Trojan:JS/FrameRef

jaruska · Příspěvekod **jaruska** » 09 úno 2013 21:44

Ahoj, tady je odkaz na leteckou poštu

http://leteckaposta.cz/850499407

AVP - žádná hláška o nákaze. Při prvním spuštění jsem nechala zatržené System memory, to jsi v tom výpisu neměl.
Po druhé jsem políčko odškrtla. K počítači jsem měla při obou spuštění připojenou flashku 8 GB a externí hardisk 500 GB.

Teď ještě spustím memtest 86.

Reklama

jaruska · Příspěvekod **jaruska** » 10 úno 2013 09:43

Memtest 86 jsem nechala víc jak 11 hodin. Výsledek 0 errors.
Po restartu počítače se objevila hláška:
"Systém windows nemůže najít soubor 4079875.exe. Ujistěte se ...."

Příspěvekod **jaro3** » 10 úno 2013 10:14

Hm to vypadá na soubor , který patří ke Kaspersky..
AVP odinstaluj.

Ještě zkusíme:
Stáhni Farbar Recovery Scan Tool x64

a ulož si ho na plochu.

Zapoj flashdisk do infikovaného počítače.
Zadej“ Možnosti obnovení systému“
Chceš-li zadat Volby pro obnovení systému z Rozšířené možnosti spuštění:
Restartuj počítač.Jakmile BIOS je načten stlač klávesu F8 a drž ji, dokud se zobrazí rozšířené možnosti spuštění.Pomocí kláves se šipkami vyber položku na opravu počítače menu.Vyber CZE jako nastavení jazyka klávesnice, a potom klepni na tlačítko Další.Vyber operační systém, který chceš opravit, a potom klepni na tlačítko Další.Vyber svůj uživatelský účet k klepni na tlačítko Další.
Chceš-li zadat Volby pro obnovení systému pomocí instalačního disku systému Windows:
Vlož instalační disk.Restartuj počítač.Pokud se zobrazí výzva, stiskni libovolnou klávesu pro spuštění systému Windows z instalačního disku. Pokud Tvůj počítač není nakonfigurován na spuštění z disku CD-ROM nebo DVD, zkontroluj nastavení systému BIOS.Klepni na tlačítko „Opravit tento počítač“.Vyberte CZE jako nastavení jazyka klávesnice, a potom klepni na tlačítko Další.Vyber operační systém, který chceš opravit, a potom klepni na tlačítko Další.Vyber svůj uživatelský účet a klepni na tlačítko Další.
V systémovém menu „Možnosti obnovení „ získáš následující možnosti:
Startup Repair
Obnovení systému Windows
Complete PC Restore
Windows Memory Diagnostic Tool
Příkazový řádek
Vyber příkazový řádek
V typu příkazu okna napiš „notepad“ a stiskni klávesu Enter. Poznámkový blok se otevře. V nabídce Soubor zvol Otevřít. Zvol "počítač" a najdi si flash písmeno jednotky a zavři poznámkový blok.V příkazovém okně

Kód: Vybrat vše

e: \ frst64.exe

a stiskněte klávesu Enter
Poznámka: Nahradit písmeno e písmenem vašeho flash disku. Nástroj začne běžet.Když nástroj otevře klepni na tlačítko „Yes“ (Ano) k potvrzení upozornění.
Nejprve stiskni tlačítko“ Skenovat“.
Program vyhotoví text. soubor.To bude protokol (FRST.txt)
Zadej následující v editačním okně po "Search(Hledání):"
services.exe
Klepni na tlačítko „Search“ (Hledat)
To bude druhý protokol (search.txt) Chci, abys sem vložil(a) oba , FRST.txt zprávu a search.txt .

jaruska · Příspěvekod **jaruska** » 11 úno 2013 23:58

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 12-02-2013 00:48:07
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup [85832 2011-07-14] (Authentec Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [1631808 2012-01-22] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [30264 2009-10-15] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [44280 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [642816 2012-12-18] (Adobe Systems Inc.)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [156000 2012-05-16] (Lenovo)
HKU\Default\...\RunOnce: [] [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [156000 2012-05-16] (Lenovo)
HKU\Default User\...\RunOnce: [] [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\Hanka.ADMIN\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1088424 2012-10-12] (Nokia)
HKU\Hanka.ADMIN\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17879728 2012-11-09] (Skype Technologies S.A.)
HKU\Hanka.ADMIN\...\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [1516632 2012-06-26] (Nokia)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.158.128.2 212.158.128.3
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services (Whitelisted) ===================

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-16] (Conexant Systems Inc.)
2 DraftSight API Service; "C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe" C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [117760 2012-10-03] (Dassault Systčmes)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-11] (Lenovo Group Limited)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
2 MSSQLSERVER; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [61913952 2010-04-03] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
4 SQLSERVERAGENT; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [428384 2010-04-03] (Microsoft Corporation)
2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited)
2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [92632 2012-08-27] (TomTom)
2 VIPAppService; "C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe" [84080 2012-04-18] (Symantec Corporation)

==================== Drivers (Whitelisted) =====================

1 HWiNFO32; \??\C:\Windows\system32\drivers\HWiNFO64A.SYS [29672 2013-01-01] (REALiX(tm))
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Marvell Semiconductor, Inc.)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
3 ssudobex; C:\Windows\System32\Drivers\ssudobex.sys [203104 2012-09-19] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 ss_bbus; C:\Windows\System32\Drivers\ss_bbus.sys [127488 2012-06-27] (MCCI)
3 ss_bmdfl; C:\Windows\System32\Drivers\ss_bmdfl.sys [18944 2012-06-27] (MCCI Corporation)
3 ss_bmdm; C:\Windows\System32\Drivers\ss_bmdm.sys [161280 2012-06-27] (MCCI Corporation)
1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-02-11 13:57 - 2013-02-11 13:57 - 00035671 ____A C:\Users\Uzivatel\Desktop\rodinný rozpocet.xlsx
2013-02-11 10:15 - 2013-02-11 10:15 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{F6EC8763-6EF0-43F7-A787-97AC79B6243E}
2013-02-10 22:57 - 2009-08-19 14:50 - 00024416 ___RA (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
2013-02-10 13:11 - 2013-02-10 13:11 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{D69B4B47-B1CA-4DAD-B98B-473AC1F5E722}
2013-02-10 12:27 - 2013-02-11 13:48 - 00024542 ____A C:\Users\Uzivatel\Desktop\docházka.xlsx
2013-02-10 00:59 - 2013-02-10 00:59 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{6392E1ED-ECD0-4132-A793-2C1A592CA5F9}
2013-02-10 00:48 - 2013-02-10 00:49 - 17301984 ____A (Adobe Systems Inc.) C:\Users\Uzivatel\Downloads\AdobeAIRInstaller.exe
2013-02-09 01:09 - 2013-02-10 00:35 - 00001762 ____A C:\Windows\PFRO.log
2013-02-09 00:51 - 2013-01-23 18:19 - 01196032 ____A C:\Users\Uzivatel\Downloads\Memtest86-4.1.0.iso
2013-02-09 00:50 - 2013-02-09 00:50 - 00585567 ____A C:\Users\Uzivatel\Downloads\memtest86-4.1.0-iso.zip
2013-02-09 00:48 - 2013-01-23 19:19 - 00000000 ____D C:\Users\Uzivatel\Downloads\ISOLINUX
2013-02-08 22:34 - 2013-02-11 15:10 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-08 22:33 - 2013-02-08 22:34 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{BB4D4E1C-90A8-4D36-BFD9-1ACC101A7D06}
2013-02-08 08:17 - 2009-08-19 14:50 - 00052568 ____A (Adobe Systems Inc) C:\Windows\System32\AdobePDF.dll
2013-02-07 23:47 - 2013-02-07 23:48 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{E083A6D3-3363-4694-A577-623BD7CF3F7C}
2013-02-07 02:34 - 2013-02-07 02:34 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{C22AFBD1-1EC4-4E52-BEB6-02887BE79A1B}
2013-02-06 23:52 - 2013-02-06 23:52 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2013-02-06 12:00 - 2013-02-06 12:01 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{44CA4F46-D421-4FF8-A175-9D43421C583C}
2013-02-06 11:57 - 2013-02-06 12:29 - 166394880 ____A C:\Users\Uzivatel\Desktop\setup_11.0.0.1245.x01_2013_02_06_17_06.exe
2013-02-03 21:01 - 2013-01-15 07:53 - 00158128 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-02-03 21:01 - 2013-01-15 07:53 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-02-03 21:01 - 2013-01-15 07:52 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-02-03 21:00 - 2013-02-03 21:01 - 00003449 ____A C:\Windows\SysWOW64\jupdate-1.6.0_39-b04.log
2013-02-03 12:29 - 2013-02-03 12:30 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{ACEF50DF-6F37-4BE0-9F94-9C7B2DEB3FC1}
2013-02-02 05:01 - 2013-02-02 05:04 - 00504637 ____A C:\Users\Public\Documents\2012 šichtovnice mzdy a zálohy.xlsx
2013-02-02 02:54 - 2013-02-02 02:54 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{B961FD45-2C66-45D3-A047-8413A3022068}
2013-02-01 11:07 - 2013-02-01 11:07 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{E1485AE0-2149-42C3-9C8D-5F845E9FBCA0}
2013-02-01 10:59 - 2013-02-01 10:59 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{F0C48DD7-4173-4E36-B184-F9F3DF3032CB}
2013-02-01 10:58 - 2012-03-08 09:40 - 00048488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2013-02-01 10:57 - 2013-02-01 11:02 - 00000766 ____A C:\Windows\DirectX.log
2013-02-01 10:51 - 2013-02-01 10:51 - 01289064 ____A (Microsoft Corporation) C:\Users\Uzivatel\Downloads\wlsetup-web.exe
2013-02-01 07:41 - 2013-02-11 14:49 - 00002244 ____A C:\Windows\setupact.log
2013-02-01 07:41 - 2013-02-01 07:41 - 00000000 ____A C:\Windows\setuperr.log
2013-02-01 02:27 - 2013-02-01 02:27 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-01 02:27 - 2013-02-01 02:27 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\TuneUp Software
2013-02-01 02:27 - 2013-02-01 02:27 - 00000000 ____D C:\Users\All Users\TuneUp Software
2013-02-01 02:26 - 2013-02-01 02:26 - 00001962 ____A C:\Users\Uzivatel\Desktop\CrystalDiskInfo.lnk
2013-02-01 02:26 - 2013-02-01 02:26 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\OpenCandy
2013-02-01 02:26 - 2013-02-01 02:26 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2013-02-01 02:25 - 2013-02-01 02:25 - 07090680 ____A (Crystal Dew World ) C:\Users\Uzivatel\Downloads\CrystalDiskInfo5_2_2Shizuku-en.exe
2013-02-01 01:41 - 2013-02-01 01:41 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{A2940761-631C-415F-B82A-0A5AD899F286}
2013-01-31 13:53 - 2013-02-11 14:54 - 00006750 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-01-31 13:25 - 2013-01-31 13:30 - 00000000 ____D C:\Program Files\WhoCrashed
2013-01-31 13:25 - 2013-01-31 13:25 - 02043928 ____A (Resplendence Software Projects Sp. ) C:\Users\Uzivatel\Downloads\whocrashedSetup.exe
2013-01-31 13:02 - 2013-02-01 03:25 - 00000000 ____D C:\Windows\Minidump
2013-01-31 12:13 - 2013-01-31 12:13 - 00000512 ____A C:\Users\Uzivatel\Desktop\MBR.dat
2013-01-31 11:10 - 2011-09-19 18:02 - 00083968 ____A (Esage Lab) C:\Users\Uzivatel\Desktop\boot_cleaner.exe
2013-01-30 10:03 - 2013-01-30 10:03 - 00000054 ____A C:\Users\Uzivatel\Desktop\fix.bat
2013-01-26 09:38 - 2013-01-26 09:41 - 00000000 ____D C:\Users\Uzivatel\Documents\FotoMorph Data
2013-01-26 09:38 - 2013-01-26 09:38 - 00000000 ____D C:\Program Files (x86)\Digital Photo Software
2013-01-26 00:15 - 2013-01-26 00:15 - 00356179 ____A C:\Users\Uzivatel\Downloads\gmer.zip
2013-01-26 00:11 - 2013-01-26 00:12 - 02195061 ____A C:\Users\Uzivatel\Downloads\tdsskiller.zip
2013-01-25 03:04 - 2013-01-25 03:04 - 00000613 ____A C:\Users\Uzivatel\Downloads\astlog_czech.zip
2013-01-25 03:03 - 2013-01-25 03:03 - 00026226 ____A C:\Users\Uzivatel\Downloads\astlog.zip
2013-01-25 02:52 - 2013-01-25 02:52 - 00529110 ____A C:\Users\Uzivatel\Downloads\wifipasswords.zip
2013-01-25 02:45 - 2013-01-25 02:45 - 00044992 ____A C:\Users\Uzivatel\Downloads\pwdcrack.zip
2013-01-20 07:45 - 2013-01-20 08:12 - 00000000 ____D C:\Users\Uzivatel\Documents\Readiris
2013-01-20 04:48 - 2013-01-20 04:48 - 00001892 ____A C:\Users\Uzivatel\Desktop\ImgBurn.lnk
2013-01-19 14:55 - 2013-01-19 14:56 - 01536858 ____A C:\Users\Uzivatel\Downloads\spacesniffer_1_1_4_0.zip
2013-01-19 13:36 - 2013-01-19 13:37 - 16420864 ____A C:\Users\Uzivatel\Downloads\python-2.7.3.amd64.msi
2013-01-19 10:34 - 2013-01-19 10:34 - 01680288 ____A ( ) C:\Users\Uzivatel\Downloads\cpu-z_1.62-setup-en.exe
2013-01-19 03:27 - 2013-01-19 03:27 - 00000000 ____D C:\Users\Hanka.ADMIN\AppData\Local\Adobe
2013-01-18 22:48 - 2013-02-07 11:16 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Adobe
2013-01-18 10:28 - 2013-01-18 10:28 - 00000000 ____D C:\Users\Hanka.ADMIN\AppData\Local\Broadcom
2013-01-18 10:27 - 2013-01-18 10:27 - 00000000 ____D C:\Users\Hanka.ADMIN\AppData\Local\ArcSoft
2013-01-18 08:39 - 2013-01-18 08:39 - 00000076 ____A C:\Users\Public\Documents\Nový textový dokument.txt
2013-01-18 01:01 - 2013-01-18 01:01 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Broadcom
2013-01-18 01:00 - 2013-01-18 01:00 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\ArcSoft
2013-01-18 00:53 - 2013-01-18 00:53 - 00002991 ____A C:\Users\Uzivatel\Desktop\HiJackThis.lnk
2013-01-18 00:53 - 2013-01-18 00:53 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-01-18 00:51 - 2013-01-18 00:51 - 01402880 ____A C:\Users\Uzivatel\Downloads\HiJackThis.msi
2013-01-17 11:43 - 2013-02-11 10:34 - 00000000 ____D C:\Users\Public\Documents\KOTELNA
2013-01-17 03:19 - 2013-01-17 03:25 - 00113194 ____A C:\Users\Public\Documents\DzNEM13_z.xlsx
2013-01-16 12:52 - 2013-02-08 22:57 - 00000000 ____D C:\Users\Public\Documents\recuva
2013-01-16 10:51 - 2013-01-16 10:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-16 10:51 - 2012-12-14 07:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-16 10:10 - 2013-01-16 10:10 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Uzivatel\Downloads\revosetup.exe
2013-01-16 10:10 - 2013-01-16 10:10 - 00001279 ____A C:\Users\Uzivatel\Desktop\Revo Uninstaller.lnk
2013-01-16 10:10 - 2013-01-16 10:10 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-01-15 03:25 - 2013-01-15 03:25 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Wooky_s.r.o
2013-01-15 02:48 - 2013-01-15 15:55 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Mobilbonus
2013-01-14 07:01 - 2013-01-14 07:01 - 00001672 ____A C:\Users\Uzivatel\Desktop\Photoshop – zástupce.lnk
2013-01-14 06:42 - 2013-01-14 06:44 - 00000000 ____D C:\Program Files (x86)\MeeSoft

==================== One Month Modified Files and Folders =======

2013-02-11 15:41 - 2012-03-14 04:35 - 01136160 ____A C:\Windows\WindowsUpdate.log
2013-02-11 15:10 - 2013-02-08 22:34 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-11 14:56 - 2009-07-13 20:45 - 00031296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-11 14:56 - 2009-07-13 20:45 - 00031296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-11 14:54 - 2013-01-31 13:53 - 00006750 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-02-11 14:49 - 2013-02-01 07:41 - 00002244 ____A C:\Windows\setupact.log
2013-02-11 14:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-11 14:40 - 2013-02-11 14:40 - 00000000 ____D C:\FRST
2013-02-11 13:57 - 2013-02-11 13:57 - 00035671 ____A C:\Users\Uzivatel\Desktop\rodinný rozpocet.xlsx
2013-02-11 13:54 - 2012-12-26 00:25 - 00000000 ____D C:\Users\Public\Documents\excel
2013-02-11 13:48 - 2013-02-10 12:27 - 00024542 ____A C:\Users\Uzivatel\Desktop\docházka.xlsx
2013-02-11 10:34 - 2013-01-17 11:43 - 00000000 ____D C:\Users\Public\Documents\KOTELNA
2013-02-11 10:34 - 2012-12-26 00:28 - 00000000 ____D C:\Users\Public\Documents\pdf
2013-02-11 10:15 - 2013-02-11 10:15 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{F6EC8763-6EF0-43F7-A787-97AC79B6243E}
2013-02-10 13:27 - 2012-04-06 16:15 - 00000000 ____D C:\Program Files (x86)\Opera
2013-02-10 13:11 - 2013-02-10 13:11 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{D69B4B47-B1CA-4DAD-B98B-473AC1F5E722}
2013-02-10 04:49 - 2012-11-13 04:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-10 04:10 - 2012-04-06 17:40 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Microsoft Help
2013-02-10 00:59 - 2013-02-10 00:59 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{6392E1ED-ECD0-4132-A793-2C1A592CA5F9}
2013-02-10 00:49 - 2013-02-10 00:48 - 17301984 ____A (Adobe Systems Inc.) C:\Users\Uzivatel\Downloads\AdobeAIRInstaller.exe
2013-02-10 00:49 - 2012-03-14 04:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-02-10 00:35 - 2013-02-09 01:09 - 00001762 ____A C:\Windows\PFRO.log
2013-02-09 00:50 - 2013-02-09 00:50 - 00585567 ____A C:\Users\Uzivatel\Downloads\memtest86-4.1.0-iso.zip
2013-02-08 23:53 - 2012-07-01 00:42 - 00000000 ____D C:\Program Files (x86)\Recepty doma
2013-02-08 22:57 - 2013-01-16 12:52 - 00000000 ____D C:\Users\Public\Documents\recuva
2013-02-08 22:34 - 2013-02-08 22:33 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{BB4D4E1C-90A8-4D36-BFD9-1ACC101A7D06}
2013-02-08 22:34 - 2012-04-06 13:38 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-08 22:34 - 2012-04-06 13:38 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-07 23:48 - 2013-02-07 23:47 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{E083A6D3-3363-4694-A577-623BD7CF3F7C}
2013-02-07 23:20 - 2012-04-06 19:29 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\Mozilla
2013-02-07 11:16 - 2013-01-18 22:48 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Adobe
2013-02-07 02:34 - 2013-02-07 02:34 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{C22AFBD1-1EC4-4E52-BEB6-02887BE79A1B}
2013-02-06 23:52 - 2013-02-06 23:52 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2013-02-06 12:29 - 2013-02-06 11:57 - 166394880 ____A C:\Users\Uzivatel\Desktop\setup_11.0.0.1245.x01_2013_02_06_17_06.exe
2013-02-06 12:01 - 2013-02-06 12:00 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{44CA4F46-D421-4FF8-A175-9D43421C583C}
2013-02-03 21:56 - 2012-04-06 18:00 - 00000000 ____D C:\RTSStavitel
2013-02-03 21:50 - 2012-04-07 02:08 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\.RTS
2013-02-03 21:01 - 2013-02-03 21:00 - 00003449 ____A C:\Windows\SysWOW64\jupdate-1.6.0_39-b04.log
2013-02-03 21:01 - 2012-09-04 11:37 - 00000000 ____D C:\Program Files (x86)\Java
2013-02-03 12:30 - 2013-02-03 12:29 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{ACEF50DF-6F37-4BE0-9F94-9C7B2DEB3FC1}
2013-02-02 05:04 - 2013-02-02 05:01 - 00504637 ____A C:\Users\Public\Documents\2012 šichtovnice mzdy a zálohy.xlsx
2013-02-02 02:54 - 2013-02-02 02:54 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{B961FD45-2C66-45D3-A047-8413A3022068}
2013-02-01 11:07 - 2013-02-01 11:07 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{E1485AE0-2149-42C3-9C8D-5F845E9FBCA0}
2013-02-01 11:02 - 2013-02-01 10:57 - 00000766 ____A C:\Windows\DirectX.log
2013-02-01 10:59 - 2013-02-01 10:59 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{F0C48DD7-4173-4E36-B184-F9F3DF3032CB}
2013-02-01 10:59 - 2012-04-13 07:00 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Windows Live
2013-02-01 10:58 - 2012-03-14 04:55 - 00000000 ____D C:\Program Files\Windows Live
2013-02-01 10:58 - 2012-03-14 04:55 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-02-01 10:51 - 2013-02-01 10:51 - 01289064 ____A (Microsoft Corporation) C:\Users\Uzivatel\Downloads\wlsetup-web.exe
2013-02-01 09:16 - 2012-10-23 06:03 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\Skype
2013-02-01 09:08 - 2012-04-06 10:16 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\VirtualStore
2013-02-01 07:41 - 2013-02-01 07:41 - 00000000 ____A C:\Windows\setuperr.log
2013-02-01 03:25 - 2013-01-31 13:02 - 00000000 ____D C:\Windows\Minidump
2013-02-01 02:27 - 2013-02-01 02:27 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-01 02:27 - 2013-02-01 02:27 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\TuneUp Software
2013-02-01 02:27 - 2013-02-01 02:27 - 00000000 ____D C:\Users\All Users\TuneUp Software
2013-02-01 02:26 - 2013-02-01 02:26 - 00001962 ____A C:\Users\Uzivatel\Desktop\CrystalDiskInfo.lnk
2013-02-01 02:26 - 2013-02-01 02:26 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\OpenCandy
2013-02-01 02:26 - 2013-02-01 02:26 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2013-02-01 02:25 - 2013-02-01 02:25 - 07090680 ____A (Crystal Dew World ) C:\Users\Uzivatel\Downloads\CrystalDiskInfo5_2_2Shizuku-en.exe
2013-02-01 01:41 - 2013-02-01 01:41 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\{A2940761-631C-415F-B82A-0A5AD899F286}
2013-01-31 23:50 - 2009-07-13 21:08 - 00032518 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-31 13:30 - 2013-01-31 13:25 - 00000000 ____D C:\Program Files\WhoCrashed
2013-01-31 13:25 - 2013-01-31 13:25 - 02043928 ____A (Resplendence Software Projects Sp. ) C:\Users\Uzivatel\Downloads\whocrashedSetup.exe
2013-01-31 13:14 - 2012-08-03 22:19 - 00000000 ____D C:\users\Hanka.ADMIN
2013-01-31 13:14 - 2012-04-12 12:43 - 00000000 ____D C:\users\Hanka
2013-01-31 13:07 - 2009-07-13 21:13 - 01770760 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-31 12:13 - 2013-01-31 12:13 - 00000512 ____A C:\Users\Uzivatel\Desktop\MBR.dat
2013-01-30 10:03 - 2013-01-30 10:03 - 00000054 ____A C:\Users\Uzivatel\Desktop\fix.bat
2013-01-30 02:53 - 2010-11-20 19:27 - 00273840 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-01-29 15:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-26 11:09 - 2012-10-23 06:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-01-26 11:09 - 2012-10-23 06:03 - 00000000 ____D C:\Users\All Users\Skype
2013-01-26 09:41 - 2013-01-26 09:38 - 00000000 ____D C:\Users\Uzivatel\Documents\FotoMorph Data
2013-01-26 09:38 - 2013-01-26 09:38 - 00000000 ____D C:\Program Files (x86)\Digital Photo Software
2013-01-26 09:10 - 2013-01-06 05:14 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Paint.NET
2013-01-26 00:15 - 2013-01-26 00:15 - 00356179 ____A C:\Users\Uzivatel\Downloads\gmer.zip
2013-01-26 00:12 - 2013-01-26 00:11 - 02195061 ____A C:\Users\Uzivatel\Downloads\tdsskiller.zip
2013-01-25 03:04 - 2013-01-25 03:04 - 00000613 ____A C:\Users\Uzivatel\Downloads\astlog_czech.zip
2013-01-25 03:03 - 2013-01-25 03:03 - 00026226 ____A C:\Users\Uzivatel\Downloads\astlog.zip
2013-01-25 02:52 - 2013-01-25 02:52 - 00529110 ____A C:\Users\Uzivatel\Downloads\wifipasswords.zip
2013-01-25 02:45 - 2013-01-25 02:45 - 00044992 ____A C:\Users\Uzivatel\Downloads\pwdcrack.zip
2013-01-23 19:19 - 2013-02-09 00:48 - 00000000 ____D C:\Users\Uzivatel\Downloads\ISOLINUX
2013-01-23 18:19 - 2013-02-09 00:51 - 01196032 ____A C:\Users\Uzivatel\Downloads\Memtest86-4.1.0.iso
2013-01-21 10:49 - 2012-12-09 21:49 - 00000000 ____D C:\Windows\erdnt
2013-01-20 12:56 - 2012-12-26 00:27 - 00000000 ____D C:\Users\Public\Documents\word
2013-01-20 12:50 - 2012-03-14 04:51 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-20 12:49 - 2012-04-06 11:02 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\Adobe
2013-01-20 08:35 - 2013-01-12 01:37 - 00000000 ____D C:\Users\Uzivatel\Documents\Naskenováno
2013-01-20 08:12 - 2013-01-20 07:45 - 00000000 ____D C:\Users\Uzivatel\Documents\Readiris
2013-01-20 08:11 - 2012-10-11 12:12 - 00000199 ____A C:\Windows\Readiris.ini
2013-01-20 04:48 - 2013-01-20 04:48 - 00001892 ____A C:\Users\Uzivatel\Desktop\ImgBurn.lnk
2013-01-19 14:56 - 2013-01-19 14:55 - 01536858 ____A C:\Users\Uzivatel\Downloads\spacesniffer_1_1_4_0.zip
2013-01-19 13:37 - 2013-01-19 13:36 - 16420864 ____A C:\Users\Uzivatel\Downloads\python-2.7.3.amd64.msi
2013-01-19 10:34 - 2013-01-19 10:34 - 01680288 ____A ( ) C:\Users\Uzivatel\Downloads\cpu-z_1.62-setup-en.exe
2013-01-19 04:46 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-01-19 04:44 - 2009-07-13 18:34 - 83886080 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-01-19 04:44 - 2009-07-13 18:34 - 19922944 ____A C:\Windows\System32\config\SYSTEM.bak
2013-01-19 04:44 - 2009-07-13 18:34 - 00294912 ____A C:\Windows\System32\config\DEFAULT.bak
2013-01-19 04:44 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-01-19 04:44 - 2009-07-13 18:34 - 00065536 ____A C:\Windows\System32\config\SAM.bak
2013-01-19 03:27 - 2013-01-19 03:27 - 00000000 ____D C:\Users\Hanka.ADMIN\AppData\Local\Adobe
2013-01-18 12:57 - 2012-12-25 13:20 - 00000000 ____D C:\Users\Hanka.ADMIN\AppData\Roaming\Skype
2013-01-18 10:28 - 2013-01-18 10:28 - 00000000 ____D C:\Users\Hanka.ADMIN\AppData\Local\Broadcom
2013-01-18 10:27 - 2013-01-18 10:27 - 00000000 ____D C:\Users\Hanka.ADMIN\AppData\Local\ArcSoft
2013-01-18 08:39 - 2013-01-18 08:39 - 00000076 ____A C:\Users\Public\Documents\Nový textový dokument.txt
2013-01-18 01:01 - 2013-01-18 01:01 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Broadcom
2013-01-18 01:00 - 2013-01-18 01:00 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\ArcSoft
2013-01-18 00:53 - 2013-01-18 00:53 - 00002991 ____A C:\Users\Uzivatel\Desktop\HiJackThis.lnk
2013-01-18 00:53 - 2013-01-18 00:53 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-01-18 00:51 - 2013-01-18 00:51 - 01402880 ____A C:\Users\Uzivatel\Downloads\HiJackThis.msi
2013-01-17 10:26 - 2012-04-11 13:12 - 00000384 ____A C:\Windows\ODBC.INI
2013-01-17 03:25 - 2013-01-17 03:19 - 00113194 ____A C:\Users\Public\Documents\DzNEM13_z.xlsx
2013-01-16 23:28 - 2012-04-06 13:48 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-01-16 11:45 - 2013-01-09 16:22 - 00000000 ____D C:\antitwined
2013-01-16 10:53 - 2013-01-16 10:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-16 10:32 - 2012-09-18 01:09 - 00000000 ____D C:\Program Files (x86)\Kalkulace nové komíny
2013-01-16 10:17 - 2012-12-27 00:20 - 00000000 ____D C:\Program Files (x86)\Clean Disk Security
2013-01-16 10:10 - 2013-01-16 10:10 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Uzivatel\Downloads\revosetup.exe
2013-01-16 10:10 - 2013-01-16 10:10 - 00001279 ____A C:\Users\Uzivatel\Desktop\Revo Uninstaller.lnk
2013-01-16 10:10 - 2013-01-16 10:10 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-01-15 15:55 - 2013-01-15 02:48 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Mobilbonus
2013-01-15 07:56 - 2012-09-04 11:37 - 00477616 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2013-01-15 07:56 - 2012-04-09 07:50 - 00473520 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2013-01-15 07:53 - 2013-02-03 21:01 - 00158128 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-01-15 07:53 - 2013-02-03 21:01 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-01-15 07:52 - 2013-02-03 21:01 - 00149936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-01-15 06:06 - 2012-08-03 22:19 - 00000000 ____D C:\Users\Hanka.ADMIN\AppData\Roaming\Adobe
2013-01-15 03:25 - 2013-01-15 03:25 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Wooky_s.r.o
2013-01-14 07:01 - 2013-01-14 07:01 - 00001672 ____A C:\Users\Uzivatel\Desktop\Photoshop – zástupce.lnk
2013-01-14 06:44 - 2013-01-14 06:42 - 00000000 ____D C:\Program Files (x86)\MeeSoft
2013-01-13 02:53 - 2012-04-06 10:16 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Google
2013-01-13 02:52 - 2012-03-14 04:54 - 00000000 ____D C:\Program Files (x86)\Google

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-31 12:35:40
Restore point made on: 2013-02-01 02:33:11
Restore point made on: 2013-02-01 02:33:43
Restore point made on: 2013-02-01 10:55:57
Restore point made on: 2013-02-01 10:57:27
Restore point made on: 2013-02-01 10:57:49
Restore point made on: 2013-02-01 10:58:12
Restore point made on: 2013-02-01 11:02:37
Restore point made on: 2013-02-01 11:02:57
Restore point made on: 2013-02-02 14:25:54
Restore point made on: 2013-02-03 21:00:46
Restore point made on: 2013-02-06 11:56:12
Restore point made on: 2013-02-09 01:34:45
Restore point made on: 2013-02-09 01:35:37
Restore point made on: 2013-02-10 00:46:06

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 4007.23 MB
Available physical RAM: 3154.03 MB
Total Pagefile: 4005.43 MB
Available Pagefile: 3138.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:323.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:4.49 GB) NTFS
4 Drive g: (TRANSCEND) (Removable) (Total:7.48 GB) (Free:7.48 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Stav Velikost Voln‚ Dyn Gpt
-------- ------------- -------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7668 MB 0 B

Probˇh ukoncenˇ programu DiskPart...

Partitions of Disk 0:
===============

Nynˇ je vybr n disk 0.

ID disku: 0F8080E2

Oddˇl ### Typ Velikost Posunutˇ
------------- ---------------- -------- --------
Oddˇl 1 Prim rnˇ 1500 MB 1024 KB
Oddˇl 2 Prim rnˇ 448 GB 1501 MB
Oddˇl 3 Prim rnˇ 15 GB 450 GB

Probˇh ukoncenˇ programu DiskPart...

==================================================================================

Partitions of Disk 1:
===============

Nynˇ je vybr n disk 1.

ID disku: 00000000

Oddˇl ### Typ Velikost Posunutˇ
------------- ---------------- -------- --------
Oddˇl 1 Prim rnˇ 7664 MB 4096 KB

Probˇh ukoncenˇ programu DiskPart...

==================================================================================

Last Boot: 2013-02-09 00:31

==================== End Of Log =============================

jaruska · Příspěvekod **jaruska** » 11 úno 2013 23:59

Farbar Recovery Scan Tool (x64) Version: 06-02-2013
Ran by SYSTEM at 2013-02-12 00:50:24
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-12-09 22:52] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Příspěvekod **jaro3** » 12 úno 2013 09:59

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

:Files
C:\Users\Uzivatel\AppData\Local\{D69B4B47-B1CA-4DAD-B98B-473AC1F5E722}
C:\Users\Uzivatel\AppData\Local\{6392E1ED-ECD0-4132-A793-2C1A592CA5F9}
C:\Users\Uzivatel\AppData\Local\{BB4D4E1C-90A8-4D36-BFD9-1ACC101A7D06}
C:\Users\Uzivatel\AppData\Local\{E083A6D3-3363-4694-A577-623BD7CF3F7C}
C:\Users\Uzivatel\AppData\Local\{C22AFBD1-1EC4-4E52-BEB6-02887BE79A1B}
C:\Users\Uzivatel\AppData\Local\{44CA4F46-D421-4FF8-A175-9D43421C583C}
C:\Windows\SysWOW64\jupdate-1.6.0_39-b04.log
C:\Users\Uzivatel\AppData\Local\{ACEF50DF-6F37-4BE0-9F94-9C7B2DEB3FC1}
C:\Users\Uzivatel\AppData\Local\{B961FD45-2C66-45D3-A047-8413A3022068}
C:\Users\Uzivatel\AppData\Local\{E1485AE0-2149-42C3-9C8D-5F845E9FBCA0}
C:\Users\Uzivatel\AppData\Local\{F0C48DD7-4173-4E36-B184-F9F3DF3032CB}
C:\Users\Uzivatel\AppData\Local\{A2940761-631C-415F-B82A-0A5AD899F286}
C:\Users\Uzivatel\Desktop\fix.bat
C:\Users\Uzivatel\Downloads\tdsskiller.zip
C:\Windows\Tasks\SA.DAT
C:\Users\Uzivatel\AppData\Local\{F6EC8763-6EF0-43F7-A787-97AC79B6243E}

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]
[EMPTYJAVA]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

wifipasswords.zip
pwdcrack.zip
to používáš? Raději smaž!

jaruska · Příspěvekod **jaruska** » 12 úno 2013 20:04

Ahoj, tady je log z OTL

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
========== FILES ==========
C:\Users\Uzivatel\AppData\Local\{D69B4B47-B1CA-4DAD-B98B-473AC1F5E722} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{6392E1ED-ECD0-4132-A793-2C1A592CA5F9} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{BB4D4E1C-90A8-4D36-BFD9-1ACC101A7D06} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{E083A6D3-3363-4694-A577-623BD7CF3F7C} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{C22AFBD1-1EC4-4E52-BEB6-02887BE79A1B} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{44CA4F46-D421-4FF8-A175-9D43421C583C} folder moved successfully.
C:\Windows\SysWOW64\jupdate-1.6.0_39-b04.log moved successfully.
C:\Users\Uzivatel\AppData\Local\{ACEF50DF-6F37-4BE0-9F94-9C7B2DEB3FC1} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{B961FD45-2C66-45D3-A047-8413A3022068} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{E1485AE0-2149-42C3-9C8D-5F845E9FBCA0} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{F0C48DD7-4173-4E36-B184-F9F3DF3032CB} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{A2940761-631C-415F-B82A-0A5AD899F286} folder moved successfully.
C:\Users\Uzivatel\Desktop\fix.bat moved successfully.
C:\Users\Uzivatel\Downloads\tdsskiller.zip moved successfully.
C:\Windows\Tasks\SA.DAT moved successfully.
C:\Users\Uzivatel\AppData\Local\{F6EC8763-6EF0-43F7-A787-97AC79B6243E} folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hanka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hanka.ADMIN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Uzivatel
->Temp folder emptied: 527174701 bytes
->Temporary Internet Files folder emptied: 45164637 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62140027 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 23358456 bytes
->Flash cache emptied: 64171 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 6750 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 783756 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 583900 bytes

Total Files Cleaned = 629,00 mb

Restore point Set: OTL Restore Point
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Hanka

User: Hanka.ADMIN
->Java cache emptied: 0 bytes

User: Public

User: Uzivatel
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02122013_195800

Files\Folders moved on Reboot...
C:\Users\Uzivatel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Příspěvekod **jaro3** » 12 úno 2013 22:54

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s

Neměň nastavení, jen klikni na Prohledat (Run Scan), nech sken dokončit. Až se se objeví textový soubor , tak sem vlož prosím jeho celý obsah.

jaruska · Příspěvekod **jaruska** » 14 úno 2013 21:24

Ahoj, tady to je:

OTL logfile created on: 14.2.2013 21:03:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Uzivatel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,91 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 53,78% Memory free
7,82 Gb Paging File | 5,62 Gb Available in Paging File | 71,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,67 Gb Total Space | 323,95 Gb Free Space | 72,20% Space Free | Partition Type: NTFS

Computer Name: ADMIN | User Name: Uzivatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.12 19:56:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uzivatel\Desktop\OTL.exe
PRC - [2012.12.18 12:14:27 | 000,642,816 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.05.11 16:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012.04.18 23:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2012.01.23 02:06:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.12.21 08:25:02 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2011.11.04 07:37:18 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.10.20 11:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011.10.20 11:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011.10.20 11:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011.09.01 18:27:08 | 000,446,800 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
PRC - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011.07.12 08:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.05.31 18:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.05.31 18:48:34 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011.05.31 18:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011.05.25 22:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011.02.24 08:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.22 04:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 04:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.07 04:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010.10.27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.03.11 22:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.10.15 10:13:50 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

========== Modules (No Company Name) ==========

MOD - [2010.04.06 17:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2010.04.06 17:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll
MOD - [2009.02.27 19:06:13 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.SKY
MOD - [2009.02.27 19:01:34 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.POL
MOD - [2009.02.27 18:56:34 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.HUN
MOD - [2009.02.27 18:51:26 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.CZE

========== Services (SafeList) ==========

SRV:64bit: - [2012.10.03 15:42:10 | 000,117,760 | ---- | M] (Dassault Systèmes) [Auto | Running] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV:64bit: - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.11.18 11:10:40 | 000,144,448 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2011.11.01 12:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.11.01 12:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.11.01 12:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.10.17 14:48:24 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011.08.11 03:20:42 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.07.12 08:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011.07.12 08:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011.07.12 08:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011.05.31 18:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011.05.31 18:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011.03.30 03:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.12.16 23:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.04.30 02:10:40 | 000,127,800 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.09 07:34:56 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:36:40 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.03 14:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.05.11 16:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012.04.18 23:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2012.04.07 02:57:45 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.01.23 02:06:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012.01.23 02:06:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.10.20 11:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011.10.20 11:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011.09.01 18:27:08 | 000,446,800 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe -- (SROSVC)
SRV - [2011.02.24 08:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.02.22 04:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 04:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.07 04:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.11 22:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.10.15 10:13:50 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.01.01 19:06:54 | 000,029,672 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudobex.sys -- (ssudobex)
DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.03 19:34:28 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.06.27 14:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.06.27 09:37:56 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2012.06.27 09:37:56 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2012.06.27 09:37:56 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2012.06.11 13:17:44 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012.06.11 13:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.06.11 13:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.06.11 13:17:44 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012.03.14 13:25:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.03.14 13:25:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.23 02:06:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.12.27 02:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.12.23 12:30:56 | 000,412,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.10.31 14:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.10.17 15:24:50 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.10.17 15:24:44 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.10.17 15:24:44 | 000,146,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.10.17 15:24:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.10.17 15:24:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.09.01 02:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.19 06:20:36 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.08.11 03:20:42 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011.07.08 16:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2011.06.21 23:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.21 23:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.30 17:21:40 | 000,013,128 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)
DRV:64bit: - [2011.05.26 01:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011.03.30 03:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.03.30 03:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.03.24 07:36:20 | 001,576,064 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.05 02:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.28 19:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 15:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.07 06:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.04.29 00:49:50 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2010.04.03 09:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.12.05 13:38:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.10 13:49:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013.02.08 08:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uzivatel\AppData\Roaming\Mozilla\Extensions
[2013.02.04 06:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.02.04 06:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.02.10 13:49:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 09:38:00 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2012.03.13 09:38:00 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.03.13 09:38:00 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2012.03.13 09:38:00 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.03.13 09:38:00 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://searchfunmoods.com/?f=1&a=kno&ir ... 1190233474
CHR - default_search_provider: Funmoods (Enabled)
CHR - default_search_provider: search_url = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=kno&ir=kno&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0D0A0ByE0DtA0A0B0D0AtN0D0Tzu0CtAzytBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1190233474
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://searchfunmoods.com/?f=1&a=kno&ir ... 1190233474
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Sv\u00E1tky - Jmeniny = C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\acanokghadamaghkbbiclbleblhndfig\1.0_0\
CHR - Extension: Funmoods = C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: Meteopress - p\u0159edpov\u011B\u010F po\u010Das\u00ED = C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcpnncnkejclcjokemijhkikfeojpgno\1.2_0\
CHR - Extension: New Tab = C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\6.0_0\
CHR - Extension: Virtu\u00E1ln\u00ED kl\u00E1vesnice (od Google) = C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\0.9.8.8_0\

O1 HOSTS File: ([2013.01.19 13:46:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - Startup: C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_18684519.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Prevést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Prevést cíl vazby do existujícího PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Prevést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Pridat do stávajícího PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Prevést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Prevést cíl vazby do existujícího PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Prevést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Pridat do stávajícího PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} https://adisepo.mfcr.cz/adistc/adis/idp ... tsignx.cab (CryptSignX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.158.128.2 212.158.128.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A7E5250-3EE5-4109-865F-D7713EF57F30}: DhcpNameServer = 172.168.111.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{614F1BC4-5026-4228-BAA2-028217FD085E}: DhcpNameServer = 212.158.128.2 212.158.128.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Uzivatel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Svátky a narozeniny.lnk - - File not found
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: AcWin7Hlpr - hkey= - key= - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: KiesAirMessage - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
MsConfig:64bit - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: NSU_agent - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

jaruska · Příspěvekod **jaruska** » 14 úno 2013 21:26

... a druhá část

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B314710-AD17-8ADD-87A7-991F6D704191} - Microsoft Windows Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.ACDV - File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.14 13:00:00 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\AppData\Local\{701CF02C-6FA8-46A0-989B-AB26275825AD}
[2013.02.14 01:01:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 01:01:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 01:00:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 01:00:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 01:00:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 01:00:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 01:00:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 01:00:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 01:00:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 01:00:56 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 01:00:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 01:00:56 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 01:00:55 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 01:00:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 01:00:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 00:53:14 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\AppData\Local\{1429D17A-A41D-4130-B8B0-3AB4DEB8A5BD}
[2013.02.13 10:46:05 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 10:46:04 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 10:46:03 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 10:45:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 10:45:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 10:45:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 10:45:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 10:45:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 10:45:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 10:45:49 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.12 19:58:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.12 19:56:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Uzivatel\Desktop\OTL.exe
[2013.02.11 23:40:36 | 000,000,000 | ---D | C] -- C:\FRST
[2013.02.11 07:57:07 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2013.02.10 09:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.02.08 17:17:30 | 000,052,568 | ---- | C] (Adobe Systems Inc) -- C:\Windows\SysNative\AdobePDF.dll
[2013.02.07 08:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.02.04 06:01:22 | 000,158,128 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013.02.04 06:01:21 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013.02.04 06:01:21 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2013.02.01 19:58:21 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2013.02.01 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.02.01 11:27:46 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\AppData\Roaming\TuneUp Software
[2013.02.01 11:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.02.01 11:27:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.01 11:27:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.01 11:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2013.02.01 11:26:07 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\AppData\Roaming\OpenCandy
[2013.02.01 11:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2013.01.31 22:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2013.01.31 22:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2013.01.31 22:02:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.01.31 20:10:25 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Uzivatel\Desktop\boot_cleaner.exe
[2013.01.30 00:47:19 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
[2013.01.30 00:37:34 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\AppData\Local\Diagnostics
[2013.01.26 20:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.26 20:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.26 18:38:49 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\Documents\FotoMorph Data
[2013.01.26 18:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Photo Software
[2013.01.26 18:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital Photo Software
[2013.01.21 19:50:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.20 16:45:59 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\Documents\Readiris
[2013.01.19 14:09:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.19 07:48:57 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\AppData\Local\Adobe
[2013.01.18 10:01:05 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\AppData\Local\Broadcom
[2013.01.18 10:00:55 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\AppData\Local\ArcSoft
[2013.01.18 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013.01.18 09:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013.01.17 20:43:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\KOTELNA
[2013.01.16 21:52:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\recuva
[2013.01.16 19:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.16 19:51:53 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.16 19:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.16 19:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013.01.16 19:10:34 | 000,000,000 | ---D | C] -- C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.02.14 20:10:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.14 18:38:29 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 18:38:29 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 18:30:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.14 18:29:44 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 12:52:11 | 000,446,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 00:52:43 | 000,231,390 | ---- | M] () -- C:\Users\Uzivatel\Desktop\rodinný rozpočet.rar
[2013.02.12 19:56:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uzivatel\Desktop\OTL.exe
[2013.02.09 07:34:56 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.09 07:34:55 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.07 22:15:35 | 000,001,022 | ---- | M] () -- C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_18684519.lnk
[2013.02.06 21:29:50 | 166,394,880 | ---- | M] () -- C:\Users\Uzivatel\Desktop\setup_11.0.0.1245.x01_2013_02_06_17_06.exe
[2013.02.01 11:26:09 | 000,001,962 | ---- | M] () -- C:\Users\Uzivatel\Desktop\CrystalDiskInfo.lnk
[2013.01.31 22:07:03 | 001,770,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.31 21:13:55 | 000,000,512 | ---- | M] () -- C:\Users\Uzivatel\Desktop\MBR.dat
[2013.01.26 20:09:10 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.20 17:11:33 | 000,000,199 | ---- | M] () -- C:\Windows\Readiris.ini
[2013.01.20 13:48:36 | 000,001,892 | ---- | M] () -- C:\Users\Uzivatel\Desktop\ImgBurn.lnk
[2013.01.19 22:15:52 | 000,575,712 | ---- | M] () -- C:\Users\Public\Documents\letajici_cirkus.pdf
[2013.01.19 13:46:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.18 09:53:15 | 000,002,991 | ---- | M] () -- C:\Users\Uzivatel\Desktop\HiJackThis.lnk
[2013.01.17 19:26:13 | 000,000,384 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.01.16 19:10:34 | 000,001,279 | ---- | M] () -- C:\Users\Uzivatel\Desktop\Revo Uninstaller.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.14 00:52:43 | 000,231,390 | ---- | C] () -- C:\Users\Uzivatel\Desktop\rodinný rozpočet.rar
[2013.02.09 07:34:56 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.07 22:15:35 | 000,001,022 | ---- | C] () -- C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_18684519.lnk
[2013.02.06 20:57:51 | 166,394,880 | ---- | C] () -- C:\Users\Uzivatel\Desktop\setup_11.0.0.1245.x01_2013_02_06_17_06.exe
[2013.02.01 11:26:09 | 000,001,962 | ---- | C] () -- C:\Users\Uzivatel\Desktop\CrystalDiskInfo.lnk
[2013.01.31 21:13:55 | 000,000,512 | ---- | C] () -- C:\Users\Uzivatel\Desktop\MBR.dat
[2013.01.20 13:48:36 | 000,001,892 | ---- | C] () -- C:\Users\Uzivatel\Desktop\ImgBurn.lnk
[2013.01.19 22:15:52 | 000,575,712 | ---- | C] () -- C:\Users\Public\Documents\letajici_cirkus.pdf
[2013.01.18 09:53:15 | 000,002,991 | ---- | C] () -- C:\Users\Uzivatel\Desktop\HiJackThis.lnk
[2013.01.16 19:10:34 | 000,001,279 | ---- | C] () -- C:\Users\Uzivatel\Desktop\Revo Uninstaller.lnk
[2013.01.02 20:53:14 | 000,007,597 | ---- | C] () -- C:\Users\Uzivatel\AppData\Local\Resmon.ResmonCfg
[2012.12.18 07:37:04 | 000,002,100 | ---- | C] () -- C:\Users\Uzivatel\AppData\Local\recently-used.xbel
[2012.12.12 13:10:41 | 000,015,270 | ---- | C] () -- C:\ProgramData\P1210OS.HTM
[2012.12.12 13:10:41 | 000,002,944 | ---- | C] () -- C:\ProgramData\P1210SIG.GIF
[2012.11.24 09:40:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.11.24 09:36:55 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012.10.19 12:13:07 | 000,000,117 | ---- | C] () -- C:\Windows\StwGLX.INI
[2012.10.11 21:12:10 | 000,000,199 | ---- | C] () -- C:\Windows\Readiris.ini
[2012.10.01 12:11:35 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2012.10.01 12:08:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Automatic Filter
[2012.10.01 12:08:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Authentication
[2012.10.01 12:08:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Audio Units
[2012.10.01 12:08:50 | 000,000,268 | RH-- | C] () -- C:\Users\Uzivatel\AppData\Roaming\Audio
[2012.10.01 12:08:50 | 000,000,268 | RH-- | C] () -- C:\Users\Uzivatel\AppData\Roaming\Applications
[2012.10.01 12:08:50 | 000,000,268 | RH-- | C] () -- C:\Users\Uzivatel\AppData\Roaming\Application Support
[2012.10.01 12:08:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.10.01 12:08:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.10.01 12:08:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.09.18 10:09:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.07.28 16:14:30 | 000,001,077 | ---- | C] () -- C:\Users\Uzivatel\Hudba – zástupce.lnk
[2012.07.01 09:42:35 | 000,201,216 | ---- | C] () -- C:\Windows\SysWow64\mediarcpt.dll
[2012.04.13 22:35:15 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.13 22:35:12 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.04.11 22:12:16 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.04.07 03:48:54 | 000,046,080 | ---- | C] () -- C:\Windows\tbuninst2.exe
[2012.04.07 03:37:41 | 000,081,920 | R--- | C] () -- C:\Windows\SysWow64\mvusbews.dll
[2012.03.14 13:48:36 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.14 13:48:35 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.14 13:48:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.14 13:39:47 | 001,749,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2010.11.05 15:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\SWTOOLS\DRIVERS\IMSM\iaStor.sys
[2010.11.05 15:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 15:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2012.03.14 13:25:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2012.03.14 13:25:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2012.03.14 13:25:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2012.03.14 13:25:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2012.03.14 13:25:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2012.03.14 13:25:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2012.03.14 13:25:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2012.03.14 13:25:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

jaruska · Příspěvekod **jaruska** » 14 úno 2013 21:30

a ještě Extras

OTL Extras logfile created on: 14.2.2013 21:03:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Uzivatel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,91 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 53,78% Memory free
7,82 Gb Paging File | 5,62 Gb Available in Paging File | 71,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,67 Gb Total Space | 323,95 Gb Free Space | 72,20% Space Free | Partition Type: NTFS

Computer Name: ADMIN | User Name: Uzivatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049E9A0B-F0E6-451B-8DA2-976A73A10C37}" = rport=139 | protocol=6 | dir=out | app=system |
"{0B1790AB-88A2-4A8E-A219-F44CF9B8AC37}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C5FC884-CC88-4310-B8ED-7ED920E84773}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3B79D61B-C988-4A77-AA79-F05D10CB00CD}" = lport=139 | protocol=6 | dir=in | app=system |
"{4C1ABEF5-C215-4EE6-A7E9-20E0066970A1}" = rport=137 | protocol=17 | dir=out | app=system |
"{69181B8D-B8B2-4AF5-8F32-4F17221AEEA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A481C1B9-2427-4858-9394-5EAB8F322BB3}" = lport=138 | protocol=17 | dir=in | app=system |
"{A7CF5CC7-7766-44B9-AFE9-5E75CD4951A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{C5C01192-F3DD-4048-A285-5226EE8A1B9E}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6BBDC9F-92EC-4672-9292-BB5F8C88A91A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D90441DE-A2B7-4790-878E-834F81B7D79C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0F948B0-A91B-4712-A1C2-B195727275D0}" = lport=137 | protocol=17 | dir=in | app=system |
"{E892F93C-1251-45BA-BB34-2465A6D06A62}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{F05808CB-5B74-4080-8C99-84FC326BE23D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F9C047D1-E01C-48EC-8DA2-EED0CEB94E78}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06344602-F365-426A-B860-6C78AD393466}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{14463ADE-E945-4CAA-A588-EFCCF7EDAAA4}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{1964CF7F-DB8E-46DA-95D5-E3B7D8E25507}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1AC04D9B-A4A9-453E-813D-4F0E6B7FCC27}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1E699977-98B5-4A87-971B-7E9DE862B163}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2045A5F5-9C3E-4801-B864-B949751FC8B1}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{303DD7CC-81CE-4C9C-8942-217548E43BCD}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{3FEF557A-B7E1-4193-9E15-BA2D7F9465EB}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{41DEACE0-0DB2-4BD4-A4C8-3B482AC21230}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{66605904-A9DE-47D1-BE7E-DA7E69D04AA4}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{74105A06-4F71-42C3-A9B5-8E76C3EFD12C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7C7A8ABB-1B25-4839-B996-5D120DD2AFD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A64B698-3A29-46D7-B990-47F1B52FC99B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AFFB09C-45AA-4682-9CDE-0434BC15F05A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8EA749B0-AAE9-4A27-9FBE-9DF19FB0D394}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{92ED1999-B4C5-4B4B-8583-A9B835ED3F98}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{99B4C2D1-23DD-4A91-8893-3A63724ED7D3}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{B2EFCD05-D8C0-4C16-9AB0-1F3588704D58}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF8F53AE-1136-43F7-B695-E5E8DACF7900}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDD80EE6-8CA9-4D60-9F68-0302151DE5E4}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{D0F556B6-D275-401A-8A4C-F3FA83CEA868}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D7E4DB48-1D7F-4BFB-8FB2-3752EA3D540A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DF74B75C-8630-438F-B401-960FB65B8758}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F10EBF01-3B70-434F-A27B-776C60DA20C8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA4B8859-C2E4-46D8-B76D-BFEC97179F8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{44AD7ED9-4B66-40FD-B9CA-79A517A59F0A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{EFF4B113-F19A-46BB-B893-6259F711E7D7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C83CB66-D345-4D6C-95A2-63A03269ADA0}" = Lenovo Patch Utility 64 bit
"{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
"{22EE33DC-181C-48E6-B14B-A2865FBA132A}" = DraftSight x64
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{57505B29-9D1D-45A3-9C15-D73447D7347D}" = Microsoft SQL Server Native Client
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{C2938C94-239C-4156-B245-C5406A4F3E93}" = ThinkVantage Fingerprint Software
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0C56275-9E7F-4BE5-AB37-15124BF808F2}" = Windows Live Family Safety
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Software Intel(R) PROSet/Wireless WiFi
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client CS-CZ Language Pack
"{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}" = Lenovo SimpleTap
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B" = Windows Driver Package - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00)
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9)
"73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12" = Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008)
"828B05D2B647CDAEA22493F7BFB96847265EE596" = Windows Driver Package - Realtek (RTL8167) Net (12/29/2010 7.037.1229.2010)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"HWiNFO64_is1" = HWiNFO64 Version 4.08
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 8.2.0.1406
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"WhoCrashed_is1" = WhoCrashed 4.01
"WinRAR archiver" = WinRAR 4.11 (64-bit)
"ZonerPhotoStudio14_CZ_is1" = Zoner Photo Studio 14

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.5
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 39
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3AC26580-A695-4134-84AE-5121B3AAE545}" = Readiris Pro 12
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5F814E9B-4330-4050-A2EB-F15001F42730}" = StormWare GLX DEMO
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{786AD594-D1E7-447E-91F5-92C4A525D693}" = STORMWARE GLX CZ Mini
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}" = Message Center Plus
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{82569A98-7F23-492E-BF61-2B56DE76EF1B}" = STORMWARE POHODA CZ Standard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87A9A094-22A8-4F8A-9B7D-03D7CA48CE15}_is1" = FotoMorph version 13.7.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{90F80405-6000-11D3-8CFE-0150048383C9}" = Nástroj pro odstranění skrytých dat
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91A29166-4E1B-4664-B70B-4C4A3B6B3372}" = Lenovo Screen Reading Optimizer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{99032CFF-DBB0-4C9C-B03D-B922422F4A39}" = edu-learning pro MS Office 2007 CZ
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AC76BA86-1029-4770-7760-000000000004}_953" = Adobe Acrobat 9.5.3 - CPSID_83708
"{AC76BA86-1029-4770-7760-000000000004}{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F2672232-FF17-4DC9-8F24-A1E1829FE086}" = BisonCam Twain Pro
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-Twin 2012-08-20 12.48.59" = Anti-Twin (Installation 20.08.2012)
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"AvantBrowser" = Avant Browser (remove only)
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.2.2 Shizuku Edition
"Demo Weld Cost Calc XL" = Demo Weld Cost Calc XL
"funmoods" = Funmoods
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"Jigs@w Puzzle" = Jigs@w Puzzle
"Kalkulace nové komíny_is1" = Kalkulace nové komíny 1.3.2009 (9.4.2009)
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 cs)" = Mozilla Firefox 17.0.1 (x86 cs)
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Opera 12.11.1661" = Opera 12.11
"Opera 12.14.1738" = Opera 12.14
"Picasa 3" = Picasa 3
"Print Envelope_is1" = Print Envelope 3.1.0.2
"PRJPRO" = Microsoft Office Project Professional 2007
"ProInst" = Intel PROSet Wireless
"Psaní všemi deseti_is1" = Psaní všemi deseti 1.5
"Recepty doma_is1" = Recepty doma
"Revo Uninstaller" = Revo Uninstaller 1.94
"R-Studio 6.1NSIS" = R-Studio 6.1
"RTS Stavitel+ 2011_is1" = RTS Stavitel+ 2011
"Rybář - profesionální rybářský záznamník_is1" = Rybář
"TrueCrypt" = TrueCrypt
"VirtualCloneDrive" = VirtualCloneDrive
"Výukový program deskriptivní geometrie_is1" = Výukový program deskriptivní geometrie 2.51
"WinLiveSuite" = Windows Live Essentials
"ZAV_DOMA_is1" = ZAV 4.48
"ZonerCallisto5_CZ_is1" = Zoner Callisto 5 FREE

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.2.2013 7:52:49 | Computer Name = Admin | Source = WinMgmt | ID = 10
Description =

Error - 14.2.2013 7:56:59 | Computer Name = Admin | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 14.2.2013 7:56:59 | Computer Name = Admin | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 14.2.2013 7:56:59 | Computer Name = Admin | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 14.2.2013 7:56:59 | Computer Name = Admin | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 14.2.2013 13:30:48 | Computer Name = Admin | Source = WinMgmt | ID = 10
Description =

Error - 14.2.2013 13:35:05 | Computer Name = Admin | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 14.2.2013 13:35:05 | Computer Name = Admin | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 14.2.2013 13:35:05 | Computer Name = Admin | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error - 14.2.2013 13:35:05 | Computer Name = Admin | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

[ Lenovo-Message Center Plus/Admin Events ]
Error - 29.9.2012 13:03:44 | Computer Name = Admin | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Není znám žádný takový hostitel -> Exception message: Není
znám žádný takový hostitel

Error - 29.9.2012 13:03:45 | Computer Name = Admin | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Není znám žádný takový hostitel -> Exception message: Není
znám žádný takový hostitel

Error - 29.9.2012 15:45:01 | Computer Name = Admin | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Není znám žádný takový hostitel -> Exception message: Není
znám žádný takový hostitel

Error - 29.9.2012 15:45:01 | Computer Name = Admin | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Není znám žádný takový hostitel -> Exception message: Není
znám žádný takový hostitel

Error - 29.9.2012 15:45:01 | Computer Name = Admin | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Není znám žádný takový hostitel -> Exception message: Není
znám žádný takový hostitel

Error - 21.11.2012 13:14:05 | Computer Name = Admin | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Vzdálený server vrátil chybu: (404) Nenalezeno. -> Exception message:
Vzdálený server vrátil chybu: (404) Nenalezeno.

Error - 13.1.2013 6:38:46 | Computer Name = Admin | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Není znám žádný takový hostitel -> Exception message: Není
znám žádný takový hostitel

Error - 13.1.2013 6:38:46 | Computer Name = Admin | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Není znám žádný takový hostitel -> Exception message: Není
znám žádný takový hostitel

Error - 13.1.2013 6:38:46 | Computer Name = Admin | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Není znám žádný takový hostitel -> Exception message: Není
znám žádný takový hostitel

Error - 18.1.2013 16:59:03 | Computer Name = Admin | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Zařízení připojené k systému nefunguje -> Exception message:
Zařízení připojené k systému nefunguje

[ Media Center Events ]
Error - 27.9.2012 15:58:23 | Computer Name = Admin | Source = MCUpdate | ID = 0
Description = 21:58:22 - Chyba při připojování k Internetu 21:58:22 - Nelze kontaktovat
server..

Error - 27.9.2012 16:58:27 | Computer Name = Admin | Source = MCUpdate | ID = 0
Description = 22:58:27 - Chyba při připojování k Internetu 22:58:27 - Nelze kontaktovat
server..

Error - 27.9.2012 16:58:32 | Computer Name = Admin | Source = MCUpdate | ID = 0
Description = 22:58:32 - Chyba při připojování k Internetu 22:58:32 - Nelze kontaktovat
server..

Error - 27.9.2012 17:58:37 | Computer Name = Admin | Source = MCUpdate | ID = 0
Description = 23:58:37 - Chyba při připojování k Internetu 23:58:37 - Nelze kontaktovat
server..

Error - 27.9.2012 17:58:42 | Computer Name = Admin | Source = MCUpdate | ID = 0
Description = 23:58:42 - Chyba při připojování k Internetu 23:58:42 - Nelze kontaktovat
server..

Error - 27.9.2012 18:58:47 | Computer Name = Admin | Source = MCUpdate | ID = 0
Description = 0:58:47 - Chyba při připojování k Internetu 0:58:47 - Nelze kontaktovat
server..

Error - 27.9.2012 18:58:52 | Computer Name = Admin | Source = MCUpdate | ID = 0
Description = 0:58:52 - Chyba při připojování k Internetu 0:58:52 - Nelze kontaktovat
server..

Error - 22.11.2012 11:19:25 | Computer Name = Admin | Source = MCUpdate | ID = 0
Description = 16:19:25 - Načtení položky Directory se nezdařilo. (Chyba: Nadřízené
připojení bylo uzavřeno: Došlo k neočekávané chybě při odeslání.)

Error - 22.11.2012 11:19:25 | Computer Name = Admin | Source = MCUpdate | ID = 0
Description = 16:19:25 - Načtení položky MCEClientUX se nezdařilo. (Chyba: Nadřízené
připojení bylo uzavřeno: Došlo k neočekávané chybě při odeslání.)

Error - 22.11.2012 11:19:31 | Computer Name = Admin | Source = MCUpdate | ID = 0
Description = 16:19:25 - Načtení položky Broadband se nezdařilo. (Chyba: Nadřízené
připojení bylo uzavřeno: Došlo k neočekávané chybě při odeslání.)

[ OSession Events ]
Error - 14.11.2012 9:27:57 | Computer Name = Admin | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 192
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13.2.2013 5:38:39 | Computer Name = Admin | Source = Service Control Manager | ID = 7000
Description = Služba SQL Server Browser neuspěla při spuštění v důsledku následující
chyby: %%5

Error - 13.2.2013 5:38:57 | Computer Name = Admin | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: StarOpen

Error - 13.2.2013 20:00:58 | Computer Name = Admin | Source = DCOM | ID = 10010
Description =

Error - 14.2.2013 7:50:33 | Computer Name = Admin | Source = Application Popup | ID = 1060
Description = Načtení \SystemRoot\SysWow64\Drivers\StarOpen.SYS bylo zablokováno
kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru o kompatibilní
verzi ovladače.

Error - 14.2.2013 7:51:26 | Computer Name = Admin | Source = Application Popup | ID = 1060
Description = Načtení \SystemRoot\SysWow64\Drivers\StarOpen.SYS bylo zablokováno
kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru o kompatibilní
verzi ovladače.

Error - 14.2.2013 7:52:27 | Computer Name = Admin | Source = Service Control Manager | ID = 7000
Description = Služba SQL Server Browser neuspěla při spuštění v důsledku následující
chyby: %%5

Error - 14.2.2013 7:52:34 | Computer Name = Admin | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: StarOpen

Error - 14.2.2013 13:29:43 | Computer Name = Admin | Source = Application Popup | ID = 1060
Description = Načtení \SystemRoot\SysWow64\Drivers\StarOpen.SYS bylo zablokováno
kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru o kompatibilní
verzi ovladače.

Error - 14.2.2013 13:30:36 | Computer Name = Admin | Source = Service Control Manager | ID = 7000
Description = Služba SQL Server Browser neuspěla při spuštění v důsledku následující
chyby: %%5

Error - 14.2.2013 13:31:10 | Computer Name = Admin | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: StarOpen

< End of report >

Příspěvekod **jaro3** » 14 úno 2013 23:30

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
SRV - [2012.11.09 11:36:40 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[2013.02.08 08:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uzivatel\AppData\Roaming\Mozilla\Extensions
[2013.02.04 06:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.02.04 06:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
CHR - homepage: http://searchfunmoods.com/?f=1&a=kno&ir ... 1190233474
CHR - default_search_provider: search_url = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=kno&ir=kno&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0D0A0ByE0DtA0A0B0D0AtN0D0Tzu0CtAzytBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1190233474
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://searchfunmoods.com/?f=1&a=kno&ir ... 1190233474
CHR - Extension: Funmoods = C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
O4 - Startup: C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_18684519.lnk = File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
MsConfig:64bit - StartUpFolder: C:^Users^Uzivatel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Svátky a narozeniny.lnk - - File not found
MsConfig:64bit - StartUpReg: KiesAirMessage - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
Drivers32:64bit: VIDC.ACDV - File not found

:Files
C:\WINDOWS\System32\*.tmp 
C:\WINDOWS\*.tmp 
C:\WINDOWS\system32\*.tmp.dll 
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Users\Uzivatel\AppData\Local\{701CF02C-6FA8-46A0-989B-AB26275825AD}
C:\Users\Uzivatel\AppData\Local\{1429D17A-A41D-4130-B8B0-3AB4DEB8A5BD}
C:\ProgramData\Kaspersky Lab
C:\Users\Uzivatel\Desktop\setup_11.0.0.1245.x01_2013_02_06_17_06.exe
C:\ProgramData\P1210OS.HTM
C:\ProgramData\P1210SIG.GIF
C:\Windows\StwGLX.INI

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
""=""%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"funmoods" =-

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Opakované chyby:

Error - 14.2.2013 7:56:59 | Computer Name = Admin | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První
hodnota DWORD v datové oblasti obsahuje kód chyby Win32.
Error - 29.9.2012 13:03:45 | Computer Name = Admin | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Není znám žádný takový hostitel -> Exception message: Není
znám žádný takový hostitel
Error - 27.9.2012 16:58:32 | Computer Name = Admin | Source = MCUpdate | ID = 0
Description = 22:58:32 - Chyba při připojování k Internetu 22:58:32 - Nelze kontaktovat
server..
Error - 14.2.2013 7:50:33 | Computer Name = Admin | Source = Application Popup | ID = 1060
Description = Načtení \SystemRoot\SysWow64\Drivers\StarOpen.SYS bylo zablokováno
kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru o kompatibilní
verzi ovladače.

Symantec\VIP Access Client---sis instalovala sama?
Možná konflikt s MSE..

Trojan:JS/FrameRef Vyřešeno

Re: Trojan:JS/FrameRef

Re: Trojan:JS/FrameRef

Re: Trojan:JS/FrameRef

Re: Trojan:JS/FrameRef

Re: Trojan:JS/FrameRef

Re: Trojan:JS/FrameRef

Re: Trojan:JS/FrameRef

Re: Trojan:JS/FrameRef

Re: Trojan:JS/FrameRef

Re: Trojan:JS/FrameRef

Re: Trojan:JS/FrameRef

Re: Trojan:JS/FrameRef

Kdo je online