc1.manifest
[2015.08.04 20:18:44 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23153_none_5d8b49e0e4283109.manifest
[2015.09.28 22:46:19 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23223_none_5dabbb8ae40fda5d.manifest
[2015.10.01 20:05:19 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23226_none_5daebc68e40d2662.manifest
[2015.10.20 03:15:07 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23250_none_5d884ae8e42ae22b.manifest
[2015.12.30 21:23:44 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23313_none_5db68d5ce407bb93.manifest
[2016.01.17 02:43:34 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23334_none_5da1edcee4170ccc.manifest
[2016.01.22 08:39:54 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_5da5eef6e4137228.manifest
[2016.02.10 21:17:55 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23349_none_5d9c1f54e41aa770.manifest
[2016.03.16 21:02:45 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23391_none_5d5e0d68e44a686d.manifest
[2016.03.18 00:51:44 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23392_none_5d5f0db2e44981c4.manifest
[2016.04.09 09:16:41 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_5dbb90b4e403376d.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2016.06.07 18:41:33 | 000,019,136 | ---- | M] () -- \Windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.23918.0_none_9b756b1a36307bc0\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.18 13:09:17 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.09 05:08:08 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18847_none_0c9bd9e5da27bd35\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.16 20:34:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19131_none_0ca08403da2536ca\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.22 07:59:07 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19135_none_0ca4852bda219c26\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.09 07:34:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23049_none_0d274f66f343c2ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.17 02:09:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23334_none_0d2d2392f3401fc0\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.01.22 07:58:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23338_none_0d3124baf33c851c\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.03.16 20:23:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23391_none_0ce9432cf3737b61\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.03.18 00:24:26 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23392_none_0cea4376f37294b8\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:35A1F1D2

< End of report >

Duge77 píše:Zdravím, mělo by být vše v pořádku, štítek i aktivace je v pořádku.

K čemu pak slouží v systému nelegální aktivátor?

Netuším, co kdo dělal s PC přede mnou a ani jsem to hlouběji nezkoumal, nevím co k tomu napsat

Bohužel ani v tomto případě nemohu podle pravidel téma řešit. Za to co je v PC nainstalováno, v plné míře odpovídá uživatel a toto fórum nelegání OS zkrátka neřeší. Lepší zprávu pro vás nemám.

VIRY.CZ

Prosím kontrolu logu, pc nezobrazuje obsah flash pamětí

Prosím kontrolu logu, pc nezobrazuje obsah flash pamětí

Re: Prosím kontrolu logu, pc nezobrazuje obsah flash pamětí

Re: Prosím kontrolu logu, pc nezobrazuje obsah flash pamětí

Re: Prosím kontrolu logu, pc nezobrazuje obsah flash pamětí

Re: Prosím kontrolu logu, pc nezobrazuje obsah flash pamětí

Re: Prosím kontrolu logu, pc nezobrazuje obsah flash pamětí

Re: Prosím kontrolu logu, pc nezobrazuje obsah flash pamětí

Re: Prosím kontrolu logu, pc nezobrazuje obsah flash pamětí

Re: Prosím kontrolu logu, pc nezobrazuje obsah flash pamětí

Re: Prosím kontrolu logu, pc nezobrazuje obsah flash pamětí