Spomalený startup a shutdown, prosím o kontrolu

[Márty84]

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\SysWOW64\Drivers\X6va012
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191468200-1237345355-2885247254-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191468200-1237345355-2885247254-1000UA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-
"AdobeCS4ServiceManager"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-

Regnull::
[HKEY_USERS\S-1-5-21-2191468200-1237345355-2885247254-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
SkypeUpdate
X6va012
WinRing0_1_2_0

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[diamondCloud]

Po přetažení mi to zas vyhodilo tu tabulku s textem "vyhledavam nakažené soubory..." A dokončuje fáze.
Každopádně textový soubor z plochy následně zmizel, tak jen doufám, že vše jde správně
Za chvíli sem dam ten log

EDIT zde je ten log:

ComboFix 13-10-01.03 - x 02.10.2013 20:43:11.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.5606.4154 [GMT 2:00]
Spuštěný z: c:\users\x\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\x\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWOW64\Drivers\X6va012"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191468200-1237345355-2885247254-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191468200-1237345355-2885247254-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191468200-1237345355-2885247254-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191468200-1237345355-2885247254-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINRING0_1_2_0
-------\Legacy_X6VA012
-------\Service_SkypeUpdate
-------\Service_WinRing0_1_2_0
-------\Service_X6va012
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-02 do 2013-10-02 )))))))))))))))))))))))))))))))
.
.
2013-10-02 18:50 . 2013-10-02 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-02 18:23 . 2013-10-02 18:23 -------- d-----w- c:\users\x\AppData\Local\Diagnostics
2013-09-30 09:29 . 2013-09-30 09:29 -------- d-----w- c:\users\x\AppData\Roaming\Malwarebytes
2013-09-30 09:29 . 2013-09-30 09:29 -------- d-----w- c:\programdata\Malwarebytes
2013-09-30 09:11 . 2013-09-30 09:15 -------- d-----w- C:\AdwCleaner
2013-09-30 09:06 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-30 09:06 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-30 09:06 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-30 09:06 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-30 09:06 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-30 09:06 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-30 09:06 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-30 09:06 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-30 09:06 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-30 09:06 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-30 09:04 . 2013-09-30 09:05 -------- d-----w- c:\programdata\AVAST Software
2013-09-30 08:05 . 2013-09-30 08:05 -------- d-----w- C:\rsit
2013-09-30 08:05 . 2013-09-30 08:05 -------- d-----w- c:\program files\trend micro
2013-09-19 10:22 . 2013-09-19 10:22 -------- d-----w- c:\program files\iPod
2013-09-19 10:21 . 2013-09-19 10:22 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 10:21 . 2013-09-19 10:22 -------- d-----w- c:\program files\iTunes
2013-09-14 08:32 . 2013-09-14 08:32 -------- d-sh--w- c:\programdata\SecuROM
2013-09-14 08:32 . 2013-09-14 08:32 -------- d-----w- c:\users\x\AppData\Local\Rockstar Games
2013-09-14 08:27 . 2013-09-14 08:27 -------- d--h--r- c:\users\x\AppData\Roaming\SecuROM
2013-09-14 08:21 . 2013-09-14 08:21 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-09-14 08:19 . 2013-09-14 08:19 -------- d-----w- c:\windows\SysWow64\xlive
2013-09-14 08:19 . 2013-09-14 08:19 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-09-14 01:35 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F69D5289-9E78-4E25-8F69-8ABE14898E87}\mpengine.dll
2013-09-09 15:54 . 2013-09-09 15:54 -------- d-----w- c:\programdata\RELOADED
2013-09-09 12:41 . 2013-09-09 12:41 -------- d-----w- c:\users\x\AppData\Local\Activision
2013-09-09 12:01 . 2013-09-09 12:01 -------- d-sh--w- c:\windows\ftpcache
2013-09-04 13:42 . 2013-09-04 13:42 -------- d-----w- c:\users\x\AppData\Local\EMU
2013-09-04 13:42 . 2013-09-04 13:42 -------- d-----w- c:\users\x\AppData\Local\PAYDAY 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 09:20 . 2012-04-04 20:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 09:20 . 2012-04-04 20:57 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-24 15:28 . 2013-08-24 15:29 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-24 15:28 . 2012-08-29 19:23 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-08-24 15:28 . 2012-04-24 12:08 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-04-05 1081424]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\programy\iTunes\iTunesHelper.exe" [2013-09-17 152392]
"avast"="c:\programy\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys;c:\windows\SYSNATIVE\DRIVERS\adusbser.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Wireless modem support.;Wireless modem support.;c:\program files\Vodafone pripojeni\CMSrv.exe;c:\program files\Vodafone pripojeni\CMSrv.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\programy\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 1796200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-05 11788392]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-04-05 2207848]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\programy\ICQ7.7\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 193.165.254.9 193.165.192.9 8.8.8.8 8.8.4.4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\programy\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2013-10-02 20:58:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-02 18:58
ComboFix2.txt 2013-10-02 11:13
.
Před spuštěním: Volných bajtů: 52 446 310 400
Po spuštění: Volných bajtů: 52 134 952 960
.
- - End Of File - - 856EF914DEBC6EFABB5B0ED47BC9B255
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Dejte novy log z RSIT

[diamondCloud]

Logfile of random's system information tool 1.09 (written by random/random)
Run by x at 2013-10-03 21:27:42
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 50 GB (16%) free of 305 GB
Total RAM: 5606 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:28:01, on 3.10.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Programy\iTunes\iTunesHelper.exe
C:\Programy\AVAST Software\Avast\AvastUI.exe
C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\x.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programy\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programy\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programy\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Programy\AVAST Software\Avast\avastUI.exe" /nogui
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programy\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programy\ICQ7.7\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programy\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wireless modem support. - Unknown owner - C:\Program Files\Vodafone pripojeni\CMSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9232 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Programy\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 27062736
\??\C:\Windows\system32\conhost.exe "101661742492997798-239285205-203435559-6291300068497957381780692746586005638
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Vodafone pripojeni\CMSrv.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Dolby PCEE4\pcee4.exe" -autostart
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Programy\iTunes\iTunesHelper.exe"
"C:\Programy\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3660.0.82350704\1850522380" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,19 --disable-image-transport-surface --reduce-gpu-sandbox --gpu-vendor-id=0x1002 --gpu-device-id=0x9647 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.901.3.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3660.3.381879413\643106587" /prefetch:673131151
"C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3660.4.1955721642\508220521" /prefetch:673131151
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3660.8.891289293\4661721" --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/OutdatedInstallCheck/12WeeksOutdatedInstall/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3660.23.1575528502\2002186144" /prefetch:673131151
taskeng.exe {BF8537F7-FBD5-4765-B2DF-0FFF53E85A1A}
C:\Users\x\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
taskeng.exe {525EF8A6-C1E6-46CF-9B79-7EBD17FA3A75}
"C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/OutdatedInstallCheck/12WeeksOutdatedInstall/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="3660.29.1092633679\1570894314" /prefetch:673131151
"C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/ManualResetProfile/Enable/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/OutdatedInstallCheck/12WeeksOutdatedInstall/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3660.31.893372001\488538325" /prefetch:673131151
"C:\Users\x\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Programy\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30 245592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-24 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Programy\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-24 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Programy\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30 245592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Programy\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-02-22 1796200]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-04-05 11788392]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2012-04-05 2207848]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-04-06 2478888]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2011-04-05 2589992]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2012-04-05 1081424]
"Dolby Advanced Audio v2"=C:\Dolby PCEE4\pcee4.exe [2011-02-03 506712]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-12 343168]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
""= []
"iTunesHelper"=C:\Programy\iTunes\iTunesHelper.exe [2013-09-17 152392]
"avast"=C:\Programy\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-10-02 20:58:18 ----A---- C:\ComboFix.txt
2013-10-02 20:52:54 ----D---- C:\$RECYCLE.BIN
2013-10-02 12:56:11 ----A---- C:\Windows\zip.exe
2013-10-02 12:56:11 ----A---- C:\Windows\SWSC.exe
2013-10-02 12:56:11 ----A---- C:\Windows\SWREG.exe
2013-10-02 12:56:11 ----A---- C:\Windows\sed.exe
2013-10-02 12:56:11 ----A---- C:\Windows\PEV.exe
2013-10-02 12:56:11 ----A---- C:\Windows\NIRCMD.exe
2013-10-02 12:56:11 ----A---- C:\Windows\MBR.exe
2013-10-02 12:56:11 ----A---- C:\Windows\grep.exe
2013-10-02 12:56:02 ----D---- C:\Qoobox
2013-10-02 12:55:49 ----D---- C:\Windows\erdnt
2013-09-30 23:04:49 ----N---- C:\bootsqm.dat
2013-09-30 11:29:28 ----D---- C:\Users\x\AppData\Roaming\Malwarebytes
2013-09-30 11:29:14 ----D---- C:\ProgramData\Malwarebytes
2013-09-30 11:11:04 ----D---- C:\AdwCleaner
2013-09-30 11:06:46 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-09-30 11:06:46 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-09-30 11:06:46 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-09-30 11:06:44 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-09-30 11:06:44 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-09-30 11:06:44 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-09-30 11:06:40 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-09-30 11:06:36 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-09-30 11:06:36 ----A---- C:\Windows\system32\aswBoot.exe
2013-09-30 11:06:08 ----A---- C:\Windows\avastSS.scr
2013-09-30 11:04:28 ----D---- C:\ProgramData\AVAST Software
2013-09-30 10:05:23 ----D---- C:\rsit
2013-09-30 10:05:23 ----D---- C:\Program Files\trend micro
2013-09-19 12:22:00 ----D---- C:\Program Files\iPod
2013-09-19 12:21:59 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 12:21:59 ----D---- C:\Program Files\iTunes
2013-09-14 10:32:51 ----SHD---- C:\ProgramData\SecuROM
2013-09-14 10:27:31 ----RHD---- C:\Users\x\AppData\Roaming\SecuROM
2013-09-14 10:21:04 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2013-09-14 10:19:56 ----D---- C:\Windows\SYSWOW64\xlive
2013-09-14 10:19:55 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-09-09 17:54:50 ----D---- C:\ProgramData\RELOADED
2013-09-09 14:01:08 ----SHD---- C:\Windows\ftpcache

======List of files/folders modified in the last 1 month======

2013-10-03 21:27:58 ----D---- C:\Windows\Temp
2013-10-02 20:58:21 ----D---- C:\Windows\system32\drivers
2013-10-02 20:52:56 ----D---- C:\Windows
2013-10-02 20:52:56 ----A---- C:\Windows\system.ini
2013-10-02 20:52:51 ----D---- C:\Windows\system32\drivers\etc
2013-10-02 20:51:07 ----D---- C:\Windows\system32\config
2013-10-02 20:50:15 ----D---- C:\Windows\Tasks
2013-10-02 20:47:44 ----D---- C:\Windows\SYSWOW64\drivers
2013-10-02 20:47:44 ----D---- C:\Windows\SysWOW64
2013-10-02 20:47:44 ----D---- C:\Windows\AppPatch
2013-10-02 20:47:42 ----D---- C:\Program Files (x86)\Common Files
2013-10-02 20:23:18 ----D---- C:\Windows\Prefetch
2013-10-02 12:56:39 ----SHD---- C:\System Volume Information
2013-10-02 12:17:29 ----D---- C:\Windows\system32\Tasks
2013-10-01 22:30:31 ----D---- C:\Programy
2013-10-01 16:11:41 ----D---- C:\Windows\System32
2013-10-01 16:11:41 ----D---- C:\Windows\inf
2013-10-01 16:11:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-01 12:17:15 ----D---- C:\Hry
2013-09-30 11:29:14 ----D---- C:\ProgramData
2013-09-30 11:15:04 ----RD---- C:\Program Files (x86)
2013-09-30 11:06:33 ----SHD---- C:\Windows\Installer
2013-09-30 11:02:21 ----D---- C:\Users\x\AppData\Roaming\uTorrent
2013-09-30 10:05:23 ----RD---- C:\Program Files
2013-09-29 21:38:47 ----D---- C:\Windows\Microsoft.NET
2013-09-29 15:00:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-09-29 14:56:10 ----RSD---- C:\Windows\assembly
2013-09-29 14:53:42 ----D---- C:\Windows\SYSWOW64\en-US
2013-09-29 14:53:42 ----D---- C:\Windows\system32\en-US
2013-09-29 14:50:38 ----D---- C:\ProgramData\Razer
2013-09-22 20:10:34 ----D---- C:\Users\x\AppData\Roaming\Skype
2013-09-20 11:20:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-09-19 16:48:22 ----D---- C:\Windows\system32\catroot
2013-09-19 14:19:58 ----D---- C:\Windows\SYSWOW64\directx
2013-09-19 12:19:32 ----D---- C:\Windows\system32\DriverStore
2013-09-19 12:19:32 ----D---- C:\Windows\system32\catroot2
2013-09-14 17:41:55 ----D---- C:\ProgramData\PMB Files
2013-09-14 10:27:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-09-14 10:25:41 ----SD---- C:\ProgramData\Microsoft
2013-09-14 10:20:49 ----D---- C:\Windows\winsxs
2013-09-13 01:27:25 ----D---- C:\ProgramData\Orbit
2013-09-13 00:25:29 ----HD---- C:\Windows\msdownld.tmp
2013-09-13 00:25:23 ----D---- C:\Windows\Logs
2013-09-09 14:00:37 ----D---- C:\Users\x\AppData\Roaming\DAEMON Tools Lite
2013-09-07 15:42:59 ----D---- C:\Windows\Panther
2013-09-07 15:42:59 ----D---- C:\Windows\debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2012-04-06 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2012-04-06 40064]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-08-30 65336]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-08-30 204880]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-08-30 72016]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-08-30 1030952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-08-30 378944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-08-30 64288]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-08-30 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-08-30 80816]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 10207232]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 317952]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-04-06 114704]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service; C:\Windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv; C:\Windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-03-01 4720704]
R3 bScsiMSa;bScsiMSa; C:\Windows\system32\DRIVERS\bScsiMSa.sys [2012-04-05 51240]
R3 bScsiSDa;bScsiSDa; C:\Windows\system32\DRIVERS\bScsiSDa.sys [2011-01-13 85544]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-15 283200]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-04-05 2833256]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2012-04-05 412712]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2012-04-06 53376]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys [2009-11-06 154112]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-12-13 2797056]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-04-06 1401392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-04-06 204288]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 avast! Antivirus;avast! Antivirus; C:\Programy\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-04-05 352336]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-22 873064]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-05-15 75136]
R2 Wireless modem support.;Wireless modem support.; C:\Program Files\Vodafone pripojeni\CMSrv.exe [2010-06-24 100864]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-09-17 641352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-14 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-04-14 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-09-06 565672]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-04 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

[Márty84]

Jeste jeden sken a budem mazat


Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[diamondCloud]

Scanují počítač s OTL, po chvilce scanu na mě vyskočilo toto:

[diamondCloud]

Scan se zasekl na tomto bodě už zhruba půl hodiny, bohužel musím PC vypnout, takže to provedu znovu večcer, ale jen pro přehled

[diamondCloud]

Tak se ta samá chybová hláška ukázala podruhé a samozřejmě se to tam opět zaseklo.

[Márty84]

Obcas se to stane, ze OTL tuhle chybku vyhodi

Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

[diamondCloud]

OTL.Txt
OTL logfile created on: 4.10.2013 19:30:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\x\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

5,47 Gb Total Physical Memory | 3,20 Gb Available Physical Memory | 58,47% Memory free
10,95 Gb Paging File | 8,42 Gb Available in Paging File | 76,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 46,82 Gb Free Space | 15,71% Space Free | Partition Type: NTFS

Computer Name: FILIP-NTB | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.10.04 18:16:30 | 004,089,696 | ---- | M] () -- C:\Hry\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.188\deploy\LoLLauncher.exe
PRC - [2013.10.04 12:04:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe
PRC - [2013.08.30 09:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programy\AVAST Software\Avast\AvastUI.exe
PRC - [2013.08.30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programy\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.07.22 23:34:41 | 000,074,752 | ---- | M] () -- C:\Hry\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.1.51\deploy\LolClient.exe
PRC - [2013.05.15 15:05:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.12 13:13:20 | 001,294,336 | ---- | M] () -- C:\Hry\Riot Games\League of Legends\rads\system\rads_user_kernel.exe
PRC - [2012.04.05 23:11:30 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012.04.05 23:11:30 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012.04.05 23:11:28 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012.04.05 23:11:28 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.06.24 12:20:16 | 000,100,864 | ---- | M] () -- C:\Program Files\Vodafone pripojeni\CMSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013.10.04 18:16:33 | 000,124,928 | ---- | M] () -- C:\Hry\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.188\deploy\RiotLauncher.dll
MOD - [2013.10.04 18:16:30 | 004,089,696 | ---- | M] () -- C:\Hry\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.188\deploy\LoLLauncher.exe
MOD - [2013.09.26 21:08:05 | 000,415,184 | ---- | M] () -- C:\Users\x\AppData\Local\Google\Chrome\Application\30.0.1599.66\ppGoogleNaClPluginChrome.dll
MOD - [2013.09.26 21:08:04 | 013,611,984 | ---- | M] () -- C:\Users\x\AppData\Local\Google\Chrome\Application\30.0.1599.66\PepperFlash\pepflashplayer.dll
MOD - [2013.09.26 21:08:03 | 004,055,504 | ---- | M] () -- C:\Users\x\AppData\Local\Google\Chrome\Application\30.0.1599.66\pdf.dll
MOD - [2013.09.26 21:07:11 | 000,698,832 | ---- | M] () -- C:\Users\x\AppData\Local\Google\Chrome\Application\30.0.1599.66\libglesv2.dll
MOD - [2013.09.26 21:07:10 | 000,099,792 | ---- | M] () -- C:\Users\x\AppData\Local\Google\Chrome\Application\30.0.1599.66\libegl.dll
MOD - [2013.09.26 21:07:08 | 001,604,560 | ---- | M] () -- C:\Users\x\AppData\Local\Google\Chrome\Application\30.0.1599.66\ffmpegsumo.dll
MOD - [2013.07.22 23:34:41 | 000,074,752 | ---- | M] () -- C:\Hry\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.1.51\deploy\LolClient.exe
MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.05.12 13:13:20 | 001,294,336 | ---- | M] () -- C:\Hry\Riot Games\League of Legends\rads\system\rads_user_kernel.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012.04.14 16:57:57 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012.04.06 00:36:51 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.02.22 21:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010.06.24 12:20:16 | 000,100,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Vodafone pripojeni\CMSrv.exe -- (Wireless modem support.)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.09.20 11:20:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.09.06 22:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.08.30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programy\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.05.15 15:05:13 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.04.14 16:57:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.04.05 23:11:28 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.08.30 09:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.08.30 09:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.08.30 09:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.08.30 09:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.08.30 09:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.08.30 09:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.08.30 09:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.08.30 09:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.15 14:12:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.04.06 00:37:31 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.06 00:37:27 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.04.06 00:37:19 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012.04.06 00:37:18 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012.04.06 00:36:52 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 00:36:52 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.06 00:30:05 | 001,401,392 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.04.05 23:11:35 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012.04.05 23:08:56 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2012.03.26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.13 04:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.04.05 19:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.01 22:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.01.20 18:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011.01.20 18:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011.01.13 18:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.12.15 14:05:42 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.15 14:05:42 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.12.15 14:05:42 | 000,029,696 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewdcsc.sys -- (Huawei)
DRV:64bit: - [2009.11.06 04:22:02 | 000,154,112 | ---- | M] (AnyDATA.NET INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adusbser.sys -- (adusbser)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.12.26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://yandex.ru/yandsearch?clid=48578& ... earchTerms}
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\SearchScopes\{B87289C8-B8D5-414F-9ED2-6C8751717FE2}: "URL" = http://websearch.ask.com/redirect?clien ... 5CA2814762
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/persons/?clid=48578&c ... ubmitted=1
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\SearchScopes\Yandex: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programy\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\x\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\x\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\x\AppData\Local\Google\Chrome\Application\30.0.1599.66\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\x\AppData\Local\Google\Chrome\Application\30.0.1599.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\x\AppData\Local\Google\Chrome\Application\30.0.1599.66\pdf.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: BetterTTV = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\6.5_0\
CHR - Extension: ProxMate - Proxy on steroids! = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\3.0.8_0\
CHR - Extension: Simple Adblock = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo\1.0.9_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Battlefield Play4Free = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\

O1 HOSTS File: ([2013.10.02 20:52:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programy\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programy\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programy\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programy\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Programy\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programy\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programy\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{191D5DD0-31F1-4B96-A618-6AA42E5563CB}: DhcpNameServer = 193.165.254.9 193.165.192.9 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9772A8B3-C07E-46C3-BD6D-45AB141933DE}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A38FF30B-8B11-4F7B-82BC-32DC56F5A171}: DhcpNameServer = 160.218.167.5 160.218.161.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E479EFF3-7F85-45E5-96BE-7AF70340E5D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2013.10.04 12:04:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe
[2013.10.02 20:52:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.10.02 20:23:18 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\Diagnostics
[2013.10.02 12:56:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.10.02 12:56:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.10.02 12:56:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.10.02 12:56:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.10.02 12:55:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.10.02 12:54:00 | 005,132,885 | R--- | C] (Swearware) -- C:\Users\x\Desktop\ComboFix.exe
[2013.10.01 22:34:06 | 000,000,000 | ---D | C] -- C:\Users\x\Desktop\RK_Quarantine
[2013.10.01 22:32:57 | 000,000,000 | ---D | C] -- C:\Users\x\Desktop\asd
[2013.09.30 11:29:28 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\Malwarebytes
[2013.09.30 11:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.09.30 11:11:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.09.30 11:06:46 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.09.30 11:06:46 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.09.30 11:06:46 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.09.30 11:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.09.30 11:06:44 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.09.30 11:06:44 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.09.30 11:06:36 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.09.30 11:06:36 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.09.30 11:06:08 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.09.30 11:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.09.30 10:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.09.30 10:05:23 | 000,000,000 | ---D | C] -- C:\rsit
[2013.09.19 14:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA Episodes from Liberty City
[2013.09.19 12:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.09.19 12:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.09.19 12:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.09.19 12:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.09.14 10:34:29 | 000,000,000 | ---D | C] -- C:\Users\x\Documents\Rockstar Games
[2013.09.14 10:32:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013.09.14 10:32:51 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\Rockstar Games
[2013.09.14 10:27:31 | 000,000,000 | RH-D | C] -- C:\Users\x\AppData\Roaming\SecuROM
[2013.09.14 10:21:04 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.09.14 10:19:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.09.14 10:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.09.13 01:27:36 | 000,000,000 | ---D | C] -- C:\Users\x\Documents\Ubisoft
[2013.09.09 17:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2013.09.09 14:41:31 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\Activision
[2013.09.09 14:01:08 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.10.04 19:33:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.10.04 19:25:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.04 17:29:44 | 000,022,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.04 17:29:44 | 000,022,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.04 17:22:05 | 113,856,511 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.04 13:31:23 | 000,010,957 | ---- | M] () -- C:\Users\x\Desktop\dsdsdsdsd2.jpg
[2013.10.04 12:46:33 | 000,019,123 | ---- | M] () -- C:\Users\x\Desktop\sdasdasd.jpg
[2013.10.04 12:04:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe
[2013.10.02 20:52:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.10.02 20:19:34 | 002,336,005 | ---- | M] () -- C:\Users\x\Desktop\Igor - Kentaur 2 feat. Marat (produced by Gruzo) (1).mp3
[2013.10.02 12:54:35 | 005,132,885 | R--- | M] (Swearware) -- C:\Users\x\Desktop\ComboFix.exe
[2013.10.01 22:32:36 | 000,948,736 | ---- | M] () -- C:\Users\x\Desktop\RogueKiller.exe
[2013.10.01 22:26:13 | 000,000,508 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.10.01 16:30:28 | 004,924,709 | ---- | M] () -- C:\Users\x\Desktop\H16 - Celu- noc REMIX feat. Orion, Ben Cristovao, Supa, Ektor -prod.Grimaso.mp3
[2013.10.01 16:11:41 | 001,589,738 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.10.01 16:11:41 | 000,671,194 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.10.01 16:11:41 | 000,656,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.10.01 16:11:41 | 000,142,276 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.10.01 16:11:41 | 000,122,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.09.30 23:04:49 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2013.09.30 23:04:26 | 002,494,368 | ---- | M] () -- C:\Users\x\Desktop\IMG_0282.JPG
[2013.09.30 11:07:10 | 001,042,066 | ---- | M] () -- C:\Users\x\Desktop\adwcleaner.exe
[2013.09.30 11:06:46 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.09.30 11:06:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.09.29 17:01:09 | 001,514,516 | ---- | M] () -- C:\Users\x\Desktop\fdfdfdfdfdfdf.jpg
[2013.09.29 16:42:18 | 000,557,608 | ---- | M] () -- C:\Users\x\Desktop\IMG_0274.JPG
[2013.09.29 15:00:03 | 001,565,388 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.09.20 11:20:25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.09.20 11:20:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.09.19 14:19:55 | 000,001,914 | ---- | M] () -- C:\Users\Public\Desktop\GTA Episodes from Liberty City.lnk
[2013.09.19 12:22:41 | 000,001,607 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.09.14 10:21:04 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.10.04 13:31:23 | 000,010,957 | ---- | C] () -- C:\Users\x\Desktop\dsdsdsdsd2.jpg
[2013.10.04 12:46:33 | 000,019,123 | ---- | C] () -- C:\Users\x\Desktop\sdasdasd.jpg
[2013.10.04 12:08:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.10.02 20:18:44 | 002,336,005 | ---- | C] () -- C:\Users\x\Desktop\Igor - Kentaur 2 feat. Marat (produced by Gruzo) (1).mp3
[2013.10.02 12:56:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.10.02 12:56:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.10.02 12:56:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.10.02 12:56:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.10.02 12:56:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.10.01 22:31:29 | 000,948,736 | ---- | C] () -- C:\Users\x\Desktop\RogueKiller.exe
[2013.10.01 16:29:49 | 004,924,709 | ---- | C] () -- C:\Users\x\Desktop\H16 - Celu- noc REMIX feat. Orion, Ben Cristovao, Supa, Ektor -prod.Grimaso.mp3
[2013.10.01 12:34:20 | 002,494,368 | ---- | C] () -- C:\Users\x\Desktop\IMG_0282.JPG
[2013.09.30 23:04:49 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2013.09.30 11:06:46 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.09.30 11:06:44 | 000,204,880 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.09.30 11:06:43 | 001,042,066 | ---- | C] () -- C:\Users\x\Desktop\adwcleaner.exe
[2013.09.30 11:06:40 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.09.30 11:06:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.09.29 16:51:52 | 001,514,516 | ---- | C] () -- C:\Users\x\Desktop\fdfdfdfdfdfdf.jpg
[2013.09.29 16:46:45 | 000,557,608 | ---- | C] () -- C:\Users\x\Desktop\IMG_0274.JPG
[2013.09.19 14:19:55 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\GTA Episodes from Liberty City.lnk
[2013.09.19 12:22:41 | 000,001,607 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.09.09 20:45:43 | 773,012,548 | ---- | C] () -- C:\Users\x\Desktop\Louis.C.K.Oh.My.God.720p.HDTV.x264-EVOLVE.mkv
[2013.09.09 20:45:43 | 000,074,376 | ---- | C] () -- C:\Users\x\Desktop\Louis.CK.Live.at.the.Beacon.Theater.2011.WEBRip.x264.AAC-Seedpeer.me.srt
[2013.09.09 20:44:46 | 631,376,246 | R--- | C] () -- C:\Users\x\Desktop\Louis.CK.Live.at.the.Beacon.Theater.2011.WEBRip.x264.AAC-Seedpeer.me.mp4
[2013.09.09 20:44:46 | 000,074,285 | ---- | C] () -- C:\Users\x\Desktop\Louis.C.K.Oh.My.God.720p.HDTV.x264-EVOLVE.srt
[2013.07.30 13:01:18 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2013.05.15 15:05:22 | 000,280,976 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.15 15:05:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.12 16:22:15 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe
[2013.05.12 16:22:15 | 000,048,013 | ---- | C] () -- C:\Windows\unins000.dat
[2013.03.12 16:51:12 | 001,565,388 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.19 09:33:32 | 000,065,656 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2012.11.19 09:33:30 | 000,022,640 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2012.09.13 16:02:09 | 000,145,576 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.10 22:17:32 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\MafiaSetup.exe
[2012.04.06 01:09:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.12 12:36:46 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[diamondCloud]

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.05.12 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Audacity
[2013.05.12 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Avnex
[2013.07.31 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Awesomium
[2013.01.07 13:15:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\BANDISOFT
[2013.09.09 14:00:37 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DAEMON Tools Lite
[2013.04.22 22:17:24 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Fallout 3 - NMC's Texture Pack
[2013.04.22 18:42:53 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Fallout 3 - Wasteland Edition
[2013.02.16 18:43:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\GHISLER
[2012.07.09 14:31:48 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ICQ
[2012.05.12 13:45:53 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\LolClient
[2012.05.25 16:56:58 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\LolClient2
[2012.04.13 10:47:39 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Opera
[2012.12.07 22:18:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Publish Providers
[2012.04.21 10:58:49 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\PunkBuster
[2012.09.07 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\runic games
[2013.01.06 15:48:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Sony
[2012.04.07 11:04:37 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Synaptics
[2013.04.15 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TeamViewer
[2012.09.19 22:02:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Telefónica Móviles
[2013.08.22 01:57:54 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TS3Client
[2012.12.15 21:56:15 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TuneUp Software
[2013.05.15 15:05:10 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Ubisoft
[2013.09.30 11:02:21 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\uTorrent
[2012.04.13 10:56:22 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Yandex

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,528 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011.09.29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010.11.21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012.08.22 20:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\erdnt\cache64\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2012.08.22 20:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[18 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.02.26 00:38:04 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Adobe
[2012.09.13 21:21:43 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Apple Computer
[2013.05.12 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Audacity
[2013.05.12 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Avnex
[2013.07.31 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Awesomium
[2013.01.07 13:15:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\BANDISOFT
[2013.09.09 14:00:37 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DAEMON Tools Lite
[2013.04.22 22:17:24 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Fallout 3 - NMC's Texture Pack
[2013.04.22 18:42:53 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Fallout 3 - Wasteland Edition
[2013.02.16 18:43:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\GHISLER
[2012.07.09 14:31:48 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ICQ
[2012.04.04 22:47:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Identities
[2012.05.12 13:45:53 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\LolClient
[2012.05.25 16:56:58 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\LolClient2
[2012.04.04 22:57:52 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Macromedia
[2013.09.30 11:29:28 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Malwarebytes
[2011.04.12 10:45:35 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Media Center Programs
[2013.06.05 14:05:21 | 000,000,000 | --SD | M] -- C:\Users\x\AppData\Roaming\Microsoft
[2012.04.13 10:47:39 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Opera
[2012.12.07 22:18:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Publish Providers
[2012.04.21 10:58:49 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\PunkBuster
[2012.09.07 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\runic games
[2013.09.14 10:27:31 | 000,000,000 | RH-D | M] -- C:\Users\x\AppData\Roaming\SecuROM
[2013.09.22 20:10:34 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Skype
[2013.01.06 15:48:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Sony
[2012.04.07 11:04:37 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Synaptics
[2013.04.15 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TeamViewer
[2012.09.19 22:02:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Telefónica Móviles
[2013.08.22 01:57:54 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TS3Client
[2012.12.15 21:56:15 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TuneUp Software
[2013.05.15 15:05:10 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Ubisoft
[2013.09.30 11:02:21 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\uTorrent
[2012.04.11 08:39:22 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\vlc
[2012.04.06 14:34:13 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\WinRAR
[2012.04.13 10:56:22 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Yandex

< %APPDATA%\*.exe /s >
[2013.04.22 22:08:53 | 001,222,682 | ---- | M] () -- C:\Users\x\AppData\Roaming\Fallout 3 - NMC's Texture Pack\Uninstall\unins000.exe
[2013.04.22 14:22:51 | 001,222,681 | ---- | M] () -- C:\Users\x\AppData\Roaming\Fallout 3 - Wasteland Edition\Uninstall\unins000.exe
[2012.04.06 00:42:06 | 000,010,134 | R--- | M] () -- C:\Users\x\AppData\Roaming\Microsoft\Installer\{45E3D837-4855-7F41-A22E-D1D0AEA71EF8}\ARPPRODUCTICON.exe
[2011.11.23 18:38:29 | 003,123,272 | R--- | M] () -- C:\Users\x\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< *crack* /s >
[2003.12.05 12:52:40 | 000,000,796 | ---- | M] () -- \Hry\GTA_San_Andreas\data\Decision\Craig\crack1.ped
[2013.07.30 12:59:00 | 000,011,211 | ---- | M] () -- \Hry\Steam\SteamApps\common\Spiral Knights\rsrc\ui\icon\inventory\weapon\bomb\firecracker.png
[2013.07.30 13:00:50 | 000,011,030 | ---- | M] () -- \Hry\Steam\SteamApps\common\Spiral Knights\rsrc\world\prop\castle_fire\spritewell\decal_cracks.png
[2013.07.30 13:00:51 | 000,013,768 | ---- | M] () -- \Hry\Steam\SteamApps\common\Spiral Knights\rsrc\world\prop\graveyard\gravestone01_crack.png
[2013.07.30 13:00:51 | 000,001,416 | ---- | M] () -- \Hry\Steam\SteamApps\common\Spiral Knights\rsrc\world\prop\graveyard\gravestone02_crack.png
[2013.07.30 13:00:51 | 000,002,579 | ---- | M] () -- \Hry\Steam\SteamApps\common\Spiral Knights\rsrc\world\prop\graveyard\gravestone03_crack.png
[2012.10.26 10:57:21 | 000,000,032 | ---- | M] () -- \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\SKIDROWCRACK.COM.txt
[2012.10.26 10:57:02 | 000,000,113 | ---- | M] () -- \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\SKIDROWCRACK.COM.url
[2013.09.17 17:27:07 | 000,000,625 | ---- | M] () -- \Users\x\AppData\Roaming\Microsoft\Windows\Recent\7484514AC_3_SKIDROWCRACK.lnk
[2013.09.14 10:28:38 | 000,003,575 | ---- | M] () -- \Users\x\AppData\Roaming\Microsoft\Windows\Recent\GTA-IV-v1.0.7.0-Crack.Only-CUE.lnk
[2012.12.01 02:14:57 | 000,217,513 | ---- | M] () -- \Users\x\AppData\Roaming\uTorrent\Dishonored-SKIDROWCRACK.COM.torrent
[2012.12.01 03:19:42 | 000,050,917 | ---- | M] () -- \Users\x\AppData\Roaming\uTorrent\Far.Cry.3-SKIDROWCRACK.1.torrent
[2012.12.01 23:30:43 | 000,050,917 | ---- | M] () -- \Users\x\AppData\Roaming\uTorrent\Far.Cry.3-SKIDROWCRACK.2.torrent
[2012.12.01 02:15:26 | 000,050,917 | ---- | M] () -- \Users\x\AppData\Roaming\uTorrent\Far.Cry.3-SKIDROWCRACK.torrent
[2013.09.14 10:26:08 | 000,000,394 | ---- | M] () -- \Users\x\AppData\Roaming\uTorrent\GTA-IV-v1.0.7.0-Crack.Only-CUE.torrent
[2012.12.09 01:31:24 | 000,017,866 | ---- | M] () -- \Users\x\AppData\Roaming\uTorrent\Hitman Absolution DLC PACK-CRACKED-=AviaRa=-.torrent
[2012.12.09 16:46:23 | 000,011,257 | ---- | M] () -- \Users\x\AppData\Roaming\uTorrent\Hitman.Absolution.CRACK.ONLY-SKIDROW.torrent
[2012.11.18 03:48:31 | 000,018,474 | ---- | M] () -- \Users\x\AppData\Roaming\uTorrent\Need.for.Speed.Most.Wanted.Crack.Only-SKIDROW.torrent
[2012.11.20 11:26:40 | 003,542,309 | ---- | M] () -- \Users\x\Desktop\7484514AC_3_SKIDROWCRACK.rar
[2013.01.12 18:27:42 | 000,015,732 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetailcrackndetailncrack.cfx
[2013.01.12 18:27:47 | 000,015,752 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
[2013.01.12 18:27:47 | 000,016,140 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
[2013.01.12 18:27:50 | 000,016,840 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
[2013.01.12 18:27:51 | 000,015,448 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
[2013.01.12 18:27:50 | 000,016,468 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
[2013.01.12 18:27:42 | 000,016,120 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
[2013.01.12 18:27:44 | 000,016,820 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
[2013.01.12 18:27:45 | 000,015,396 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
[2013.01.12 18:27:44 | 000,016,448 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
[2013.01.12 18:27:42 | 000,015,952 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
[2013.01.12 18:27:47 | 000,015,972 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
[2013.01.12 18:27:47 | 000,016,360 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
[2013.01.12 18:27:50 | 000,017,060 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
[2013.01.12 18:27:51 | 000,015,668 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
[2013.01.12 18:27:50 | 000,016,688 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
[2013.01.12 18:27:42 | 000,016,340 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
[2013.01.12 18:27:44 | 000,017,040 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
[2013.01.12 18:27:45 | 000,015,616 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
[2013.01.12 18:27:44 | 000,016,668 | ---- | M] () -- \Users\x\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D507-11CF-DE77-0A26BEC2C535}_243231_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
[2012.10.26 10:57:21 | 000,000,032 | ---- | M] () -- \Users\x\Documents\crack\SKIDROWCRACK.COM.txt
[2012.10.26 10:57:02 | 000,000,113 | ---- | M] () -- \Users\x\Documents\crack\SKIDROWCRACK.COM.url
[2013.05.12 16:39:04 | 023,377,903 | ---- | M] () -- \Users\x\Downloads\AV-Voice-Changer-Diamond-7.0.29-+-Crack.rar
[2012.12.29 00:10:55 | 007,009,860 | ---- | M] () -- \Users\x\Downloads\gamecam+crack_full-by_m4rs.rar
[2012.11.18 03:48:31 | 000,018,474 | ---- | M] () -- \Users\x\Downloads\[kat.ph]need.for.speed.most.wanted.crack.only.skidrow.torrent
[2012.07.12 18:31:57 | 004,723,697 | ---- | M] () -- \Users\x\Music\Deuce - Let's Get It Crackin.mp3

< *keygen* /s >
[2008.10.11 00:08:56 | 000,184,320 | ---- | M] () -- \Users\x\Documents\Blbosti\keygen.exe

< *AntiWPA* /s >

< *loader* /s >
[2010.11.02 12:36:12 | 000,000,404 | ---- | M] () -- \Hry\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.1.51\deploy\assets\storeImages\layout\small_loader.gif
[2013.07.31 13:00:48 | 000,064,280 | ---- | M] () -- \Hry\Steam\SteamApps\common\SuperMNC\Binaries\Win32\PhysXLoader.dll
[2012.10.18 11:23:46 | 000,328,784 | ---- | M] () -- \Hry\Ubisoft\Assassin's Creed III\ubiorbitapi_r2_loader.dll
[2012.10.18 11:23:54 | 000,297,552 | ---- | M] () -- \Hry\Ubisoft\Assassin's Creed III\uplay_r1_loader.dll
[2003.09.26 08:15:26 | 000,169,384 | ---- | M] () -- \Hry\Valve\cstrike\models\qloader.mdl
[2003.09.26 14:19:52 | 000,352,548 | ---- | M] () -- \Hry\Valve\valve\models\loader.mdl
[2003.09.26 14:24:16 | 000,012,764 | ---- | M] () -- \Hry\Valve\valve\sound\ambience\loader_hydra1.wav
[2003.09.26 14:24:16 | 000,012,164 | ---- | M] () -- \Hry\Valve\valve\sound\ambience\loader_step1.wav
[2011.03.23 14:04:26 | 000,124,200 | ---- | M] () -- \Program Files (x86)\Acer\Acer Crystal Eye Webcam\Koan\pyloader.dll
[2008.08.28 19:34:20 | 004,965,736 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\Photodownloader.exe
[2008.08.28 16:42:12 | 000,011,161 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\de_de\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\en_us\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\es_es\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\it_it\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\no_no\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,308 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2008.08.28 16:42:16 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2012.11.28 15:13:38 | 000,008,827 | ---- | M] () -- \Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2011.10.17 15:10:26 | 000,071,528 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2011.10.17 14:14:50 | 000,074,600 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2011.11.06 12:09:52 | 000,083,816 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2011.11.10 16:55:50 | 000,089,448 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2012.11.20 14:02:40 | 000,329,056 | ---- | M] () -- \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2_loader.dll
[2012.11.20 14:02:41 | 000,293,376 | ---- | M] () -- \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\uplay_r1_loader.dll
[2012.12.04 18:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.12.04 18:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.12.04 18:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2012.04.07 15:19:26 | 000,005,795 | ---- | M] () -- \Programy\ICQ7.7\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012.04.07 15:19:26 | 000,004,180 | ---- | M] () -- \Programy\ICQ7.7\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012.04.07 15:19:26 | 000,005,520 | ---- | M] () -- \Programy\ICQ7.7\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.04.07 15:20:58 | 000,000,402 | ---- | M] () -- \Programy\ICQ7.7\Xtraz\icq\content\profile_lightboxs\preloader.html
[2012.02.17 20:55:10 | 000,055,296 | ---- | M] () -- \Programy\WinRAR\Formats\ace32loader.exe
[2012.12.04 18:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.12.04 18:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.12.04 18:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2013.09.12 16:11:53 | 000,001,433 | ---- | M] () -- \Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\3.0.8_0\ressources\scripts\page-worker\banner-loader.js
[2012.09.15 14:13:59 | 000,057,728 | ---- | M] () -- \Users\x\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2012.09.15 14:14:00 | 000,057,728 | ---- | M] () -- \Users\x\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2012.09.15 14:14:00 | 000,057,728 | ---- | M] () -- \Users\x\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2012.09.15 14:14:00 | 000,057,728 | ---- | M] () -- \Users\x\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2012.09.15 14:14:01 | 000,057,728 | ---- | M] () -- \Users\x\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2012.09.15 14:14:01 | 000,061,770 | ---- | M] () -- \Users\x\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2012.09.15 14:14:02 | 000,061,770 | ---- | M] () -- \Users\x\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2013.09.10 00:37:02 | 000,005,708 | ---- | M] () -- \Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZLM7602\queryLoader[1].js
[2013.09.21 17:51:13 | 000,001,511 | ---- | M] () -- \Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARKWORYC\AdLoader[1].htm
[2013.09.10 00:36:55 | 000,000,374 | ---- | M] () -- \Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOX90E7M\queryLoader[1].css
[2013.09.21 17:51:13 | 000,109,505 | ---- | M] () -- \Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRE6PFJ0\AdLoader-3ce32d357de39fd9427f374be93bd0ac.min[1].js
[2012.03.15 23:18:45 | 000,132,096 | ---- | M] () -- \Users\x\Desktop\Hry\The Elder Scrolls V Skyrim\skse_loader.exe
[2012.03.15 23:18:32 | 000,093,184 | ---- | M] () -- \Users\x\Desktop\Hry\The Elder Scrolls V Skyrim\skse_steam_loader.dll
[2012.04.13 13:45:42 | 006,396,128 | ---- | M] () -- \Users\x\Desktop\Hry\US World of Warcraft\BackgroundDownloader.exe
[2012.04.03 20:47:14 | 006,399,096 | ---- | M] () -- \Users\x\Desktop\Hry\US World of Warcraft\wow-4.2.1.2730-enUS-tools-downloader.exe
[2012.04.13 13:45:31 | 006,399,096 | ---- | M] () -- \Users\x\Desktop\Hry\US World of Warcraft\wow-4.2.1.2736-enUS-tools-downloader.exe
[2012.04.13 13:45:45 | 000,006,323 | ---- | M] () -- \Users\x\Desktop\Hry\US World of Warcraft\Logs\Downloader.log
[2012.05.12 05:15:23 | 000,002,665 | ---- | M] () -- \Users\x\Documents\Tor's\TTor\Tor Browser\FirefoxPortable\App\Firefox\components\uriloader.xpt
[2012.05.12 05:15:00 | 000,002,101 | ---- | M] () -- \Users\x\Documents\Tor's\TTor\Tor Browser\FirefoxPortable\App\Firefox\chrome\browser\content\browser\safebrowsing\sb-loader.js
[2013.03.12 16:44:57 | 000,929,072 | ---- | M] () -- \Users\x\Downloads\Razer_Game_Booster_downloader.exe
[2012.12.15 21:54:03 | 001,203,096 | ---- | M] () -- \Users\x\Downloads\VDownloaderSetup.exe
[2012.04.05 17:45:52 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 20:38:32 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_68c05c919281774d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:38:48 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 20:09:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_6907efc6abd0db81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 07:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.04.12 10:34:35 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2011.04.12 10:34:35 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2011.04.12 10:34:35 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2011.04.12 10:34:35 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2011.04.12 10:34:35 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2012.04.06 00:46:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012.04.06 00:46:31 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2012.04.06 00:46:31 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2012.04.06 00:46:31 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2012.04.06 00:46:31 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2011.04.12 10:33:23 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010.11.21 05:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >
[2013.09.12 16:11:55 | 000,000,384 | ---- | M] () -- \Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\3.0.8_0\vendor\requirejs\tests\plugins\fromTextNoDefine\fromTextNoDefine-tests.js
[2013.09.12 16:11:55 | 000,000,650 | ---- | M] () -- \Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\3.0.8_0\vendor\requirejs\tests\plugins\fromTextNoDefine\fromTextNoDefine.html

< *AutoKMS* /s >

< *activator* /s >
[2008.08.14 07:56:12 | 000,003,942 | ---- | M] () -- \Program Files (x86)\Common Files\Adobe\CS4ServiceManager\plugins\com.adobe.csi.core.logging_1.0.0\com\adobe\csi\core\logging\Activator.class

< *serial* /s >
[2013.07.04 20:31:35 | 000,712,704 | ---- | M] () -- \Hry\Steam\SteamApps\common\Team Fortress 2\bin\dmserializers.dll
[2008.08.28 16:40:42 | 000,001,673 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\LMResources\BadSerialNumberAlert.exv
[2008.08.28 16:40:42 | 000,001,561 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\LMResources\CantChangeSerialNumberAlert.exv
[2008.08.28 16:40:42 | 000,001,639 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\LMResources\InValidUpGradeSerialNumberAlert.exv
[2008.08.28 16:40:42 | 000,000,849 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\LMResources\ReserializeAlert.exv
[2008.08.28 16:40:42 | 000,027,443 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS4\LMResources\SerializationWF.exv
[2008.09.19 04:10:54 | 000,001,673 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Photoshop CS4\lmresources\BadSerialNumberAlert.exv
[2008.09.19 04:10:54 | 000,001,561 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Photoshop CS4\lmresources\CantChangeSerialNumberAlert.exv
[2008.09.19 04:10:54 | 000,001,639 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Photoshop CS4\lmresources\InValidUpGradeSerialNumberAlert.exv
[2008.09.19 04:10:54 | 000,000,849 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Photoshop CS4\lmresources\ReserializeAlert.exv
[2008.09.19 04:10:54 | 000,027,443 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Photoshop CS4\lmresources\SerializationWF.exv
[2013.01.24 21:09:36 | 000,434,264 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.20125.0\System.Runtime.Serialization.dll
[2013.03.15 15:15:07 | 001,164,288 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.20125.0\System.Runtime.Serialization.ni.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011.04.12 10:34:17 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2012.04.27 16:45:40 | 000,320,856 | ---- | M] () -- \Program Files (x86)\Sony\Vegas Pro 11.0\CoreUI.XmlSerializers.dll
[2012.04.27 16:45:42 | 000,460,120 | ---- | M] () -- \Program Files (x86)\Sony\Vegas Pro 11.0\Sony.MediaSoftware.TextGen.CoreGraphics.XmlSerializers.dll
[2008.09.19 04:22:30 | 000,001,673 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\lmresources\BadSerialNumberAlert.exv
[2008.09.19 04:22:30 | 000,001,561 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\lmresources\CantChangeSerialNumberAlert.exv
[2008.09.19 04:22:30 | 000,001,639 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\lmresources\InValidUpGradeSerialNumberAlert.exv
[2008.09.19 04:22:30 | 000,000,849 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\lmresources\ReserializeAlert.exv
[2008.09.19 04:22:30 | 000,027,443 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\lmresources\SerializationWF.exv
[2013.01.24 23:32:40 | 000,434,264 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20125.0\System.Runtime.Serialization.dll
[2013.03.15 15:15:59 | 001,546,240 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20125.0\System.Runtime.Serialization.ni.dll
[2012.10.05 12:52:37 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011.04.12 10:34:17 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2013.03.15 22:46:15 | 000,016,384 | ---- | M] () -- \Users\x\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.sledujuserialy.cz_0.localstorage-journal
[2012.07.15 20:33:40 | 000,000,158 | ---- | M] () -- \Users\x\AppData\Local\Opera\Opera\icons\http%3A%2F%2F1serial.ru%2Ffavicon.png
[2013.01.05 16:16:13 | 000,000,824 | ---- | M] () -- \Users\x\AppData\Local\Opera\Opera\icons\http%3A%2F%2Feserial.cz%2Ffavicon%2Fhimym.png
[2013.09.17 17:26:26 | 000,000,247 | ---- | M] () -- \Users\x\AppData\Local\Rockstar Games\GTA IV\Settings\serial.dat
[2011.04.12 10:34:11 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.13 04:02:06 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.03.16 23:58:53 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
[2013.03.16 23:58:27 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.03.16 20:20:24 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\32072ac29ee7bc9e2ccab4fb8aa46d54\System.Runtime.Serialization.ni.dll
[2013.03.16 20:19:00 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8e03b29f6562f1b7ce14fa3337d9cee2\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.09.29 14:57:45 | 000,304,640 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\873837befa260d32cd0b3ce811b96efb\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.09.29 14:57:45 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\873837befa260d32cd0b3ce811b96efb\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2013.09.29 14:58:02 | 002,785,280 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll
[2013.09.29 14:58:02 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll.aux
[2013.09.29 21:28:37 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\15ecbb8a1ddca366bda70718005521a1\System.Xml.Serialization.ni.dll
[2013.09.29 21:28:37 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\15ecbb8a1ddca366bda70718005521a1\System.Xml.Serialization.ni.dll.aux
[2013.09.29 21:31:45 | 000,373,248 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\cab4c46773a123bd72b938cc405aed46\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.09.29 21:31:45 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\cab4c46773a123bd72b938cc405aed46\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2013.09.29 21:34:22 | 003,599,872 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\9ffb83b70cc1fa28d2fd02956cf0c831\System.Runtime.Serialization.ni.dll
[2013.09.29 21:34:22 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\9ffb83b70cc1fa28d2fd02956cf0c831\System.Runtime.Serialization.ni.dll.aux
[2013.09.29 21:38:32 | 000,028,672 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\b2db45296eabfd00db1920158f3f5eb5\System.Xml.Serialization.ni.dll
[2013.09.29 21:38:32 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\b2db45296eabfd00db1920158f3f5eb5\System.Xml.Serialization.ni.dll.aux
[2012.07.09 02:42:12 | 000,027,760 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.07.09 00:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.07.09 00:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2012.07.09 00:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2012.07.09 02:42:12 | 000,113,704 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2012.07.09 00:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2012.07.09 00:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.07.09 00:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2012.07.09 00:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.12 10:34:11 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2012.07.09 00:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2012.07.09 00:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012.07.09 00:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012.07.09 00:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012.07.09 00:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012.07.09 00:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2012.07.09 00:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2012.07.09 02:42:12 | 000,027,760 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.07.09 02:42:12 | 000,113,704 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.12 10:34:10 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2012.10.05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2012.07.09 00:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2012.07.09 00:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012.07.09 00:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012.07.09 00:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012.07.09 00:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012.07.09 00:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2012.07.09 00:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2012.09.27 21:44:46 | 000,027,824 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.07.09 02:42:12 | 000,113,704 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2011.04.12 10:34:07 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2011.04.12 10:34:07 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2011.04.12 10:34:10 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2011.04.12 10:34:12 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009.07.14 03:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2011.04.12 10:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2011.04.12 10:34:13 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010.11.21 05:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012.10.05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2012.10.05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2010.11.21 05:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012.10.05 12:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2012.10.05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2012.04.06 00:46:31 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2012.04.06 00:46:31 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2011.04.12 10:34:36 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009.07.14 04:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2011.04.12 10:34:35 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 04:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 19:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 15:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 04:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010.11.21 05:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012.10.05 20:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2012.10.05 20:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2010.11.21 05:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012.10.05 20:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2012.10.05 20:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2010.11.21 05:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2011.04.12 10:33:41 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2012.10.05 22:12:17 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012.10.05 21:59:28 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2010.11.21 05:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2010.11.21 05:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.12 10:34:11 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.21 05:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.05 12:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2011.04.12 10:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:02:06 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2010.11.21 05:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2011.04.12 10:34:11 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011.04.12 10:34:07 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2011.04.12 10:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2010.11.21 05:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >

[diamondCloud]

Extras.txt

OTL Extras logfile created on: 4.10.2013 19:30:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\x\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

5,47 Gb Total Physical Memory | 3,20 Gb Available Physical Memory | 58,47% Memory free
10,95 Gb Paging File | 8,42 Gb Available in Paging File | 76,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 46,82 Gb Free Space | 15,71% Space Free | Partition Type: NTFS

Computer Name: FILIP-NTB | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B53668-721F-4115-9796-9E43F4E64C58}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{0AC663B7-52B8-4F35-A82B-D43DEBFBB324}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A08B3EA-864A-484E-83ED-FC19B3FEE589}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1B44F318-C974-4BEF-A06C-FE850116710F}" = lport=58104 | protocol=17 | dir=in | name=pando media booster |
"{2F1AC974-C196-454A-8F71-F5473ADFB68F}" = rport=138 | protocol=17 | dir=out | app=system |
"{3358B51F-C35D-4DBD-AD57-75293444D245}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{46FC7AEB-01C6-453A-946B-EAA6C4C0FEDC}" = lport=58104 | protocol=6 | dir=in | name=pando media booster |
"{4F7AD1B8-6B5C-47E8-B0EB-3163E4B54119}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{53B8CEE2-0AAC-4DAA-AD5C-F8428282E54A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{564B056B-190F-47EA-8B03-91549C48D961}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CC40DC8-FC57-43A0-9237-2B491A595E11}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FC3D22E-4D0E-4BAE-A36C-10F63E36EAE5}" = rport=139 | protocol=6 | dir=out | app=system |
"{6520E839-2709-4C26-9958-D14695195F56}" = lport=139 | protocol=6 | dir=in | app=system |
"{661F8896-37BD-4D60-A28C-B07E83FD3E78}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{696DA163-A2D2-4C0C-9F5C-7DB2BA167842}" = lport=445 | protocol=6 | dir=in | app=system |
"{7CA02F7B-164A-47F3-96AC-386ABFC43CF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E882A16-E1FC-4B5D-B6A2-7C63AF7E244B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{84A97D32-8E17-4535-872E-9293C5CF23FA}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{8C43DF1B-A889-4A86-8EB8-CD06CD6C191D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{902E6038-FF7C-44FA-B100-7A69091D51C9}" = lport=58104 | protocol=17 | dir=in | name=pando media booster |
"{932D837D-ABFE-455E-A8B8-7936607CBE96}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{990D0AFE-C03D-491D-89B7-E9E35A37D0D5}" = lport=137 | protocol=17 | dir=in | app=system |
"{9AF94AAE-F5E4-4AB2-8665-8434CFB0BD2B}" = rport=137 | protocol=17 | dir=out | app=system |
"{A163754B-7A61-4DBD-8C1E-F3B5979FC736}" = rport=445 | protocol=6 | dir=out | app=system |
"{A1B93AEC-C19F-4374-BC41-CE52F3381501}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A4EF1333-89F1-44B0-BD88-F4DEDDB97842}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A59E2DAE-18EE-4A1B-BFB5-27FDACD9B1B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5C1F2FC-5FD1-40FF-8AE3-527B0EC9CCD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA506D5A-23A4-4DA6-BACD-6245B2B227D4}" = lport=138 | protocol=17 | dir=in | app=system |
"{ACB5F64E-5BD0-41E9-A46C-7A936F1B90E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2666305-C295-40D1-B79B-7BAA87E0C2DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5C549D6-A8ED-4704-8385-328280891C4E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEAB49BB-349C-46BC-A5C7-984F5E46765B}" = lport=58104 | protocol=6 | dir=in | name=pando media booster |
"{D08E7669-FEDD-48E1-B92E-61EA05051A73}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D39DA0AF-614F-4053-81D2-79EAA453A511}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2435ABE-5075-486F-94F3-93A815268F53}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E3185CEE-974C-429D-926F-B02EA71B423F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00524458-CA5F-4378-A783-97517E160BA6}" = protocol=6 | dir=in | app=c:\hry\ubisoft\assassin's creed iii\ac3sp.exe |
"{00FB7002-360C-432A-8EB0-632A02B31A3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0203D642-595E-4954-BA2B-FB28C5853D33}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{056C9C21-05D8-4506-9A8D-2AD641C7F00A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{066A62CF-DB0F-4AC1-AE79-FDA422E47FB4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08D6533C-66CE-4118-9588-5A0E12AD1AB3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1351C80E-539C-4311-A8A6-735B8EDEABC5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{17961A43-AB0E-44E7-B56E-6ADDEFD770C0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1B6ED66E-2BEA-4F19-BA10-469754A8410D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{25860F85-1CD6-4622-94BF-9CD00577DDF1}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{28D7344A-2F50-490B-B395-FEAD40149E4D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2BA6B5F5-A2D3-490E-89D9-04C1592031C9}" = protocol=17 | dir=in | app=c:\programy\icq7.7\icq.exe |
"{33092AC9-B9C2-4946-BC41-8B8930283C58}" = protocol=6 | dir=in | app=c:\hry\ubisoft\assassin's creed iii\ac3mp.exe |
"{36B0C301-6A1F-49D8-A832-93D4C3A6331E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{47AE1A37-79C1-45BC-860F-7540FF1E7469}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{49B2573F-1A49-462F-8659-A03B477F696F}" = protocol=17 | dir=in | app=c:\hry\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{4A245DBF-0B74-468E-865C-26AF19D617A7}" = protocol=17 | dir=in | app=c:\hry\steam\steam.exe |
"{4F885268-9295-4420-B205-B89394CE63EB}" = protocol=17 | dir=in | app=c:\hry\fifa 13\fifa 13\game\fifa13.exe |
"{568C2756-E113-486F-9E7D-F3B222C62E39}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56AFBF7B-A143-4F3D-9805-F8BCAB0132AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59144149-4E08-4BC3-9E52-150EE28817D4}" = protocol=17 | dir=in | app=c:\hry\activision\call of duty - world at war\codwawmp.exe |
"{59798EF0-5266-4881-971B-6EC2AE1563B6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5BCD3F65-20EA-421E-B7BC-13ACFE3A2BD8}" = protocol=17 | dir=in | app=c:\programy\icq7.7\icq.exe |
"{617281F4-8724-4288-96A3-1369BB249253}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67DB34E5-6B80-46E9-9EF5-EC8F8F648FC7}" = protocol=17 | dir=in | app=c:\hry\steam\steamapps\common\team fortress 2\hl2.exe |
"{68D38A58-8124-4905-A071-8A34E0284232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D15A566-CF09-43A2-A024-32CF1FA99247}" = protocol=17 | dir=in | app=c:\hry\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{6DCA04A1-B6E3-44B9-B2AF-FE1D2E3C2707}" = protocol=6 | dir=in | app=c:\hry\fifa 13\fifa 13\game\fifa13.exe |
"{759ADDA0-BE24-48F2-95C2-2517C215E503}" = protocol=17 | dir=in | app=c:\hry\ubisoft\assassin's creed iii\ac3sp.exe |
"{7CD01ACC-D13D-4989-B4C4-52FF52CC1129}" = protocol=6 | dir=out | app=system |
"{7DDDF082-B5CE-4662-9FD7-A0B18D9A6832}" = protocol=6 | dir=in | app=c:\programy\icq7.7\icq.exe |
"{81450200-0837-4A2D-ABE8-97B505B5A9AF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8283C334-74AB-4BB2-B3BE-ADAB48101789}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{82DC9ED1-0347-4A7E-9BC8-F3BDE0DF1D16}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{939EC359-F706-464B-A51F-3CE8C3609CFF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{940F874D-CF8B-4F08-B535-06A1547922BB}" = protocol=6 | dir=in | app=c:\hry\activision\call of duty - world at war\codwawmp.exe |
"{94A67B12-A3C1-4716-B46E-1117A2907C9D}" = protocol=17 | dir=in | app=c:\hry\activision\call of duty - world at war\codwaw.exe |
"{96D9B748-A818-4717-A35A-098B6B360D03}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{970925EF-E6CB-4F4A-AFA9-D05369C9133F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{984ED8B7-CB6D-4E33-AC4B-30E0B427DA01}" = protocol=6 | dir=in | app=c:\hry\activision\call of duty - world at war\codwaw.exe |
"{9922B7C0-764F-4A2B-B243-163DF087C9EA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{99C2BF43-5597-4BB7-80CC-8D5767EB088E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B2D67EA-BA1F-4630-B734-A535DBB09BBE}" = protocol=6 | dir=in | app=c:\hry\steam\steam.exe |
"{9E06E81B-F38E-4DD7-8376-5D864BB5C7DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9E6F5488-73DC-4263-86CC-7041A86F0D52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A57EC9CB-F36D-4CED-9288-03D9272892D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A60C08EF-9A9E-4BC9-AA2D-B75C321C2221}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE83B74F-32AB-4BEF-8DB8-DF11F3E4F7F1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B1FBD746-F6D1-49CA-AA7D-7CCFA02345EC}" = protocol=6 | dir=in | app=c:\programy\utorrent\utorrent.exe |
"{B2FCC39C-5660-41BA-95F8-1BAC404CBCF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B53A602C-1A9D-4B2C-A0E8-E45188FBA0E7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B75FC825-E1B9-4B9D-8618-52376D49B6F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B76F6496-2CBF-47BE-86B6-AD576FEA918C}" = dir=in | app=c:\programy\itunes\itunes.exe |
"{B99413A6-D664-4FA1-93C5-A9F09C579E93}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C2FE2CCD-1AFE-4E27-B574-B717CA268620}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{D067DF44-57B3-482D-99E2-F9067D8E2F20}" = protocol=6 | dir=in | app=c:\programy\icq7.7\icq.exe |
"{D38B41ED-1914-416C-B248-99D4E3BBAF86}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D66E8C61-717D-474F-B58F-D0404B39FB2E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DB4A7E5B-8752-4AAF-866A-424EA5ACAA82}" = protocol=17 | dir=in | app=c:\hry\ubisoft\assassin's creed iii\ac3mp.exe |
"{E14FB823-F475-4E25-89CE-6584B154DDDB}" = protocol=6 | dir=in | app=c:\hry\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{E4B33473-4A60-4764-AE08-854E65245DED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E89873CC-B8EA-4F86-B890-2C37DB80D1E2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E8A8636A-3E81-4B6F-880F-644A16572B3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC43E365-DA0B-4598-AA69-E8E1123E4EDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ED0BD2F6-E125-4C6A-A882-5B6B389BCA2F}" = protocol=6 | dir=in | app=c:\hry\steam\steamapps\common\team fortress 2\hl2.exe |
"{EDE207D2-1246-41B3-AB02-CAC0E71E416E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{EFD0D5EC-9AE8-406B-8FF2-1587E9FCBE91}" = protocol=6 | dir=in | app=c:\hry\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{F0137360-F562-4DD8-8DE0-52FFE3768DE3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{F1FC40F2-9E7B-4ECE-ADF8-31614BB65D93}" = protocol=17 | dir=in | app=c:\programy\utorrent\utorrent.exe |
"{F2436FBF-7BE2-4F54-8C7E-A978C3BA2AD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{020AC4CB-4F3A-4049-95EF-1BDDABCBD9A9}C:\hry\steam\steamapps\common\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\hry\steam\steamapps\common\team fortress 2\hl2.exe |
"TCP Query User{06CB4FD0-A467-4A86-8AF8-AB315831216C}C:\hry\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\hry\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{0A0E514B-EA62-4B8F-899F-1A291F567C12}C:\hry\fifa 13\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=c:\hry\fifa 13\fifa 13\game\fifa13.exe |
"TCP Query User{187B24D8-7730-497B-A916-991292E74106}C:\hry\activision\call of duty - world at war\codwawmp.exe" = protocol=6 | dir=in | app=c:\hry\activision\call of duty - world at war\codwawmp.exe |
"TCP Query User{1CCF8F88-DBB2-42C3-8BE1-3A3013CB2A18}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{1F9537D2-6208-4A3C-A073-B67C7A8C40C4}C:\programy\mouseserver\mouseserver.exe" = protocol=6 | dir=in | app=c:\programy\mouseserver\mouseserver.exe |
"TCP Query User{34B76D16-0432-461C-9E47-F3420D0E2188}C:\hry\valve\hl.exe" = protocol=6 | dir=in | app=c:\hry\valve\hl.exe |
"TCP Query User{352C10BA-066D-4BB8-8FCE-7937BD0C5585}C:\hry\splinter cell - blacklist\src\system\blacklist_dx11_game.exe" = protocol=6 | dir=in | app=c:\hry\splinter cell - blacklist\src\system\blacklist_dx11_game.exe |
"TCP Query User{4A165D9A-1513-48CF-BAA6-F6E856BE6F1A}C:\programy\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\programy\lolreplay\lolreplay.exe |
"TCP Query User{7F2C531B-A6E2-4209-90B8-605EE423EFAD}C:\hry\ubisoft\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=c:\hry\ubisoft\assassin's creed iii\ac3sp.exe |
"TCP Query User{80B18C81-56E2-44DD-A0E3-7FA227760017}C:\programy\totalcmd\totalcmd64.exe" = protocol=6 | dir=in | app=c:\programy\totalcmd\totalcmd64.exe |
"TCP Query User{A8224FFD-BEF8-47E7-8899-D9070551ED1C}C:\hry\splinter cell - blacklist\src\system\blacklist_dx11_game.exe" = protocol=6 | dir=in | app=c:\hry\splinter cell - blacklist\src\system\blacklist_dx11_game.exe |
"TCP Query User{A8A9C67A-3BD4-472D-B8CE-D85E56B0E13F}C:\hry\valve\hl.exe" = protocol=6 | dir=in | app=c:\hry\valve\hl.exe |
"TCP Query User{C8E06D4E-C6B2-4C44-975B-EE32FEC20A1B}C:\programy\mouseserver\mouseserver.exe" = protocol=6 | dir=in | app=c:\programy\mouseserver\mouseserver.exe |
"TCP Query User{FAE19B59-0C19-4424-AA59-C793E5814F51}C:\hry\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe" = protocol=6 | dir=in | app=c:\hry\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"UDP Query User{03C77A32-444F-4B84-B33F-93B2A27CA6F2}C:\programy\mouseserver\mouseserver.exe" = protocol=17 | dir=in | app=c:\programy\mouseserver\mouseserver.exe |
"UDP Query User{04780231-43B3-40D3-8440-EFDA1E9C69B7}C:\programy\mouseserver\mouseserver.exe" = protocol=17 | dir=in | app=c:\programy\mouseserver\mouseserver.exe |
"UDP Query User{0FA23681-54B2-4F92-ADDA-0A31A78CD443}C:\hry\fifa 13\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=c:\hry\fifa 13\fifa 13\game\fifa13.exe |
"UDP Query User{1FB7E30B-B9A5-410F-AE25-108DBC445152}C:\hry\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\hry\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{3C95B5C3-F2B9-476B-99A2-9128168968CA}C:\programy\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\programy\lolreplay\lolreplay.exe |
"UDP Query User{4B50CACD-3AFB-4A48-A34D-047A09CC7B57}C:\hry\activision\call of duty - world at war\codwawmp.exe" = protocol=17 | dir=in | app=c:\hry\activision\call of duty - world at war\codwawmp.exe |
"UDP Query User{623FB39D-8DA2-4A92-9C5B-5BEE19912631}C:\hry\splinter cell - blacklist\src\system\blacklist_dx11_game.exe" = protocol=17 | dir=in | app=c:\hry\splinter cell - blacklist\src\system\blacklist_dx11_game.exe |
"UDP Query User{6D02396B-C35A-40C4-8221-13EAE7B60461}C:\hry\valve\hl.exe" = protocol=17 | dir=in | app=c:\hry\valve\hl.exe |
"UDP Query User{CD3E76C2-E1C6-408F-A816-506A0DACB996}C:\hry\splinter cell - blacklist\src\system\blacklist_dx11_game.exe" = protocol=17 | dir=in | app=c:\hry\splinter cell - blacklist\src\system\blacklist_dx11_game.exe |
"UDP Query User{D05573CB-8EB4-4A51-9C25-AF95A7BD1DE2}C:\hry\ubisoft\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=c:\hry\ubisoft\assassin's creed iii\ac3sp.exe |
"UDP Query User{D2F64D04-9F01-4EE6-A45E-E9BF9D4554F3}C:\programy\totalcmd\totalcmd64.exe" = protocol=17 | dir=in | app=c:\programy\totalcmd\totalcmd64.exe |
"UDP Query User{D346C62F-779A-4271-9CD1-649F1DEB6DDA}C:\hry\valve\hl.exe" = protocol=17 | dir=in | app=c:\hry\valve\hl.exe |
"UDP Query User{D3BD80B0-DEE1-4672-8EAE-277D8A9EB41E}C:\hry\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe" = protocol=17 | dir=in | app=c:\hry\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"UDP Query User{EE5DE21F-CC2E-4387-993F-4F421987DCB8}C:\hry\steam\steamapps\common\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\hry\steam\steamapps\common\team fortress 2\hl2.exe |
"UDP Query User{F6321DEE-7772-4F58-A725-F96C4C303121}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{45E3D837-4855-7F41-A22E-D1D0AEA71EF8}" = AMD Steady Video Plug-In
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) 8.0.50727.4053
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5 CSY Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{995841E6-A7D8-2742-606C-98E350507317}" = AMD Catalyst Install Manager
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A4F0DB87-3269-34FE-AFFE-4168FDFA4A22}" = Microsoft .NET Framework 4.5 CSY Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B74F365F-CC7D-8B37-F0CE-9C934F370C87}" = ccc-utility64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"{F945735F-DCCA-9B0F-3916-A9D35ADD710A}" = AMD Media Foundation Decoders
"67167A3F28325130D0AD538001458884E89C08E5" = Balíček ovladače systému Windows - AnyDATA.NET (adusbser) Ports (07/08/2009 2.0.6.7)
"83D39BE44B3A8ED033DBBBC4F867EBAFB1FAC98F" = Balíček ovladače systému Windows - AnyDATA.NET (adusbser) Modem (07/08/2009 2.0.6.7)
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{018469E1-1FF6-4680-A7A5-0E04E8DB4FFB}" = CCC Help Danish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{076457B0-2CCD-1775-53BE-10B2D80BBB11}" = CCC Help Greek
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F68670C-D7D2-420B-A65E-18567DD236F6}_is1" = GTA Episodes from Liberty City
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13476808-986D-2ADC-878A-60DD241E344D}" = CCC Help Swedish
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
"{1A3C311D-F115-E44B-B9B8-DC09D549BDEB}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2792AA53-D556-9092-69BF-339B25BFDF14}" = CCC Help Turkish
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39E1A8AF-751D-4E6D-D55D-368B13A7913B}" = CCC Help Russian
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{54CDE4C0-9CDD-2DC5-2518-FFCAC0AB2443}" = CCC Help Spanish
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{6229FCC3-24D7-46BC-581F-C15A8EB9D477}" = Catalyst Control Center InstallProxy
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64AE97EB-B2C7-EE97-931C-E44C6584CEA0}" = CCC Help French
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{686DD43A-9C33-19C3-3EBA-28EB9D109791}" = CCC Help Italian
"{6A99D59B-2620-9104-E80A-F35BE16958FE}" = CCC Help Chinese Standard
"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0
"{70C48A1D-40F1-44A2-CC3E-C0C75E11C7EC}" = CCC Help Portuguese
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A85B92-44F8-1F70-90C3-C48EEC9D64D7}" = CCC Help Dutch
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed ® III
"{9EA3BFEE-4546-0580-9DEA-4C6E6BD47605}" = CCC Help Japanese
"{A27C7332-2211-BF1C-A11D-63F15855D693}" = CCC Help Finnish
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A3AE9B69-9205-4472-2711-96292C9C3662}" = CCC Help German
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Czech
"{B1BC96B5-2064-21FC-F7BD-497A84C43ECD}" = CCC Help Norwegian
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D184E1-B0E3-E76D-CCA5-E1C1F6979BE5}" = CCC Help Thai
"{b7b0ca2a-aaea-481d-9ccd-fb59b230c07a}_is1" = Audio Editor
"{B9E1BC15-AA94-A94E-C51F-7CA8598EAA0D}" = CCC Help Korean
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C1B8B7BC-F89D-E4D1-B325-9387FD9700A4}" = Catalyst Control Center Localization All
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C52F9E-F728-D3F9-3C15-7597A3AB627A}" = CCC Help English
"{C6F3D04A-E9DD-3D17-BE77-08CB6A6F1F15}" = CCC Help Czech
"{CC0AE06B-E4E5-D9CF-96CD-C5A2FBE1B79F}" = CCC Help Polish
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CF72CF42-FA17-1273-0325-4F32B64CAB43}" = AMD VISION Engine Control Center
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDFC1993-99B8-560D-BFCE-AAD412710262}" = CCC Help Hungarian
"{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E4BF50-279D-4C87-ED5A-E6850DA915AA}" = Catalyst Control Center Graphics Previews Common
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Creation Master 12_is1" = Creation Master 12 Beta 6
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout 3 - NMC's Texture Pack_R.G. Mechanics_is1" = Fallout 3 - NMC's Texture Pack
"Fallout 3 - Wasteland Edition_R.G. Mechanics_is1" = Fallout 3 - Wasteland Edition
"Fraps" = Fraps (remove only)
"GTA San Andreas" = GTA San Andreas
"HD Tune_is1" = HD Tune 2.50
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"LManager" = Launch Manager
"LOLReplay" = LOLReplay
"O2CZ" = O2
"Opera 12.16.1860" = Opera 12.16
"Razer Game Booster_is1" = Razer Game Booster
"Steam App 440" = Team Fortress 2
"TES V - Skyrim CZ update 1.4.21.0.4" = TES V - Skyrim CZ update 1.4.21.0.4
"TES V - Skyrim CZ update 1.5.24.0.5" = TES V - Skyrim CZ update 1.5.24.0.5
"TES V - Skyrim CZ update 1.5.26.0.5" = TES V - Skyrim CZ update 1.5.26.0.5
"The Elder Scrolls V Skyrim Dragonborn (c) Bethes~300CD4A2_is1" = The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1
"Uplay" = Uplay
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Vodafone pripojeni" = Vodafone připojení
"Vypínač na dobrou noc_is1" = Vypínač na dobrou noc verze 2.0
"WinPcapInst" = WinPcap 4.1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2191468200-1237345355-2885247254-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4.10.2013 13:21:44 | Computer Name = Filip-NTB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10498

Error - 4.10.2013 13:21:45 | Computer Name = Filip-NTB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4.10.2013 13:21:45 | Computer Name = Filip-NTB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11497

Error - 4.10.2013 13:21:45 | Computer Name = Filip-NTB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11497

Error - 4.10.2013 13:21:46 | Computer Name = Filip-NTB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4.10.2013 13:21:46 | Computer Name = Filip-NTB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12511

Error - 4.10.2013 13:21:46 | Computer Name = Filip-NTB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12511

Error - 4.10.2013 13:21:47 | Computer Name = Filip-NTB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4.10.2013 13:21:47 | Computer Name = Filip-NTB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13681

Error - 4.10.2013 13:21:47 | Computer Name = Filip-NTB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13681

[ System Events ]
Error - 2.10.2013 7:05:31 | Computer Name = Filip-NTB | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 2.10.2013 7:06:11 | Computer Name = Filip-NTB | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 2.10.2013 7:06:20 | Computer Name = Filip-NTB | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 2.10.2013 14:42:52 | Computer Name = Filip-NTB | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 2.10.2013 14:42:52 | Computer Name = Filip-NTB | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 2.10.2013 14:47:35 | Computer Name = Filip-NTB | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 2.10.2013 14:50:14 | Computer Name = Filip-NTB | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 2.10.2013 14:50:15 | Computer Name = Filip-NTB | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 2.10.2013 14:50:53 | Computer Name = Filip-NTB | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 2.10.2013 14:50:59 | Computer Name = Filip-NTB | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.


< End of report >

[Márty84]

Vidim, ze mate na plose spoustu veci. Velikost plochy by nemela prekracovat 300MB. Hlidejte si to, brzdi to pc.

Za ty cracky vas taky nepochvalim


Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:services
AdobeARMservice
AdobeFlashPlayerUpdateSvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://yandex.ru/yandsearch?clid=48578&text={searchTerms}
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\SearchScopes\{B87289C8-B8D5-414F-9ED2-6C8751717FE2}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=DACA22FC-215A-414E-A92F-5FD7387FF302&apn_sauid=61E7C9A2-D85A-422C-8EAE-395CA2814762
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/persons/?clid=48578&c ... &keywords={searchTerms}&submitted=1
IE - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..\SearchScopes\Yandex: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2191468200-1237345355-2885247254-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[18 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""=-

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[diamondCloud]

Plocha vyčištěna

Po spuštění OTL a "Opravit" se OTL zasekl někde na "Creating restore point do not interrupt." kde byl zhruba půl - 3/4 hodiny, nechal jsem to běžet, bohužel jsem měl doma malého synovce, který mačkal tlačítka na notebooku aniž by si toho někdo všiml a PC vypnul , po zapnutí se obrazovka Vítejte opět načítá dlouho (když jsme to projeli tehdy ComboFixem tak to bylo v pořádku) každopádně znovu spouštím OTL už pod dohledem, jen oznamují co se stalo, snad to nebude mít větší vliv na chod PC.

EDIT: Tak při druhém spuštění vše proběhlo bez problému a rychle (teď si nemohu vzpomenout, zdá jsem před tím spustil OTL jako správce nebo ne, já blbec ), ale po restartu PC vyskočilo "Chyba při vytvoření protokolu" na ploše sice jsou 2 textový soubory Otl a Extras, ale oba mají datum 04.10, takže to budou ty minulé. Omlouvám se i za malého jestli tím jsem dostavil nějakou práci navíc, snad tam nebude velký problém.

[Márty84]

No, tak dejte novy log z RSIT, tam poznam, jestli OTL probehlo korektne. Jinak to spusteni po restartu bylo dlouhe proto, jelikoz OTL po restartu jeste pracovalo. Nebo i dalsi starty jsou zase dlouhe?