Snížený výkon PC

[Jaqkes]

ComboFix 13-11-04.01 - David 06.11.2013 12:46:06.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4010.2598 [GMT 1:00]
Spuštěný z: c:\users\David\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-06 do 2013-11-06 )))))))))))))))))))))))))))))))
.
.
2013-11-05 11:29 . 2013-10-15 23:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D5F7EEA-224C-4C56-AD2B-AD31A3D9C6E6}\mpengine.dll
2013-11-02 23:33 . 2013-11-02 23:33 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-11-01 10:23 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-01 10:23 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-01 10:23 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-01 10:23 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-01 10:23 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-01 10:23 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-01 10:23 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-01 09:06 . 2013-11-02 23:35 -------- d-----w- c:\program files (x86)\Microsoft Works
2013-11-01 09:05 . 2013-11-01 09:05 -------- d-----w- c:\program files\Microsoft Office
2013-11-01 09:04 . 2013-11-01 09:04 -------- d-----w- c:\users\David\AppData\Local\Microsoft Help
2013-11-01 09:04 . 2013-11-03 23:16 -------- d-----w- c:\programdata\Microsoft Help
2013-11-01 09:04 . 2013-11-01 09:04 -------- d-----r- C:\MSOCache
2013-10-27 19:58 . 2013-10-27 19:58 -------- d-----w- c:\users\David\AppData\Roaming\LolClient
2013-10-27 16:31 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2013-10-27 16:31 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2013-10-27 16:31 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-10-27 16:31 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-10-27 16:31 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-10-27 16:29 . 2013-10-27 16:29 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-10-27 16:29 . 2013-10-27 16:29 -------- d-----w- C:\Riot Games
2013-10-27 16:28 . 2013-11-06 00:26 -------- d-----w- c:\users\David\AppData\Local\PMB Files
2013-10-27 16:28 . 2013-11-06 00:25 -------- d-----w- c:\programdata\PMB Files
2013-10-27 16:27 . 2013-10-27 16:27 -------- d-----w- c:\program files (x86)\Pando Networks
2013-10-26 17:57 . 2013-10-27 16:27 -------- d-----w- c:\users\David\AppData\Roaming\Riot Games
2013-10-18 10:23 . 2013-10-18 10:23 -------- d-----w- c:\users\David\AppData\Roaming\AVAST Software
2013-10-18 10:22 . 2013-10-18 10:22 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-18 10:22 . 2013-10-18 10:22 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-18 10:22 . 2013-10-18 10:22 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-18 10:22 . 2013-10-18 10:22 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-18 10:22 . 2013-10-18 10:22 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-18 10:22 . 2013-10-18 10:22 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-18 10:22 . 2013-10-18 10:22 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-18 10:22 . 2013-10-18 10:22 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-18 10:22 . 2013-10-18 10:22 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-18 10:22 . 2013-10-18 10:22 43152 ----a-w- c:\windows\avastSS.scr
2013-10-14 11:21 . 2013-10-14 11:21 -------- d-----w- c:\users\David\AppData\Local\ElevatedDiagnostics
2013-10-14 10:01 . 2013-10-14 10:01 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2013-10-14 10:01 . 2013-10-14 10:01 -------- d-----w- c:\programdata\Malwarebytes
2013-10-14 10:01 . 2013-10-26 09:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-11 17:20 . 2013-10-11 17:30 -------- d-----w- c:\users\David\AppData\Local\Microsoft Games
2013-10-11 09:52 . 2013-10-17 15:31 -------- d-----w- C:\AdwCleaner
2013-10-11 09:43 . 2013-10-11 09:43 -------- d-----w- c:\program files\AVAST Software
2013-10-11 09:43 . 2013-10-18 10:21 -------- d-----w- c:\programdata\AVAST Software
2013-10-10 20:41 . 2013-10-10 20:50 -------- d-----w- c:\program files\trend micro
2013-10-10 20:41 . 2013-10-10 20:50 -------- d-----w- C:\rsit
2013-10-10 12:27 . 2013-10-10 12:27 -------- d-----w- C:\22d2e8fcf1771b6ae24ee6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-27 15:18 . 2013-09-03 09:29 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-10-27 15:18 . 2013-09-03 05:11 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-27 15:17 . 2013-09-03 05:11 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-10 12:25 . 2013-09-09 09:57 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-03 12:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-09-03 10:06 . 2013-09-03 05:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-09-03 08:51 . 2013-09-03 08:51 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-09-03 08:51 . 2013-09-03 08:51 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-09-03 08:51 . 2013-09-03 08:51 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-09-03 08:51 . 2013-09-03 08:51 204800 ----a-w- c:\windows\SysWow64\webcheck.dll
2013-09-03 08:51 . 2013-09-03 08:51 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-09-03 08:51 . 2013-09-03 08:51 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-09-03 08:51 . 2013-09-03 08:51 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-09-03 08:51 . 2013-09-03 08:51 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-09-03 08:51 . 2013-09-03 08:51 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-09-03 08:51 . 2013-09-03 08:51 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-09-03 08:51 . 2013-09-03 08:51 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-09-03 08:51 . 2013-09-03 08:51 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-09-03 08:51 . 2013-09-03 08:51 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-09-03 08:51 . 2013-09-03 08:51 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-09-03 08:51 . 2013-09-03 08:51 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-09-03 08:51 . 2013-09-03 08:51 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-09-03 08:51 . 2013-09-03 08:51 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-09-03 08:51 . 2013-09-03 08:51 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-09-03 08:51 . 2013-09-03 08:51 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-09-03 08:50 . 2013-09-03 08:50 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-09-03 08:50 . 2013-09-03 08:50 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-09-03 08:50 . 2013-09-03 08:50 81408 ----a-w- c:\windows\system32\icardie.dll
2013-09-03 08:50 . 2013-09-03 08:50 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-09-03 08:50 . 2013-09-03 08:50 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-09-03 08:50 . 2013-09-03 08:50 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-09-03 08:50 . 2013-09-03 08:50 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-09-03 08:50 . 2013-09-03 08:50 441856 ----a-w- c:\windows\system32\html.iec
2013-09-03 08:50 . 2013-09-03 08:50 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-09-03 08:50 . 2013-09-03 08:50 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-03 08:50 . 2013-09-03 08:50 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-09-03 08:50 . 2013-09-03 08:50 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-09-03 08:50 . 2013-09-03 08:50 235008 ----a-w- c:\windows\system32\url.dll
2013-09-03 08:50 . 2013-09-03 08:50 216064 ----a-w- c:\windows\system32\msls31.dll
2013-09-03 08:50 . 2013-09-03 08:50 197120 ----a-w- c:\windows\system32\msrating.dll
2013-09-03 08:50 . 2013-09-03 08:50 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-03 08:50 . 2013-09-03 08:50 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-09-03 08:50 . 2013-09-03 08:50 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-03 08:50 . 2013-09-03 08:50 149504 ----a-w- c:\windows\system32\occache.dll
2013-09-03 08:50 . 2013-09-03 08:50 144896 ----a-w- c:\windows\system32\wextract.exe
2013-09-03 08:50 . 2013-09-03 08:50 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-09-03 08:50 . 2013-09-03 08:50 102912 ----a-w- c:\windows\system32\inseng.dll
2013-09-03 08:50 . 2013-09-03 08:50 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-09-03 08:50 . 2013-09-03 08:50 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-09-03 08:50 . 2013-09-03 08:50 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-09-03 08:50 . 2013-09-03 08:50 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-09-03 08:50 . 2013-09-03 08:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-09-03 08:50 . 2013-09-03 08:50 13824 ----a-w- c:\windows\system32\mshta.exe
2013-09-03 08:50 . 2013-09-03 08:50 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-09-03 08:50 . 2013-09-03 08:50 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-09-03 08:50 . 2013-09-03 08:50 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-09-03 08:50 . 2013-09-03 08:50 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-03 08:50 . 2013-09-03 08:50 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-03 08:50 . 2013-09-03 08:50 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-09-03 08:50 . 2013-09-03 08:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-09-03 08:50 . 2013-09-03 08:50 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-09-03 08:50 . 2013-09-03 08:50 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-09-03 08:50 . 2013-09-03 08:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-09-03 08:50 . 2013-09-03 08:50 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-09-03 08:50 . 2013-09-03 08:50 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-09-03 08:50 . 2013-09-03 08:50 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-09-03 08:50 . 2013-09-03 08:50 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-09-03 08:50 . 2013-09-03 08:50 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-09-03 08:50 . 2013-09-03 08:50 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-09-03 08:50 . 2013-09-03 08:50 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-09-03 08:50 . 2013-09-03 08:50 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-09-03 08:50 . 2013-09-03 08:50 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-09-03 08:50 . 2013-09-03 08:50 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-09-03 08:50 . 2013-09-03 08:50 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-09-03 08:50 . 2013-09-03 08:50 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-09-03 08:50 . 2013-09-03 08:50 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-09-03 08:50 . 2013-09-03 08:50 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-09-03 08:50 . 2013-09-03 08:50 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-09-03 08:50 . 2013-09-03 08:50 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-03 08:50 . 2013-09-03 08:50 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-09-03 08:50 . 2013-09-03 08:50 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-09-03 08:50 . 2013-09-03 08:50 194560 ----a-w- c:\windows\system32\d3d10_1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}]
2013-09-03 15:00 748032 ----a-w- c:\program files (x86)\hosts\hosts-bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-18 3567800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys;c:\windows\SYSNATIVE\DRIVERS\EgisTecFF.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 14:50 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 12:05]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 12:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-18 10:22 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-04-27 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-04-27 5908928]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-04-27 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=13415
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3440131790-827048697-2130922516-1001\Software\SecuROM\License information*]
"datasecu"=hex:52,8b,9c,f2,ca,0e,6e,fe,c7,21,4f,d9,99,37,1c,13,a6,76,34,29,54,
08,6f,17,b8,3b,d7,6f,91,a7,b8,e8,b9,50,e0,b7,fb,99,0b,72,79,c4,23,1d,46,0d,\
"rkeysecu"=hex:b7,7a,f3,ae,b5,eb,9b,02,1a,d9,bb,25,67,0e,02,dc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-11-06 12:57:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-06 11:57
.
Před spuštěním: Volných bajtů: 367 584 194 560
Po spuštění: Volných bajtů: 367 707 021 312
.
- - End Of File - - D80C3E0C013799321A1486FBE5BFDAF6

[Márty84]

Toto pouzivate schvalne? Znate to?

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}]
2013-09-03 15:00 748032 ----a-w- c:\program files (x86)\hosts\hosts-bho.dll

[Jaqkes]

Nevím co to je

[Márty84]

Presunte ComboFix na plochu!
Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Folder::
c:\users\David\AppData\Local\hosts
c:\program files (x86)\hosts

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-

Regnull::
[HKEY_USERS\S-1-5-21-3440131790-827048697-2130922516-1001\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Jaqkes]

Mohu se Vás zeptat, co to vlastně bylo za soubor?

Teď k té kontrole: Během průběhu se mě to zeptalo na aktualizace ComboFixu, tak jsem dal ANO.
Na konci, už po restartu PC, všechno naběhlo tak jak mělo, ale napsalo mi to:

C:\windows\system32\gfxUI.exe
Zařízení připojené k systému nefunguje

Teď ten LOG:

ComboFix 13-11-11.01 - David 11.11.2013 18:41:03.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4010.2356 [GMT 1:00]
Spuštěný z: c:\users\David\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\David\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\hosts
c:\program files (x86)\hosts\background.html
c:\program files (x86)\hosts\hosts-bg.exe
c:\program files (x86)\hosts\hosts-bho.dll
c:\program files (x86)\hosts\hosts-buttonutil.dll
c:\program files (x86)\hosts\hosts-buttonutil.exe
c:\program files (x86)\hosts\hosts-buttonutil64.dll
c:\program files (x86)\hosts\hosts-buttonutil64.exe
c:\program files (x86)\hosts\hosts-codedownloader.exe
c:\program files (x86)\hosts\hosts-helper.exe
c:\program files (x86)\hosts\hosts.ico
c:\program files (x86)\hosts\Installer.log
c:\program files (x86)\hosts\Uninstall.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-11 do 2013-11-11 )))))))))))))))))))))))))))))))
.
.
2013-11-11 17:47 . 2013-11-11 17:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-11 17:47 . 2013-11-11 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-09 04:43 . 2013-11-09 04:43 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F059F120-92E4-42E4-9987-8EE0A9DF59BE}\offreg.dll
2013-11-08 11:58 . 2013-10-15 23:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F059F120-92E4-42E4-9987-8EE0A9DF59BE}\mpengine.dll
2013-11-07 08:03 . 2013-11-07 08:03 -------- d--h--w- c:\windows\msdownld.tmp
2013-11-06 23:50 . 2013-11-07 08:26 -------- d-----w- c:\programdata\WarThunder
2013-11-06 23:50 . 2013-11-06 23:50 -------- d-----w- c:\users\David\AppData\Local\WarThunder
2013-11-06 23:50 . 2013-11-07 08:26 -------- d-----w- c:\program files (x86)\WarThunder
2013-11-06 20:26 . 2013-11-06 20:26 -------- d-----w- c:\users\David\AppData\Roaming\3909
2013-11-06 20:25 . 2013-11-06 20:25 -------- d-----w- C:\GOG Games
2013-11-06 20:24 . 2013-11-06 20:24 -------- d-----w- c:\users\David\AppData\Local\WinZip
2013-11-06 20:22 . 2013-11-06 20:24 -------- d-----w- c:\programdata\WinZip
2013-11-06 20:22 . 2013-11-06 20:23 -------- d-----w- c:\program files\WinZip
2013-11-02 23:33 . 2013-11-02 23:33 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-11-01 10:23 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-01 10:23 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-01 10:23 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-01 10:23 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-01 10:23 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-01 10:23 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-01 10:23 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-01 09:06 . 2013-11-02 23:35 -------- d-----w- c:\program files (x86)\Microsoft Works
2013-11-01 09:05 . 2013-11-01 09:05 -------- d-----w- c:\program files\Microsoft Office
2013-11-01 09:04 . 2013-11-01 09:04 -------- d-----w- c:\users\David\AppData\Local\Microsoft Help
2013-11-01 09:04 . 2013-11-03 23:16 -------- d-----w- c:\programdata\Microsoft Help
2013-11-01 09:04 . 2013-11-01 09:04 -------- d-----r- C:\MSOCache
2013-10-27 19:58 . 2013-10-27 19:58 -------- d-----w- c:\users\David\AppData\Roaming\LolClient
2013-10-27 16:31 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2013-10-27 16:31 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2013-10-27 16:31 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-10-27 16:31 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-10-27 16:31 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-10-27 16:29 . 2013-10-27 16:29 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-10-27 16:29 . 2013-10-27 16:29 -------- d-----w- C:\Riot Games
2013-10-27 16:28 . 2013-11-08 13:37 -------- d-----w- c:\users\David\AppData\Local\PMB Files
2013-10-27 16:28 . 2013-11-08 13:36 -------- d-----w- c:\programdata\PMB Files
2013-10-27 16:27 . 2013-10-27 16:27 -------- d-----w- c:\program files (x86)\Pando Networks
2013-10-26 17:57 . 2013-10-27 16:27 -------- d-----w- c:\users\David\AppData\Roaming\Riot Games
2013-10-18 10:23 . 2013-10-18 10:23 -------- d-----w- c:\users\David\AppData\Roaming\AVAST Software
2013-10-18 10:22 . 2013-11-10 10:40 409832 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-10-18 10:22 . 2013-10-18 10:22 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-18 10:22 . 2013-10-18 10:22 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-18 10:22 . 2013-10-18 10:22 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-18 10:22 . 2013-10-18 10:22 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-18 10:22 . 2013-10-18 10:22 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-18 10:22 . 2013-10-18 10:22 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-18 10:22 . 2013-10-18 10:22 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-18 10:22 . 2013-10-18 10:22 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-18 10:22 . 2013-10-18 10:22 43152 ----a-w- c:\windows\avastSS.scr
2013-10-14 11:21 . 2013-10-14 11:21 -------- d-----w- c:\users\David\AppData\Local\ElevatedDiagnostics
2013-10-14 10:01 . 2013-10-14 10:01 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2013-10-14 10:01 . 2013-10-14 10:01 -------- d-----w- c:\programdata\Malwarebytes
2013-10-14 10:01 . 2013-10-26 09:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-27 15:18 . 2013-09-03 09:29 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-10-27 15:18 . 2013-09-03 05:11 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-27 15:17 . 2013-09-03 05:11 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-10 12:25 . 2013-09-09 09:57 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-22 23:28 . 2013-10-10 23:21 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-10 23:21 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-10 23:21 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-10 23:21 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-10 23:21 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-10 23:21 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-10 23:21 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-10 23:21 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-10 23:21 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-10 23:21 855552 ----a-w- c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-10 23:21 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-10 23:21 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-10 23:21 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-10 23:21 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-10 23:21 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-10 23:21 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-10 23:21 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-10 23:21 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-10 23:21 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-10 23:21 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-10 23:21 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-10 23:21 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-10 07:58 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-10 07:58 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 07:58 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 07:58 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-03 12:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-09-03 10:06 . 2013-09-03 05:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-09-03 08:51 . 2013-09-03 08:51 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-09-03 08:51 . 2013-09-03 08:51 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-09-03 08:51 . 2013-09-03 08:51 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-09-03 08:51 . 2013-09-03 08:51 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-09-03 08:51 . 2013-09-03 08:51 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-09-03 08:51 . 2013-09-03 08:51 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-09-03 08:51 . 2013-09-03 08:51 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-09-03 08:51 . 2013-09-03 08:51 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-09-03 08:51 . 2013-09-03 08:51 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-09-03 08:51 . 2013-09-03 08:51 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-09-03 08:51 . 2013-09-03 08:51 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-09-03 08:51 . 2013-09-03 08:51 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-09-03 08:51 . 2013-09-03 08:51 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-09-03 08:51 . 2013-09-03 08:51 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-09-03 08:51 . 2013-09-03 08:51 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-09-03 08:51 . 2013-09-03 08:51 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-09-03 08:51 . 2013-09-03 08:51 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-09-03 08:51 . 2013-09-03 08:51 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-09-03 08:50 . 2013-09-03 08:50 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-09-03 08:50 . 2013-09-03 08:50 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-09-03 08:50 . 2013-09-03 08:50 81408 ----a-w- c:\windows\system32\icardie.dll
2013-09-03 08:50 . 2013-09-03 08:50 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-09-03 08:50 . 2013-09-03 08:50 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-09-03 08:50 . 2013-09-03 08:50 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-09-03 08:50 . 2013-09-03 08:50 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-09-03 08:50 . 2013-09-03 08:50 441856 ----a-w- c:\windows\system32\html.iec
2013-09-03 08:50 . 2013-09-03 08:50 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-09-03 08:50 . 2013-09-03 08:50 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-03 08:50 . 2013-09-03 08:50 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-09-03 08:50 . 2013-09-03 08:50 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-09-03 08:50 . 2013-09-03 08:50 235008 ----a-w- c:\windows\system32\url.dll
2013-09-03 08:50 . 2013-09-03 08:50 216064 ----a-w- c:\windows\system32\msls31.dll
2013-09-03 08:50 . 2013-09-03 08:50 197120 ----a-w- c:\windows\system32\msrating.dll
2013-09-03 08:50 . 2013-09-03 08:50 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-03 08:50 . 2013-09-03 08:50 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-09-03 08:50 . 2013-09-03 08:50 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-03 08:50 . 2013-09-03 08:50 149504 ----a-w- c:\windows\system32\occache.dll
2013-09-03 08:50 . 2013-09-03 08:50 144896 ----a-w- c:\windows\system32\wextract.exe
2013-09-03 08:50 . 2013-09-03 08:50 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-09-03 08:50 . 2013-09-03 08:50 102912 ----a-w- c:\windows\system32\inseng.dll
2013-09-03 08:50 . 2013-09-03 08:50 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-09-03 08:50 . 2013-09-03 08:50 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-09-03 08:50 . 2013-09-03 08:50 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-09-03 08:50 . 2013-09-03 08:50 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-09-03 08:50 . 2013-09-03 08:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-09-03 08:50 . 2013-09-03 08:50 13824 ----a-w- c:\windows\system32\mshta.exe
2013-09-03 08:50 . 2013-09-03 08:50 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-09-03 08:50 . 2013-09-03 08:50 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-09-03 08:50 . 2013-09-03 08:50 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-09-03 08:50 . 2013-09-03 08:50 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-03 08:50 . 2013-09-03 08:50 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-03 08:50 . 2013-09-03 08:50 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-09-03 08:50 . 2013-09-03 08:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-09-03 08:50 . 2013-09-03 08:50 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-09-03 08:50 . 2013-09-03 08:50 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-09-03 08:50 . 2013-09-03 08:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-03 08:50 . 2013-09-03 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-18 3567800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys;c:\windows\SYSNATIVE\DRIVERS\EgisTecFF.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 14:50 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 12:05]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 12:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-18 10:22 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-04-27 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-04-27 5908928]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-04-27 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=13415
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{11111111-1111-1111-1111-110311531182} - c:\program files (x86)\hosts\hosts-bho.dll
Toolbar-Locked - (no file)
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
AddRemove-hosts - c:\program files (x86)\hosts\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-11-11 18:52:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-11 17:52
ComboFix2.txt 2013-11-06 11:57
.
Před spuštěním: Volných bajtů: 359 934 500 864
Po spuštění: Volných bajtů: 359 489 400 832
.
- - End Of File - - 54D1C9154DFDA6E12E50FA0DB2A7DBC1

[Márty84]

Mohu se Vás zeptat, co to vlastně bylo za soubor?

Nevim presne, ale nektere odkazy to oznacuji za skodnou. A pokud jste o tom ani nevedel a nemel to umyslne, pryc s tim. Nainstalovat znovu se to da vzdycky

Aktualizace v poradku

C:\windows\system32\gfxUI.exe

GfxUI.exe Informace o souboru
Proces známý jako GfxUI patří k softwaru Intel Graphics Properties podle Intelu (http://www.intel.com).

Funguje vse jak ma?


Dejte novy log z RSIT

[Jaqkes]

Výhradně na grafiku Intel mi jede Adobe Reader, který se mi nepodařilo kompenzovat na nVidii Geforce 525M a jede to.

Log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by David at 2013-11-11 22:55:13
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 343 GB (79%) free of 432 GB
Total RAM: 4010 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:55:20, on 11.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CrossriderApp0035382 - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho.dll (file missing)
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-3440131790-827048697-2130922516-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3440131790-827048697-2130922516-1000\..\Run: [FactoryTest] C:\Windows\Test.bat (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3440131790-827048697-2130922516-1000\..\Run: [Power2GoExpress] NA (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3440131790-827048697-2130922516-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10064 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe"
"C:\windows\system32\Dwm.exe"
"C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe"
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\system32\WLANExt.exe 27673008
\??\C:\windows\system32\conhost.exe "-275811214153126162266431333100471175-421414859900532340-1054250177-599044930
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
C:\windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe" -autorun
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {9D4687D5-C41B-452A-8E5F-638F183E908F}
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
WLIDSvcM.exe 2240
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\windows\system32\wuauclt.exe"
C:\windows\explorer.exe
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding
"C:\Program Files\AVAST Software\Avast\avastui.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3368.0.201419530\390847413" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,18,24,26 --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2266 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R1_ExperimentC/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="3368.1.588200032\270253936" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R1_ExperimentC/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3368.2.1249169875\515066593" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R1_ExperimentC/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3368.3.1758461986\990707399" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R1_ExperimentC/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3368.4.1322297166\682025160" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R1_ExperimentC/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3368.5.691749315\434351642" /prefetch:673131151
"C:\Users\David\Downloads\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-10-18 1567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9}]
EgisPBIE Class - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2010-12-14 857968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-09 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}]
hosts - C:\Program Files (x86)\hosts\hosts-bho.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9}]
EgisPBIE Class - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll [2010-12-14 635248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-10-18 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-09 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-09 256080]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-10-18 1567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-09 194640]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-10-18 606544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-01-11 167960]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-01-11 391704]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-01-11 418328]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-01-04 11772520]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-11-12 2473568]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2011-04-27 9769888]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2011-04-27 5908928]
"Lenovo EE Boot Optimizer"=C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [2011-04-27 114688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-04-27 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-08-01 3673696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-11-05 407920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-11-05 202096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLTSR]
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [2010-10-22 364400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-04-27 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VitaKeyTSR]
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [2010-12-14 383344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage]
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24 136488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-12-24 224352]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-10-18 3567800]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-12-16 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-11-11 18:52:23 ----A---- C:\ComboFix.txt
2013-11-11 18:48:53 ----D---- C:\$RECYCLE.BIN
2013-11-11 18:47:34 ----D---- C:\windows\temp
2013-11-07 09:03:29 ----HD---- C:\windows\msdownld.tmp
2013-11-07 09:03:29 ----D---- C:\windows\SYSWOW64\directx
2013-11-07 00:50:46 ----D---- C:\ProgramData\WarThunder
2013-11-07 00:50:15 ----D---- C:\Program Files (x86)\WarThunder
2013-11-06 21:26:21 ----D---- C:\Users\David\AppData\Roaming\3909
2013-11-06 21:25:46 ----D---- C:\GOG Games
2013-11-06 21:22:55 ----D---- C:\ProgramData\WinZip
2013-11-06 21:22:54 ----D---- C:\Program Files\WinZip
2013-11-06 12:44:16 ----A---- C:\windows\zip.exe
2013-11-06 12:44:16 ----A---- C:\windows\SWSC.exe
2013-11-06 12:44:16 ----A---- C:\windows\SWREG.exe
2013-11-06 12:44:16 ----A---- C:\windows\sed.exe
2013-11-06 12:44:16 ----A---- C:\windows\PEV.exe
2013-11-06 12:44:16 ----A---- C:\windows\NIRCMD.exe
2013-11-06 12:44:16 ----A---- C:\windows\MBR.exe
2013-11-06 12:44:16 ----A---- C:\windows\grep.exe
2013-11-06 12:43:05 ----D---- C:\Qoobox
2013-11-06 12:42:42 ----D---- C:\windows\erdnt
2013-11-01 11:23:13 ----A---- C:\windows\system32\drivers\usbport.sys
2013-11-01 11:23:13 ----A---- C:\windows\system32\drivers\usbehci.sys
2013-11-01 11:23:13 ----A---- C:\windows\system32\drivers\usbccgp.sys
2013-11-01 11:23:12 ----A---- C:\windows\system32\drivers\usbuhci.sys
2013-11-01 11:23:12 ----A---- C:\windows\system32\drivers\usbohci.sys
2013-11-01 11:23:12 ----A---- C:\windows\system32\drivers\usbhub.sys
2013-11-01 11:23:12 ----A---- C:\windows\system32\drivers\usbd.sys
2013-11-01 10:06:35 ----D---- C:\Program Files (x86)\Microsoft Works
2013-11-01 10:06:24 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2013-11-01 10:05:05 ----D---- C:\Program Files\Microsoft Office
2013-11-01 10:04:28 ----D---- C:\ProgramData\Microsoft Help
2013-11-01 10:04:11 ----RD---- C:\MSOCache
2013-10-27 20:58:17 ----D---- C:\Users\David\AppData\Roaming\LolClient
2013-10-27 17:31:07 ----A---- C:\windows\SYSWOW64\XAudio2_2.dll
2013-10-27 17:31:07 ----A---- C:\windows\SYSWOW64\XAPOFX1_1.dll
2013-10-27 17:31:06 ----A---- C:\windows\SYSWOW64\d3dx10_39.dll
2013-10-27 17:31:06 ----A---- C:\windows\SYSWOW64\D3DCompiler_39.dll
2013-10-27 17:31:04 ----A---- C:\windows\SYSWOW64\D3DX9_39.dll
2013-10-27 17:29:47 ----SHD---- C:\windows\SYSWOW64\AI_RecycleBin
2013-10-27 17:29:46 ----D---- C:\Riot Games
2013-10-27 17:28:02 ----D---- C:\ProgramData\PMB Files
2013-10-27 17:27:55 ----D---- C:\Program Files (x86)\Pando Networks
2013-10-26 18:57:59 ----D---- C:\Users\David\AppData\Roaming\Riot Games
2013-10-18 11:23:05 ----D---- C:\Users\David\AppData\Roaming\AVAST Software
2013-10-18 11:22:32 ----A---- C:\windows\system32\drivers\aswVmm.sys
2013-10-18 11:22:32 ----A---- C:\windows\system32\drivers\aswTdi.sys
2013-10-18 11:22:32 ----A---- C:\windows\system32\drivers\aswsp.sys
2013-10-18 11:22:32 ----A---- C:\windows\system32\drivers\aswSnx.sys
2013-10-18 11:22:32 ----A---- C:\windows\system32\drivers\aswRvrt.sys
2013-10-18 11:22:32 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2013-10-18 11:22:32 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2013-10-18 11:22:32 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2013-10-18 11:22:30 ----A---- C:\windows\system32\aswBoot.exe
2013-10-18 11:22:28 ----A---- C:\windows\avastSS.scr
2013-10-14 11:01:52 ----D---- C:\Users\David\AppData\Roaming\Malwarebytes
2013-10-14 11:01:41 ----D---- C:\ProgramData\Malwarebytes
2013-10-14 11:01:39 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

======List of files/folders modified in the last 1 month======

2013-11-11 22:55:18 ----D---- C:\Program Files\trend micro
2013-11-11 22:34:16 ----D---- C:\Users\David\AppData\Roaming\Xfire
2013-11-11 22:34:16 ----D---- C:\ProgramData\Xfire
2013-11-11 22:33:39 ----D---- C:\Program Files (x86)\Xfire2
2013-11-11 19:03:03 ----D---- C:\windows\system32\config
2013-11-11 18:53:29 ----D---- C:\windows\System32
2013-11-11 18:53:29 ----D---- C:\windows\inf
2013-11-11 18:53:29 ----A---- C:\windows\system32\PerfStringBackup.INI
2013-11-11 18:52:27 ----D---- C:\windows\system32\drivers
2013-11-11 18:50:53 ----A---- C:\windows\SYSWOW64\log.txt
2013-11-11 18:48:56 ----D---- C:\Windows
2013-11-11 18:48:56 ----A---- C:\windows\system.ini
2013-11-11 18:48:50 ----D---- C:\windows\system32\drivers\etc
2013-11-11 18:46:59 ----RD---- C:\Program Files (x86)
2013-11-11 18:44:28 ----D---- C:\windows\SYSWOW64\drivers
2013-11-11 18:44:28 ----D---- C:\windows\SysWOW64
2013-11-11 18:44:28 ----D---- C:\windows\AppPatch
2013-11-11 18:44:26 ----D---- C:\Program Files (x86)\Common Files
2013-11-11 18:39:18 ----SHD---- C:\System Volume Information
2013-11-10 17:08:25 ----D---- C:\windows\Prefetch
2013-11-08 12:52:09 ----D---- C:\Config.Msi
2013-11-07 00:50:46 ----D---- C:\ProgramData
2013-11-06 21:23:10 ----SHD---- C:\windows\Installer
2013-11-06 21:22:54 ----RD---- C:\Program Files
2013-11-04 00:13:06 ----A---- C:\windows\win.ini
2013-11-03 00:37:22 ----D---- C:\windows\winsxs
2013-11-03 00:36:49 ----RSD---- C:\windows\assembly
2013-11-03 00:36:27 ----RSD---- C:\windows\Fonts
2013-11-02 11:43:01 ----D---- C:\windows\system32\DriverStore
2013-11-02 02:09:45 ----D---- C:\windows\system32\catroot2
2013-11-01 11:22:22 ----D---- C:\windows\system32\catroot
2013-11-01 10:22:17 ----SD---- C:\Users\David\AppData\Roaming\Microsoft
2013-11-01 10:06:28 ----D---- C:\Program Files (x86)\Microsoft Office
2013-11-01 10:06:22 ----D---- C:\windows\ShellNew
2013-11-01 10:06:04 ----SD---- C:\ProgramData\Microsoft
2013-11-01 10:06:04 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-11-01 10:05:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-10-31 00:16:56 ----D---- C:\Users\David\AppData\Roaming\uTorrent
2013-10-27 17:36:38 ----D---- C:\windows\system32\Tasks
2013-10-27 17:29:48 ----D---- C:\windows\Tasks
2013-10-27 16:18:53 ----A---- C:\windows\SYSWOW64\PnkBstrB.exe
2013-10-27 16:12:12 ----D---- C:\Program Files (x86)\Origin
2013-10-26 10:59:07 ----D---- C:\windows\system32\wbem
2013-10-26 10:58:35 ----D---- C:\windows\system32\wfp
2013-10-26 10:58:33 ----D---- C:\windows\AppCompat
2013-10-26 10:58:33 ----D---- C:\Users\David\AppData\Roaming\OpenCandy
2013-10-26 10:58:29 ----D---- C:\windows\registration
2013-10-19 09:42:40 ----D---- C:\ProgramData\Partner
2013-10-18 13:12:15 ----D---- C:\windows\rescache
2013-10-18 12:42:58 ----D---- C:\windows\Microsoft.NET
2013-10-18 11:21:45 ----D---- C:\ProgramData\AVAST Software
2013-10-18 10:16:12 ----D---- C:\windows\system32\CodeIntegrity
2013-10-17 16:31:33 ----D---- C:\AdwCleaner
2013-10-14 13:01:43 ----D---- C:\Users\David\AppData\Roaming\AVG2014
2013-10-14 13:01:42 ----D---- C:\ProgramData\MFAData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2013-10-18 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2013-10-18 205320]
R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2011-04-27 57952]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-09-13 437272]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2011-04-27 39008]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-09 25960]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; \??\C:\windows\system32\drivers\aswRdr2.sys [2013-10-18 92544]
R1 aswSnx;aswSnx; \??\C:\windows\system32\drivers\aswSnx.sys [2013-10-18 1032416]
R1 aswSP;aswSP; \??\C:\windows\system32\drivers\aswSP.sys [2013-11-10 409832]
R1 aswTdi;aswTdi; \??\C:\windows\system32\drivers\aswTdi.sys [2013-10-18 65264]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2011-04-27 13408]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-02 283064]
R1 EgisTecFF;EgisTecFF; C:\windows\system32\DRIVERS\EgisTecFF.sys [2011-04-27 55880]
R1 mwlPSDFilter;mwlPSDFilter; C:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-04-27 22912]
R1 mwlPSDNServ;mwlPSDNServ; C:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-04-27 20328]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-04-27 62584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; \??\C:\windows\system32\drivers\aswFsBlk.sys [2013-10-18 38984]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2013-10-18 84328]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys); C:\windows\System32\Drivers\FPSensor.sys [2010-10-31 35952]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2011-04-27 29792]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-10-28 4716608]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2011-02-15 107560]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2011-02-15 138280]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2011-02-15 21416]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2010-12-24 31088]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-12-16 12256512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2011-01-04 2697448]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\usbvideo.sys [2013-07-12 185344]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-11-12 1400368]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-18 50344]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2011-02-15 956192]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 EgisTec Service Help;EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service; C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-14 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-14 650096]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-20 325656]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvvsvc.exe [2011-02-09 993896]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-09 2009704]
R2 PnkBstrA;PnkBstrA; C:\windows\syswow64\PnkBstrA.exe [2013-09-03 76888]
R2 RzKLService;RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2013-09-18 106472]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-08 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-09-01 194032]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2013-09-02 1255736]
S4 NetMsmqActivator;@c:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetPipeActivator;@c:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetTcpActivator;@c:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

-----------------EOF-----------------

[Márty84]

Jeste jeden sken a budem mazat



Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[Jaqkes]

Dobrý den,
Velice se omlouvám za zpoždění, ale bohužel jsem opravdu neměl ani trochu času.

Spustil jsem OTL, tak jak jste říkal, ale pro jistotu jsem si udělal screen, protože to pak hodilo chybu.
Takže počáteční nastavení je zde:
http://screenshot.cz/BLO1O/

A ta chyba je tady:
http://screenshot.cz/0DXVI/
Dal jsem OK ale program zůstal asi 15 minut pořád u toho Scanning HKEY, tak jsem to vypnul.

[Márty84]

Pocitac byl celou tu dobu pouzivany? Jestli ano, tak po tak dlouhe dobe tam zas muze byt vsechno jinak a to co uz jsme odstranili davno muze byt zpet


Dejte aktualni log z RSIT


Obcas se to stane, ze OTL tuhle chybku vyhodi

Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

[Jaqkes]

Dobrý den,
Ano, počítač jsem používal, ale nic jsem nestahoval. Projel jsem si zprávy na internetu, vide z portálu jako je: navratdoreality.cz. Jediné stažené věci jsou buď do školy a nebo updaty do mých dvou free-to-play her. Tak snad toho nebude tolik. Každopádně se omlouvám a doufám že to zase všechno nebudeme muset opakovat.

RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by David at 2013-12-03 09:35:08
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 344 GB (80%) free of 432 GB
Total RAM: 4010 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:35:11, on 3.12.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CrossriderApp0035382 - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho.dll (file missing)
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\39cad843-0d7b-4184-a27f-e50f225f65a1.exe /check
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-3440131790-827048697-2130922516-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3440131790-827048697-2130922516-1000\..\Run: [FactoryTest] C:\Windows\Test.bat (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3440131790-827048697-2130922516-1000\..\Run: [Power2GoExpress] NA (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3440131790-827048697-2130922516-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10521 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
winlogon.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe"
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\system32\WLANExt.exe 28137024
\??\C:\windows\system32\conhost.exe "1281370209736877641582813526-1081780761-750178207864943621-386795585-914022339
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
C:\windows\SysWOW64\PnkBstrA.exe
taskeng.exe {0DD30AFC-9483-4906-8F2A-84D17146E157}
"C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe" -autorun
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
C:\windows\SysWOW64\RunDll32.exe "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4180.0.1511182327\21522483" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2266 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R1_ExperimentC/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --disable-accelerated-video-decode --channel="4180.1.383203035\1839017970" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R1_ExperimentC/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4180.2.867659236\317146129" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R1_ExperimentC/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4180.3.706713967\440073361" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R1_ExperimentC/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4180.4.2073510775\2116943905" /prefetch:673131151
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 5108
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R1_ExperimentC/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4180.29.917921437\867604205" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R1_ExperimentC/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4180.30.1009875266\1134712502" /prefetch:673131151
"C:\Users\David\Downloads\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-10-18 1567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9}]
EgisPBIE Class - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2010-12-14 857968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-09 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}]
hosts - C:\Program Files (x86)\hosts\hosts-bho.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9}]
EgisPBIE Class - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll [2010-12-14 635248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-10-18 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-09 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-09 256080]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-10-18 1567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-09 194640]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-10-18 606544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-01-11 167960]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-01-11 391704]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-01-11 418328]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-01-04 11772520]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-11-12 2473568]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2011-04-27 9769888]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2011-04-27 5908928]
"Lenovo EE Boot Optimizer"=C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [2011-04-27 114688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-04-27 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-08-01 3673696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-11-05 407920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-11-05 202096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLTSR]
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [2010-10-22 364400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-04-27 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VitaKeyTSR]
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [2010-12-14 383344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage]
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24 136488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-12-24 224352]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-10-18 3567800]
"20131121"=C:\Program Files\AVAST Software\Avast\setup\emupdate\39cad843-0d7b-4184-a27f-e50f225f65a1.exe [2013-11-23 180184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-12-16 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-11-19 19:20:03 ----A---- C:\windows\system32\IEUDINIT.EXE
2013-11-19 19:15:51 ----A---- C:\windows\SYSWOW64\elshyph.dll
2013-11-19 19:15:51 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\wininet.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\wextract.exe
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\webcheck.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\vbscript.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\urlmon.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\url.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\SetIEInstalledDate.exe
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\RegisterIEPKEYs.exe
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\pngfilt.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\occache.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\msrating.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\msls31.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\mshtmler.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\mshtml.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\mshta.exe
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\jsIntl.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\jscript9.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\jscript.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\inseng.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\imgutil.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\iexpress.exe
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\ieui.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\iesysprep.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\iesetup.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\iertutil.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\iernonce.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\iepeers.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\ieframe.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\ieapfltr.dat
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\IEAdvpack.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\icardie.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2013-11-19 19:15:45 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\wininet.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\wextract.exe
2013-11-19 19:15:45 ----A---- C:\windows\system32\webcheck.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\vbscript.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\urlmon.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\url.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\SetIEInstalledDate.exe
2013-11-19 19:15:45 ----A---- C:\windows\system32\RegisterIEPKEYs.exe
2013-11-19 19:15:45 ----A---- C:\windows\system32\pngfilt.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\occache.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\msrating.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\msls31.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\mshtmlmedia.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\mshtmler.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\mshtmled.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\MshtmlDac.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\mshtml.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\mshta.exe
2013-11-19 19:15:45 ----A---- C:\windows\system32\msfeedssync.exe
2013-11-19 19:15:45 ----A---- C:\windows\system32\msfeedsbs.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\msfeeds.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\licmgr10.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\jsproxy.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\jsIntl.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\jscript9diag.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\jscript9.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\jscript.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\inseng.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\imgutil.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\iexpress.exe
2013-11-19 19:15:45 ----A---- C:\windows\system32\ieUnatt.exe
2013-11-19 19:15:45 ----A---- C:\windows\system32\ieui.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\iesysprep.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\iesetup.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\iertutil.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\iernonce.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\iepeers.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\ieframe.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\ieetwproxystub.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\ieetwcollectorres.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\ieetwcollector.exe
2013-11-19 19:15:45 ----A---- C:\windows\system32\iedkcs32.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\ieapfltr.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\ieapfltr.dat
2013-11-19 19:15:45 ----A---- C:\windows\system32\IEAdvpack.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\ie4uinit.exe
2013-11-19 19:15:45 ----A---- C:\windows\system32\icardie.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\elshyph.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\dxtrans.dll
2013-11-19 19:15:45 ----A---- C:\windows\system32\dxtmsft.dll
2013-11-13 13:35:59 ----A---- C:\windows\SYSWOW64\SmartcardCredentialProvider.dll
2013-11-13 13:35:59 ----A---- C:\windows\SYSWOW64\credui.dll
2013-11-13 13:35:59 ----A---- C:\windows\SYSWOW64\authui.dll
2013-11-13 13:35:59 ----A---- C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 13:35:59 ----A---- C:\windows\system32\credui.dll
2013-11-13 13:35:59 ----A---- C:\windows\system32\authui.dll
2013-11-13 13:35:57 ----A---- C:\windows\system32\drivers\afd.sys
2013-11-13 13:35:55 ----A---- C:\windows\system32\crypt32.dll
2013-11-13 13:35:54 ----A---- C:\windows\SYSWOW64\crypt32.dll
2013-11-13 13:35:51 ----A---- C:\windows\SYSWOW64\schannel.dll
2013-11-13 13:35:51 ----A---- C:\windows\system32\sspicli.dll
2013-11-13 13:35:51 ----A---- C:\windows\system32\schannel.dll
2013-11-13 13:35:51 ----A---- C:\windows\system32\lsasrv.dll
2013-11-13 13:35:51 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2013-11-13 13:35:51 ----A---- C:\windows\system32\drivers\ksecdd.sys
2013-11-13 13:35:51 ----A---- C:\windows\system32\drivers\cng.sys
2013-11-13 13:35:50 ----A---- C:\windows\SYSWOW64\sspicli.dll
2013-11-13 13:35:50 ----A---- C:\windows\SYSWOW64\secur32.dll
2013-11-13 13:35:50 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2013-11-13 13:35:50 ----A---- C:\windows\system32\sspisrv.dll
2013-11-13 13:35:50 ----A---- C:\windows\system32\secur32.dll
2013-11-13 13:35:50 ----A---- C:\windows\system32\ncrypt.dll
2013-11-13 13:35:50 ----A---- C:\windows\system32\lsass.exe
2013-11-13 13:35:47 ----A---- C:\windows\SYSWOW64\gdi32.dll
2013-11-13 13:35:47 ----A---- C:\windows\system32\gdi32.dll
2013-11-13 13:35:46 ----A---- C:\windows\SYSWOW64\nshwfp.dll
2013-11-13 13:35:46 ----A---- C:\windows\SYSWOW64\FWPUCLNT.DLL
2013-11-13 13:35:46 ----A---- C:\windows\system32\nshwfp.dll
2013-11-13 13:35:46 ----A---- C:\windows\system32\IKEEXT.DLL
2013-11-13 13:35:46 ----A---- C:\windows\system32\FWPUCLNT.DLL
2013-11-11 18:52:23 ----A---- C:\ComboFix.txt
2013-11-11 18:48:53 ----D---- C:\$RECYCLE.BIN
2013-11-11 18:47:34 ----D---- C:\windows\temp
2013-11-07 09:03:29 ----HD---- C:\windows\msdownld.tmp
2013-11-07 09:03:29 ----D---- C:\windows\SYSWOW64\directx
2013-11-07 00:50:46 ----D---- C:\ProgramData\WarThunder
2013-11-07 00:50:15 ----D---- C:\Program Files (x86)\WarThunder
2013-11-06 21:26:21 ----D---- C:\Users\David\AppData\Roaming\3909
2013-11-06 21:25:46 ----D---- C:\GOG Games
2013-11-06 21:22:55 ----D---- C:\ProgramData\WinZip
2013-11-06 21:22:54 ----D---- C:\Program Files\WinZip
2013-11-06 12:44:16 ----A---- C:\windows\zip.exe
2013-11-06 12:44:16 ----A---- C:\windows\SWSC.exe
2013-11-06 12:44:16 ----A---- C:\windows\SWREG.exe
2013-11-06 12:44:16 ----A---- C:\windows\sed.exe
2013-11-06 12:44:16 ----A---- C:\windows\PEV.exe
2013-11-06 12:44:16 ----A---- C:\windows\NIRCMD.exe
2013-11-06 12:44:16 ----A---- C:\windows\MBR.exe
2013-11-06 12:44:16 ----A---- C:\windows\grep.exe
2013-11-06 12:43:05 ----D---- C:\Qoobox
2013-11-06 12:42:42 ----D---- C:\windows\erdnt

======List of files/folders modified in the last 1 month======

2013-12-03 09:35:11 ----D---- C:\windows\Prefetch
2013-12-03 09:35:10 ----D---- C:\Program Files\trend micro
2013-12-03 09:34:00 ----D---- C:\Users\David\AppData\Roaming\Xfire
2013-12-03 09:34:00 ----D---- C:\ProgramData\Xfire
2013-12-03 09:08:30 ----D---- C:\windows\System32
2013-12-03 09:08:30 ----D---- C:\windows\inf
2013-12-03 09:08:30 ----A---- C:\windows\system32\PerfStringBackup.INI
2013-12-03 09:07:34 ----SHD---- C:\System Volume Information
2013-12-03 09:04:28 ----A---- C:\windows\SYSWOW64\log.txt
2013-12-03 09:03:55 ----D---- C:\Program Files (x86)\Xfire2
2013-12-03 09:02:25 ----D---- C:\windows\system32\config
2013-12-02 16:35:38 ----D---- C:\ProgramData\PMB Files
2013-11-27 21:27:35 ----D---- C:\windows\system32\catroot2
2013-11-23 20:47:50 ----D---- C:\Program Files (x86)\Origin
2013-11-23 17:09:42 ----D---- C:\windows\SysWOW64
2013-11-23 17:09:37 ----A---- C:\windows\SYSWOW64\PnkBstrB.exe
2013-11-21 14:21:45 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2013-11-20 13:28:37 ----D---- C:\windows\rescache
2013-11-19 21:02:11 ----D---- C:\windows\winsxs
2013-11-19 21:01:04 ----D---- C:\Program Files (x86)\Internet Explorer
2013-11-19 21:01:03 ----D---- C:\windows\SYSWOW64\cs-CZ
2013-11-19 21:01:03 ----D---- C:\windows\system32\cs-CZ
2013-11-19 21:01:03 ----D---- C:\Program Files\Internet Explorer
2013-11-19 21:01:00 ----D---- C:\windows\SYSWOW64\migration
2013-11-19 21:00:59 ----D---- C:\windows\SYSWOW64\en-US
2013-11-19 21:00:55 ----D---- C:\windows\system32\migration
2013-11-19 21:00:55 ----D---- C:\windows\PolicyDefinitions
2013-11-19 21:00:54 ----D---- C:\windows\system32\en-US
2013-11-19 19:20:03 ----D---- C:\windows\Logs
2013-11-19 19:19:36 ----D---- C:\windows\system32\catroot
2013-11-19 19:14:26 ----D---- C:\Windows
2013-11-17 09:32:45 ----RSD---- C:\windows\Fonts
2013-11-15 10:57:17 ----D---- C:\windows\system32\drivers
2013-11-13 17:46:17 ----SHD---- C:\windows\Installer
2013-11-13 17:46:17 ----D---- C:\ProgramData\Microsoft Help
2013-11-13 17:46:17 ----D---- C:\Config.Msi
2013-11-13 17:45:35 ----D---- C:\windows\system32\MRT
2013-11-13 17:43:35 ----A---- C:\windows\system32\MRT.exe
2013-11-12 22:29:45 ----D---- C:\windows\system32\Tasks
2013-11-11 18:48:56 ----A---- C:\windows\system.ini
2013-11-11 18:48:50 ----D---- C:\windows\system32\drivers\etc
2013-11-11 18:46:59 ----RD---- C:\Program Files (x86)
2013-11-11 18:44:28 ----D---- C:\windows\SYSWOW64\drivers
2013-11-11 18:44:28 ----D---- C:\windows\AppPatch
2013-11-11 18:44:26 ----D---- C:\Program Files (x86)\Common Files
2013-11-11 05:50:16 ----N---- C:\windows\system32\MpSigStub.exe
2013-11-07 00:50:46 ----D---- C:\ProgramData
2013-11-06 21:22:54 ----RD---- C:\Program Files
2013-11-04 00:13:06 ----A---- C:\windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2013-10-18 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2013-10-18 205320]
R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2011-04-27 57952]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-09-13 437272]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2011-04-27 39008]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-09 25960]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; \??\C:\windows\system32\drivers\aswRdr2.sys [2013-10-18 92544]
R1 aswSnx;aswSnx; \??\C:\windows\system32\drivers\aswSnx.sys [2013-10-18 1032416]
R1 aswSP;aswSP; \??\C:\windows\system32\drivers\aswSP.sys [2013-11-10 409832]
R1 aswTdi;aswTdi; \??\C:\windows\system32\drivers\aswTdi.sys [2013-10-18 65264]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2011-04-27 13408]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-02 283064]
R1 EgisTecFF;EgisTecFF; C:\windows\system32\DRIVERS\EgisTecFF.sys [2011-04-27 55880]
R1 mwlPSDFilter;mwlPSDFilter; C:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-04-27 22912]
R1 mwlPSDNServ;mwlPSDNServ; C:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-04-27 20328]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-04-27 62584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; \??\C:\windows\system32\drivers\aswFsBlk.sys [2013-10-18 38984]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2013-10-18 84328]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys); C:\windows\System32\Drivers\FPSensor.sys [2010-10-31 35952]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2011-04-27 29792]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-10-28 4716608]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2011-02-15 107560]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2011-02-15 138280]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2011-02-15 21416]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2010-12-24 31088]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-12-16 12256512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2011-01-04 2697448]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\usbvideo.sys [2013-07-12 185344]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-11-12 1400368]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-18 50344]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2011-02-15 956192]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 EgisTec Service Help;EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service; C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-14 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-14 650096]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-20 325656]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvvsvc.exe [2011-02-09 993896]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-09 2009704]
R2 PnkBstrA;PnkBstrA; C:\windows\syswow64\PnkBstrA.exe [2013-09-03 76888]
R2 RzKLService;RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2013-09-18 106472]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-08 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-09-01 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2013-11-19 111616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2013-09-02 1255736]
S4 NetMsmqActivator;@c:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetPipeActivator;@c:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetTcpActivator;@c:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

-----------------EOF-----------------

EXTRAS:

OTL Extras logfile created on: 12/3/2013 9:39:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.92 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 56.52% Memory free
7.83 Gb Paging File | 5.93 Gb Available in Paging File | 75.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 336.21 Gb Free Space | 79.71% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.60 Gb Free Space | 91.75% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3440131790-827048697-2130922516-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{125997FE-3BF3-435D-A7E9-669307FDA874}" = rport=139 | protocol=6 | dir=out | app=system |
"{12CAC480-6F13-46B5-866E-DA9D50A5B53F}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{169D6414-B56A-4F11-B1BC-C3638308D1C8}" = lport=56402 | protocol=6 | dir=in | name=pando media booster |
"{179BE30C-376F-476B-8B7D-62317BED3E41}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{24060C46-2401-4956-90EF-7546489EBA0B}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{300062F0-EE40-477A-B20F-B541290E127C}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B82C84E-3CA1-42A1-8D5E-4A66616F7F38}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3D013725-EB4C-4CE6-B51A-71D1B4DB7873}" = rport=137 | protocol=17 | dir=out | app=system |
"{3DAC2AF7-6C2C-4FA7-89DC-E648301A02FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F0A7409-2B14-4B95-B035-E7C3A78E52AB}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{4786DC9A-2438-4181-BF6E-BD789F222778}" = lport=10243 | protocol=6 | dir=in | app=system |
"{54E51472-02C9-4CAA-9937-5B69687CF4B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C4A7765-F739-479C-8C6E-EABB16D4C016}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63855997-8A66-46C6-9D2F-7ACBF1053A24}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{680734E4-29F7-48BF-802C-F7238A1F8549}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7155C4EE-B8E4-4483-99B0-0D4463D574F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{76CB5CBF-92A7-4E2C-A34D-30AC9B200231}" = rport=10243 | protocol=6 | dir=out | app=system |
"{77D8F109-8F24-4856-984E-F846FCDCAD16}" = lport=56402 | protocol=17 | dir=in | name=pando media booster |
"{84BD74BE-D736-4236-A2F9-8C9E36FC2E15}" = lport=445 | protocol=6 | dir=in | app=system |
"{87D3F30C-8A22-4911-B922-5FE663BC523B}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{8CED38DC-3988-49D7-83BE-4E9B696DFDB6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96122B43-D608-4C1A-83B5-99653DC1B5DA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{99932E52-B444-4DF7-96FA-8B2B6E1FB944}" = lport=139 | protocol=6 | dir=in | app=system |
"{9FD348BF-0AA5-44F7-9A2F-41814C60E9C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A831CE96-A448-48B1-8A3F-08ED6773999C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC76B441-44E3-42C2-B694-CD6E34F63688}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{B6D2A886-9FB0-4087-B1D9-BD10FD5A054E}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{BFF77DDB-9DA4-4F6D-8065-04A3D1985D7E}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{C10239A3-78D2-4C8C-BDDA-BDFE10E5BC15}" = rport=445 | protocol=6 | dir=out | app=system |
"{CCE71208-6BFD-4DF7-B343-F14FD3671459}" = lport=56402 | protocol=17 | dir=in | name=pando media booster |
"{CFB60058-A769-48BA-9B0B-2E063CED5D50}" = lport=138 | protocol=17 | dir=in | app=system |
"{E559241D-638E-4DFF-8F0B-3CA645528189}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E611DADD-FA59-492C-BFE5-54845FAFEFB3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E62DB052-9BA2-46D7-B812-80EBD40A17AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED48DE21-5598-4336-A252-5D1F5BD6CF98}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED889B6A-1726-4349-994E-6D19C7F8F7C0}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{F01B1786-756A-4471-8BD3-D12EF76669AB}" = lport=56402 | protocol=6 | dir=in | name=pando media booster |
"{F89DB82B-DBB1-4306-94EF-F50B21DEE84E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0060C2E6-2C3D-41CA-88F4-605494BA1BA0}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{035A3DC3-30C3-4E2E-A124-F69B8F6601BC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{036B6CFF-E6F8-4FF1-85C8-F178BA45F6B7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{094D6D9C-4217-47B2-90E8-FD1FC6D3C208}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{09703E90-B3B3-4426-97EB-0830FBF953A0}" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\utorrent\utorrent.exe |
"{0BC8B155-B0DC-4EDF-923A-A466EEF7EFF6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{20B75D70-0F68-47E4-80B2-CDF4D22918AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21BD797A-8614-42C3-A28E-E94C8A77510D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{24BCA417-0942-4628-87AE-E5BBA2BA398A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{28589860-FDE3-4CF1-AF05-1EA04A7FF912}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F9871F6-C64A-4B28-8F60-34B50C039F23}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{3068AB42-BFB7-4A10-8E55-8483103828C7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{32FE685F-155E-457F-9A13-6818C36D508B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4182AFBF-DF63-4097-8EF2-0ECB2359F1D4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{424BBCAD-7056-4F91-933F-10341E515CE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{47B8C571-74E0-4EA6-8F0E-6997DD15DECA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{49B4114F-CC0A-4E6B-A48D-7AB21358DB05}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{4AD9FE10-EED1-4911-9154-D018B5FD194D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5386E6EE-8095-4D59-82F2-81AB8C097818}" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\utorrent\utorrent.exe |
"{5B71BC00-F603-45D5-88AE-E8DE55D5E1FA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{5D10329D-4C70-498B-98E5-2EB9FA48AAE8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5F782326-082A-4035-B5C1-3AC6D51BE825}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6B3545DF-BE22-4751-8217-05A967EA7693}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F6B0086-D8BD-415A-9034-8DE572FDFC87}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7A07A54C-20F7-448A-947D-451B945854E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CC4947D-CBFF-49FD-A0F2-CABEFB003DDF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7F17DFCB-EBFD-46DC-9B85-6FD1376D1C59}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{82375AA5-EB66-44DD-98CC-6BD7FE9200FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8589D9F6-5132-4AF2-A505-D25E56AA3BC7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8623D45A-5DD1-4223-9BA9-0A694DE50D0F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{86CDBC31-CF61-4439-8739-C03EA07E10FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{876F4AE4-D92B-41C7-AB5B-8E9DC1323683}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8832E4D5-EC67-4D7B-81B8-319E1B8C0BA9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{89ADE2E6-FB1A-4B86-B037-752049865A82}" = protocol=6 | dir=out | app=system |
"{8A33859E-D514-40C1-B282-23A8448BF60F}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mirrors edge\binaries\mirrorsedge.exe |
"{8B7D7744-0627-46AE-9713-1D137ED7BFD6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9D54E32D-513D-443B-9F1C-32E00B5A3649}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A0798717-BE21-42BE-A5A6-DC2212CC2F83}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{A3CFAA17-ECBA-40AF-A26D-75B8C41BF62A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABEDC4B0-12EC-48B2-8385-43F7AABCF7D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE467B2D-22D3-4225-87FD-FC6EAEB88B28}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{C19FB4E7-820A-4958-885B-F597A297ED0B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{C79DF3CF-3EE5-42F1-A038-B081E36C9015}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CBF46BA5-0114-4F02-B762-28EA8FEECC6B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CC7EDC20-4B37-47A1-9FF0-415A5A4FB8C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D399E533-B54A-498B-84E5-2502D4FED4A3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D4FF46A8-3162-4333-B81D-FA369C55F284}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{D724EA4E-FA1A-406B-8909-26E332F3D2ED}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{DCC80A0D-2A54-439B-9B34-D14E3250BC00}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mirrors edge\binaries\mirrorsedge.exe |
"{DD796D89-74A5-4F2D-B90C-6047B0CB8E2C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DDDED85B-3C15-48C2-90F7-01859528D105}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E3B6E733-9756-44E9-B7B5-73805D6A0AE1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{E6D701F6-BD6F-4E67-AAD3-4F0E7F8F26EE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E91AB66D-C327-46FB-89B4-064D558C2414}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{EE280DE4-F049-4AC5-94AC-9333907AA438}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{EEE2B612-03F1-452E-AF54-C0CBCBA5AD3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F38698D1-B74B-4343-AD1C-B41748D4328B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{F540A6BC-E73D-41A0-BA66-EAE902D8C109}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F95AE8C1-E530-4031-A8CD-394FF5572669}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"TCP Query User{804FA9A6-608D-42A8-BAFD-3BAA175EE7B6}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"TCP Query User{931956BB-97A7-4008-AD33-FB948350294B}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |
"TCP Query User{E182D93B-12E0-41B1-8982-275CD6AC8A85}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |
"TCP Query User{E46AFAF7-41C6-4E79-A710-E3C26DC9EBBA}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"TCP Query User{E9E08C79-F38E-4EDE-AD57-BC1F369C3B65}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"UDP Query User{0311BAA3-1EA4-4DBD-82DF-367BC0DD6C48}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"UDP Query User{103FE99E-5EC3-47A8-969D-C3FCB291D7F7}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |
"UDP Query User{176A1151-354C-4EBC-AF2E-DAA26781DFC4}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |
"UDP Query User{99F69AD7-50DD-428B-BAA7-8E2F3CD47664}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"UDP Query User{CE15E5D2-4837-4DD1-8688-76949C26B369}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5 CSY Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{A4F0DB87-3269-34FE-AFFE-4168FDFA4A22}" = Microsoft .NET Framework 4.5 CSY Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.04
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.04
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}" = WinZip 17.5
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{99BEB67F-B288-44F5-8B2A-23F5A52FA1AE}_is1" = Universal AntiCheat 3 v1.081 r2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Czech
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.278
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"Avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"bi_uninstaller" = Bundled software uninstaller
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"GOGPACKPAPERSPLEASE_is1" = Papers, Please
"Google Chrome" = Google Chrome
"hosts" = hosts
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"League of Legends 3.0.1" = League of Legends
"Origin" = Origin
"PROR" = Microsoft Office Professional 2007
"PunkBusterSvc" = PunkBuster Services
"Razer Game Booster_is1" = Razer Game Booster
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"XfireCodec" = Xfire Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3440131790-827048697-2130922516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MMA Client" = MMA Client
"SeznamInstall" = Seznam Software

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2013 9:15:39 AM | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Generování kontextu aktivace pro C:\Program Files\WinZip\adxloader.dll.Manifest
se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files\WinZip\adxloader.dll.Manifest
na řádku 2. Kořenový prvek souboru manifestu musí být symbolická adresa.

Error - 11/13/2013 8:28:07 AM | Computer Name = David-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/13/2013 9:30:58 AM | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Generování kontextu aktivace pro C:\Program Files\WinZip\adxloader.dll.Manifest
se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files\WinZip\adxloader.dll.Manifest
na řádku 2. Kořenový prvek souboru manifestu musí být symbolická adresa.

Error - 11/15/2013 5:59:48 AM | Computer Name = David-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/15/2013 2:45:25 PM | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Generování kontextu aktivace pro C:\Program Files\WinZip\adxloader.dll.Manifest
se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files\WinZip\adxloader.dll.Manifest
na řádku 2. Kořenový prvek souboru manifestu musí být symbolická adresa.

Error - 11/17/2013 3:34:32 AM | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Generování kontextu aktivace pro C:\Program Files\WinZip\adxloader.dll.Manifest
se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files\WinZip\adxloader.dll.Manifest
na řádku 2. Kořenový prvek souboru manifestu musí být symbolická adresa.

Error - 11/17/2013 10:01:36 AM | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Generování kontextu aktivace pro C:\Program Files\WinZip\adxloader.dll.Manifest
se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files\WinZip\adxloader.dll.Manifest
na řádku 2. Kořenový prvek souboru manifestu musí být symbolická adresa.

Error - 11/18/2013 12:26:06 PM | Computer Name = David-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/19/2013 3:53:55 AM | Computer Name = David-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/19/2013 9:02:27 AM | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Generování kontextu aktivace pro C:\Program Files\WinZip\adxloader.dll.Manifest
se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files\WinZip\adxloader.dll.Manifest
na řádku 2. Kořenový prvek souboru manifestu musí být symbolická adresa.

Error - 11/19/2013 4:02:37 PM | Computer Name = David-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/6/2013 7:52:24 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 11/6/2013 7:52:31 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 11/6/2013 7:52:43 PM | Computer Name = David-PC | Source = DCOM | ID = 10010
Description =

Error - 11/11/2013 1:40:46 PM | Computer Name = David-PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 11/11/2013 1:40:46 PM | Computer Name = David-PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 11/11/2013 1:44:20 PM | Computer Name = David-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 11/11/2013 1:46:56 PM | Computer Name = David-PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 11/11/2013 1:46:57 PM | Computer Name = David-PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 11/11/2013 1:47:38 PM | Computer Name = David-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 11/19/2013 2:14:09 PM | Computer Name = David-PC | Source = DCOM | ID = 10010
Description =


< End of report >

[Jaqkes]

Teď ten otl.txt

OTL.txt:

OTL logfile created on: 12/3/2013 9:39:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.92 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 56.52% Memory free
7.83 Gb Paging File | 5.93 Gb Available in Paging File | 75.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 336.21 Gb Free Space | 79.71% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.60 Gb Free Space | 91.75% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/14 12:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/13 13:33:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2013/10/18 11:22:45 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2013/10/18 11:22:24 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/09/18 11:51:02 | 000,106,472 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
PRC - [2013/09/05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/03 11:06:32 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/02/15 13:26:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2011/02/09 21:41:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/12/24 12:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/14 00:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
PRC - [2010/12/14 00:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
PRC - [2010/10/22 15:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 12:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 12:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 12:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 12:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 12:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/10/18 11:22:25 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/19 19:15:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/18 11:22:24 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/02/15 13:26:42 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/18 11:51:02 | 000,106,472 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2013/09/05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/03 11:06:32 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/02/09 21:41:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/14 00:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
SRV - [2010/12/14 00:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/10/22 15:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/10 11:40:05 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/10/18 11:22:28 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/10/18 11:22:28 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/10/18 11:22:28 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/18 11:22:28 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/18 11:22:28 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/18 11:22:28 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/10/18 11:22:28 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/09/02 22:13:13 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/27 13:09:35 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/04/27 13:09:35 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/04/27 13:07:32 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/04/27 13:07:30 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/04/27 12:56:47 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF)
DRV:64bit: - [2011/04/27 12:50:17 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/27 12:50:17 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/27 12:50:17 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/15 07:45:16 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/02/15 07:45:12 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/02/15 07:45:12 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/02/15 07:45:12 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/02/15 07:45:12 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/02/09 21:41:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/12/24 12:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/16 10:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/30 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/12 02:59:22 | 001,400,368 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/10/31 11:36:56 | 000,035,952 | ---- | M] (Egis Technology Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2010/10/28 11:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/05/31 04:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV - [2013/03/14 13:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Xfire2\XFDriver64.sys -- (XFDriver64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{37DC0D1E-2416-42A8-A477-63E9EC84A548}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{5C8AB764-DB7F-45B4-9746-31AE6134BAFC}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{5E5F054C-E333-48AF-8417-CD41E6E38D88}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_13415
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=i ... NN_csCZ552
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{719C38D5-2E46-4B8A-AB46-E7594427D2E2}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{84AFF26C-8FA0-481C-955B-B8FC93A42CA7}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{933AADB6-AC3F-45B7-9309-15A8CBCB4E09}: "URL" = http://search.ividi.org/?q={searchTerms ... lt=3&r=419
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{9CF494FF-7288-429A-8227-BBC2D0651877}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_13415
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{B0E7BE86-17DB-4A04-A1A2-9C3DC5A47A5B}: "URL" = http://www.novinky.cz/hledej?w={searchT ... arch_13415
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{B3F1432A-51D9-4866-8944-1F61CA446FAA}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{D2450F2C-B89A-4411-AC45-1F4C73283BFC}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_13415
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011/04/27 12:50:10 | 000,000,000 | ---D | M]

[2013/09/03 16:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Seznam Li\u0161ti\u010Dka - Email = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0\
CHR - Extension: Seznam Li\u0161ti\u010Dka - Slovn\u00EDk = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: avast! Online Security = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/11/11 18:48:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (hosts) - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho.dll File not found
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\39cad843-0d7b-4184-a27f-e50f225f65a1.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3440131790-827048697-2130922516-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-3440131790-827048697-2130922516-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-3440131790-827048697-2130922516-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3440131790-827048697-2130922516-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3440131790-827048697-2130922516-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3440131790-827048697-2130922516-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.129.50.20 85.135.32.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76395F2F-AD57-4B3B-93AB-42072F334A49}: DhcpNameServer = 62.129.50.20 85.135.32.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEC4DD24-83A9-4F0E-949B-8EFC20CB8940}: DhcpNameServer = 62.129.50.20 85.135.32.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/19 18:37:48 | 000,001,497 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.XFR1 - C:\windows\SysWow64\xfcodec.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2013/11/26 10:21:44 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A0286C71-0A1B-4779-B50A-AFB15E9CBAC9}
[2013/11/24 10:32:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{D6C1E95E-2BA9-4199-8F72-5A2ADB5CAAF2}
[2013/11/22 10:49:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Apps
[2013/11/22 10:44:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B907C064-3272-40B0-B454-654CD6F1C352}
[2013/11/19 19:20:03 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE
[2013/11/19 19:15:51 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/19 19:15:51 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/11/19 19:15:45 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/19 19:15:45 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/19 19:15:45 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/19 19:15:45 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/11/19 19:15:45 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/11/19 19:15:45 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/11/19 19:15:45 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/19 19:15:45 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/19 19:15:45 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/19 19:15:45 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/19 19:15:45 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/11/19 19:15:45 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/19 19:15:45 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/11/19 19:15:45 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/11/19 19:15:45 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/19 19:15:45 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/19 19:15:45 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/19 19:15:45 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/11/19 19:15:45 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/11/19 19:15:45 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/19 19:15:45 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/11/19 19:15:45 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/11/19 19:15:45 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/11/19 19:15:45 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/11/19 19:15:45 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/11/19 19:15:45 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/11/19 19:15:45 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/11/19 19:15:45 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/19 19:15:45 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/11/19 19:15:45 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/11/19 19:15:45 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/11/19 19:15:45 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/11/19 19:15:45 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/11/19 19:15:45 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/11/19 19:15:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/11/19 19:15:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/19 19:15:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/11/19 19:15:45 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/11/19 19:15:45 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/11/19 19:15:45 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/11/19 19:15:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/11/19 19:15:45 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/19 19:15:45 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/11/19 19:15:45 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/11/19 19:15:45 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/11/19 19:15:45 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/11/19 19:15:45 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/11/19 19:15:45 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/11/19 19:15:45 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/11/19 19:15:45 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/11/19 19:15:45 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/11/19 19:15:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/11/19 19:15:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/11/19 19:15:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/11/19 19:15:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/19 19:15:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/11/19 19:15:45 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/11/19 19:15:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/19 19:15:45 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/11/19 19:15:45 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/11/19 19:15:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/11/19 19:15:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/11/19 19:15:45 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/11/19 19:15:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/11/19 19:15:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/11/19 19:15:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/11/19 19:15:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/19 19:15:45 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/11/19 19:15:45 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/19 19:15:45 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/19 19:15:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/19 19:15:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/11/19 19:15:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/11/19 19:15:45 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/11/19 19:15:45 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/11/19 19:15:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/11/19 19:15:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/11/19 19:15:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/17 12:02:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{A55C09CB-06AC-4F86-B881-17618D2FD99D}
[2013/11/13 13:35:59 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/11/13 13:35:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/11/13 13:35:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll
[2013/11/13 13:35:59 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 13:35:59 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 13:35:55 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/11/13 13:35:51 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/11/13 13:35:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2013/11/13 13:35:50 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/11/13 13:35:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2013/11/13 13:35:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2013/11/13 13:35:47 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/11/13 13:35:46 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/11/13 13:35:46 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/11/13 13:35:46 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/11/13 13:35:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 13:33:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/11/11 18:48:53 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/11/11 18:47:34 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/11/07 09:21:48 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{843457ED-405D-4554-A52D-CF4F363AD5C0}
[2013/11/07 09:10:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{B175CE1E-EADA-41AF-B46D-128359F9BA1A}
[2013/11/07 09:03:29 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx
[2013/11/07 00:50:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WarThunder
[2013/11/07 00:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013/11/07 00:50:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
[2013/11/07 00:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WarThunder
[2013/11/07 00:50:15 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\My Games
[2013/11/06 21:26:21 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\3909
[2013/11/06 21:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2013/11/06 21:25:46 | 000,000,000 | ---D | C] -- C:\GOG Games
[2013/11/06 21:24:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip
[2013/11/06 21:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/11/06 21:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/11/06 21:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/11/06 21:18:56 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Add-in Express
[2013/11/06 12:44:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/11/06 12:44:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/11/06 12:44:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/11/06 12:43:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/06 12:42:42 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/11/06 12:37:01 | 005,145,576 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/03 09:41:25 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/12/03 09:09:46 | 000,021,296 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/03 09:09:46 | 000,021,296 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/03 09:08:30 | 001,584,554 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/03 09:08:30 | 000,669,116 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2013/12/03 09:08:30 | 000,654,464 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/03 09:08:30 | 000,141,744 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2013/12/03 09:08:30 | 000,122,336 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/03 09:02:10 | 000,130,667 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013/12/03 09:01:50 | 000,000,962 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/03 09:01:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/03 09:01:15 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/02 22:45:00 | 000,000,966 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/02 09:00:01 | 000,127,611 | ---- | M] () -- C:\Users\David\Desktop\fu letadla.JPG
[2013/11/29 22:44:01 | 000,329,914 | ---- | M] () -- C:\Users\David\Desktop\OTL Error.png
[2013/11/29 21:45:13 | 000,257,760 | ---- | M] () -- C:\Users\David\Desktop\OTL screen.png
[2013/11/24 23:16:36 | 001,245,159 | ---- | M] () -- C:\Users\David\Desktop\MOBA.png
[2013/11/23 17:09:37 | 000,290,184 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2013/11/23 17:09:37 | 000,290,184 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013/11/23 17:09:10 | 000,280,904 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2013/11/19 19:15:51 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/19 19:15:51 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/11/19 19:15:45 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/19 19:15:45 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/19 19:15:45 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/19 19:15:45 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/11/19 19:15:45 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/11/19 19:15:45 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/11/19 19:15:45 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/19 19:15:45 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/19 19:15:45 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/19 19:15:45 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/19 19:15:45 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/11/19 19:15:45 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/19 19:15:45 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/11/19 19:15:45 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/11/19 19:15:45 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/19 19:15:45 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/19 19:15:45 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/19 19:15:45 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/11/19 19:15:45 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/11/19 19:15:45 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/19 19:15:45 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/11/19 19:15:45 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/11/19 19:15:45 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/11/19 19:15:45 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/11/19 19:15:45 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/11/19 19:15:45 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/11/19 19:15:45 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/11/19 19:15:45 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/19 19:15:45 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/11/19 19:15:45 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/11/19 19:15:45 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/11/19 19:15:45 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/11/19 19:15:45 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/11/19 19:15:45 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/11/19 19:15:45 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/11/19 19:15:45 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/19 19:15:45 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/11/19 19:15:45 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/11/19 19:15:45 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/11/19 19:15:45 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/11/19 19:15:45 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/11/19 19:15:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/19 19:15:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/11/19 19:15:45 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/11/19 19:15:45 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/11/19 19:15:45 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/11/19 19:15:45 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/11/19 19:15:45 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/11/19 19:15:45 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/11/19 19:15:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/11/19 19:15:45 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/11/19 19:15:45 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/11/19 19:15:45 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/11/19 19:15:45 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/11/19 19:15:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/19 19:15:45 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/11/19 19:15:45 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/11/19 19:15:45 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/19 19:15:45 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/11/19 19:15:45 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/11/19 19:15:45 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/11/19 19:15:45 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/11/19 19:15:45 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/11/19 19:15:45 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/11/19 19:15:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/11/19 19:15:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/11/19 19:15:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/19 19:15:45 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/11/19 19:15:45 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/19 19:15:45 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/19 19:15:45 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/19 19:15:45 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/11/19 19:15:45 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/11/19 19:15:45 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/11/19 19:15:45 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/19 19:15:45 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/19 19:15:45 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/11/19 19:15:45 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/11/19 19:15:45 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/11/19 19:15:45 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/18 17:24:38 | 000,433,600 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/13 13:33:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/11/11 18:48:50 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/11/11 18:38:20 | 005,145,576 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/11/10 11:40:05 | 000,409,832 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2013/11/07 00:50:16 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\WarThunder.lnk
[2013/11/06 21:25:50 | 000,001,678 | ---- | M] () -- C:\Users\Public\Desktop\Papers, Please.lnk
[2013/11/06 21:23:09 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/02 08:58:50 | 000,127,611 | ---- | C] () -- C:\Users\David\Desktop\fu letadla.JPG
[2013/11/29 22:44:01 | 000,329,914 | ---- | C] () -- C:\Users\David\Desktop\OTL Error.png
[2013/11/29 21:45:12 | 000,257,760 | ---- | C] () -- C:\Users\David\Desktop\OTL screen.png
[2013/11/24 23:16:36 | 001,245,159 | ---- | C] () -- C:\Users\David\Desktop\MOBA.png
[2013/11/19 19:15:45 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/19 19:15:45 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/13 13:38:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/11/07 00:50:16 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\WarThunder.lnk
[2013/11/06 21:25:50 | 000,001,678 | ---- | C] () -- C:\Users\Public\Desktop\Papers, Please.lnk
[2013/11/06 21:23:09 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/11/06 12:44:16 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/11/06 12:44:16 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/11/06 12:44:16 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/11/06 12:44:16 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/11/06 12:44:16 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/11/03 16:45:47 | 005,802,652 | ---- | C] () -- C:\Users\David\Desktop\Analýza 1-3.pdf
[2013/11/03 16:45:47 | 000,930,707 | ---- | C] () -- C:\Users\David\Desktop\III sada.pdf
[2013/11/03 16:45:47 | 000,163,601 | ---- | C] () -- C:\Users\David\Desktop\Vzorce MAI.jpg
[2013/11/03 16:41:08 | 003,962,343 | ---- | C] () -- C:\Users\David\Desktop\matika2-4.pdf
[2013/11/03 16:39:22 | 000,941,270 | ---- | C] () -- C:\Users\David\Desktop\matika1.pdf
[2013/09/14 14:39:10 | 001,560,204 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/09/03 06:11:17 | 000,290,184 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013/09/03 06:11:15 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2013/09/01 10:55:16 | 000,007,602 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2012/12/28 22:04:22 | 000,036,352 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/06 21:26:21 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\3909
[2013/10/18 11:23:05 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVAST Software
[2013/09/02 20:22:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG
[2013/10/14 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG2014
[2013/09/02 23:13:45 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DAEMON Tools Lite
[2013/10/27 20:58:17 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LolClient
[2013/10/26 10:58:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenCandy
[2013/09/02 14:04:14 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Origin
[2013/10/27 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Riot Games
[2013/09/05 08:55:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Seznam.cz
[2013/09/02 20:28:18 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TuneUp Software
[2013/10/31 00:16:56 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\uTorrent
[2013/09/02 14:10:47 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2013/09/13 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/09/13 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,498 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011/04/27 13:05:38 | 000,000,962 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/04/27 13:05:38 | 000,000,966 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\windows\SysNative\autochk.exe
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\drivers\cdrom.sys
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010/11/21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\windows\SysNative\hal.dll
[2010/11/21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012/10/03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013/09/08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\erdnt\cache64\tcpip.sys
[2013/09/08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\windows\SysNative\drivers\tcpip.sys
[2013/09/08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010/11/21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/09/07 03:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2013/07/06 06:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2012/10/03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[6 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[1 C:\windows\temp\*.tmp files -> C:\windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013/11/06 21:26:21 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\3909
[2013/09/13 11:55:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Adobe
[2013/10/18 11:23:05 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVAST Software
[2013/09/02 20:22:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG
[2013/10/14 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG2014
[2013/09/04 13:26:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\CyberLink
[2013/09/02 23:13:45 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DAEMON Tools Lite
[2013/09/04 10:52:07 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Google
[2013/09/01 10:34:45 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Identities
[2013/09/17 16:20:42 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InstallShield
[2013/10/27 20:58:17 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LolClient
[2013/09/01 10:48:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Macromedia
[2013/10/14 11:01:52 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2011/02/22 12:42:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Media Center Programs
[2013/11/01 10:22:17 | 000,000,000 | --SD | M] -- C:\Users\David\AppData\Roaming\Microsoft
[2013/10/26 10:58:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenCandy
[2013/09/02 14:04:14 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Origin
[2013/10/27 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Riot Games
[2013/09/02 14:40:11 | 000,000,000 | RH-D | M] -- C:\Users\David\AppData\Roaming\SecuROM
[2013/09/05 08:55:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Seznam.cz
[2013/09/02 20:28:18 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TuneUp Software
[2013/10/31 00:16:56 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\uTorrent
[2013/09/02 14:10:47 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2013/12/03 09:34:00 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Xfire

[Jaqkes]

< %APPDATA%\*.exe /s >
[2013/09/03 16:01:10 | 000,914,400 | ---- | M] () -- C:\Users\David\AppData\Roaming\OpenCandy\5EC15EF0B61342B996DA09A90B721358\PasswordBoxCHSTORE_p1v0.exe
[2013/05/16 14:25:04 | 001,062,472 | ---- | M] () -- C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe
[2013/05/16 14:26:24 | 002,589,256 | ---- | M] () -- C:\Users\David\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013/04/29 11:53:34 | 000,045,560 | ---- | M] () -- C:\Users\David\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2013/04/12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\David\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013/04/12 09:10:22 | 000,092,664 | ---- | M] () -- C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
[2013/04/16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Users\David\AppData\Roaming\Seznam.cz\data\ffinstall\ffkill.exe
[2011/12/19 10:04:28 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Users\David\AppData\Roaming\Seznam.cz\data\ffinstall\reg.exe
[2013/04/16 12:52:36 | 000,077,824 | ---- | M] () -- C:\Users\David\AppData\Roaming\Seznam.cz\data\ffinstall\regctrl.exe
[2013/09/03 15:55:09 | 001,052,496 | ---- | M] (BitTorrent Inc.) -- C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013/12/03 09:01:50 | 000,000,962 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/12/03 09:45:35 | 000,000,966 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013/12/03 09:04:28 | 000,000,018 | ---- | M] () -- C:\windows\system32\log.txt

< %SYSTEMDRIVE%\*.exe >

< >

< *crack* /s >
[2013/09/30 11:57:30 | 000,000,948 | ---- | M] () -- \Users\David\AppData\Roaming\Microsoft\Windows\Recent\Pro Evolution Soccer 2014 (PES 14) - REPACK - MULTI 7 (UPDATE+CRACK).part1.lnk
[2013/09/30 11:57:54 | 000,000,948 | ---- | M] () -- \Users\David\AppData\Roaming\Microsoft\Windows\Recent\Pro Evolution Soccer 2014 (PES 14) - REPACK - MULTI 7 (UPDATE+CRACK).part2.lnk

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2006/10/26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2010/12/24 12:20:38 | 000,056,416 | ---- | M] () -- \Program Files (x86)\Lenovo\YouCam\Koan\pyloader.dll
[2010/12/24 12:19:18 | 000,015,969 | ---- | M] () -- \Program Files (x86)\Lenovo\YouCam\subsys\Uploader\PyUploader.kc
[2010/12/24 12:19:18 | 000,179,296 | ---- | M] () -- \Program Files (x86)\Lenovo\YouCam\subsys\Uploader\_PyUploader.pyd
[2010/12/24 12:19:20 | 002,475,304 | ---- | M] () -- \Program Files (x86)\Lenovo\YouCam\subsys\YouCam\CES_3DLoaderFBX.dll
[2008/10/10 14:39:54 | 000,068,688 | ---- | M] () -- \Program Files (x86)\Origin Games\Mirrors Edge\Binaries\PhysXLocal\PhysXLoader.dll
[2013/07/23 17:50:00 | 000,499,712 | R--- | M] () -- \Program Files\WinZip\adxloader.dll
[2013/07/23 17:50:00 | 000,000,348 | ---- | M] () -- \Program Files\WinZip\adxloader.dll.manifest
[2013/07/23 17:50:00 | 000,704,000 | R--- | M] () -- \Program Files\WinZip\adxloader64.dll
[2013/09/03 16:00:34 | 000,476,672 | ---- | M] () -- \Qoobox\Quarantine\C\Program Files (x86)\hosts\hosts-codedownloader.exe.vir
[2013/10/27 18:42:05 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.59\deploy\assets\storeImages\layout\small_loader.gif
[2013/11/24 20:07:13 | 000,000,353 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADAWAWJI\queryLoader[1].css
[2013/11/21 15:13:29 | 000,005,708 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADAWAWJI\queryLoader[1].js
[2013/11/24 20:07:18 | 000,005,505 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADAWAWJI\queryLoader[2].js
[11 \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADAWAWJI\*.tmp files -> \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADAWAWJI\*.tmp -> ]
[2013/11/07 09:15:31 | 000,003,208 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3VKHNPT\ajax-loader3[1].gif
[2013/11/23 13:11:45 | 000,000,353 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3VKHNPT\queryLoader[1].css
[2013/11/23 13:11:45 | 000,005,505 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3VKHNPT\queryLoader[1].js
[2013/11/29 13:08:58 | 000,005,708 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3VKHNPT\queryLoader[2].js
[11 \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3VKHNPT\*.tmp files -> \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3VKHNPT\*.tmp -> ]
[2013/11/08 14:36:39 | 000,000,374 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HROGOE4R\queryLoader[1].css
[2013/11/08 14:36:40 | 000,005,708 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HROGOE4R\queryLoader[1].js
[2013/11/21 15:13:29 | 000,000,374 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HROGOE4R\queryLoader[2].css
[17 \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HROGOE4R\*.tmp files -> \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HROGOE4R\*.tmp -> ]
[2013/11/29 13:08:58 | 000,000,374 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2YWLKSS\queryLoader[1].css
[12 \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2YWLKSS\*.tmp files -> \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2YWLKSS\*.tmp -> ]
[2013/10/18 19:18:18 | 000,001,866 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D9AOXHP0\asyncPixelLoader[1].js
[2013/10/30 18:50:41 | 000,005,806 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D9AOXHP0\loader[1].js
[2013/10/18 19:18:07 | 000,058,670 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MM61JS9D\sf_preloader[1].js
[2013/10/30 18:50:41 | 000,058,670 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MM61JS9D\sf_preloader[2].js
[2013/10/18 19:18:12 | 000,001,049 | ---- | M] () -- \Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VSJWZN6K\_preloader[1].gif
[2013/04/15 12:32:10 | 000,060,416 | ---- | M] () -- \Users\David\AppData\Roaming\Seznam.cz\bin\24373libfoxloader-x64.dll
[2013/03/29 12:37:34 | 000,059,384 | ---- | M] () -- \Users\David\AppData\Roaming\Seznam.cz\bin\24373libfoxloader.dll
[2013/09/02 22:17:41 | 000,000,165 | ---- | M] () -- \Users\David\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013/03/25 15:27:20 | 000,000,665 | ---- | M] () -- \Users\David\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013/03/25 15:27:26 | 000,000,117 | ---- | M] () -- \Users\David\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
[2013/08/02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2008/10/17 08:29:00 | 000,070,936 | ---- | M] () -- \Windows\System32\PhysXLoader.dll
[2013/08/02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2008/10/17 08:29:00 | 000,070,936 | ---- | M] () -- \Windows\SysWOW64\PhysXLoader.dll
[2009/07/14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:38:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 03:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 07:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/29 03:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/04/26 06:37:05 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2011/04/26 06:37:05 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2011/04/26 06:37:05 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2011/04/26 06:37:05 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2011/04/26 06:37:05 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2013/09/02 10:23:04 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2013/09/02 10:23:04 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2013/09/02 10:23:04 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2013/09/02 10:23:04 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2013/09/02 10:23:04 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009/07/14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2011/04/26 06:32:26 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010/11/21 04:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/02/05 18:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/02/05 14:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009/07/14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 05:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 06:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/29 02:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2013/09/13 00:53:56 | 000,434,368 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.dll
[2013/10/11 00:20:03 | 001,164,288 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.ni.dll
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011/04/26 06:36:17 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2010/04/14 19:20:46 | 000,415,592 | ---- | M] () -- \Program Files (x86)\Windows Live\Mesh\System.Runtime.Serialization.dll
[2010/04/14 19:20:46 | 000,141,168 | ---- | M] () -- \Program Files (x86)\Windows Live\Mesh\System.Runtime.Serialization.Json.dll
[2010/04/14 19:20:46 | 000,321,376 | ---- | M] () -- \Program Files (x86)\Windows Live\Mesh\System.Xml.Serialization.dll
[2013/09/13 01:23:44 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.dll
[2013/10/11 00:20:41 | 001,546,240 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.ni.dll
[2012/10/05 11:52:37 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011/04/26 06:36:16 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2013/09/28 16:22:09 | 000,003,072 | ---- | M] () -- \Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.serialzone.cz_0.localstorage
[2013/09/28 16:22:09 | 000,003,608 | ---- | M] () -- \Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.serialzone.cz_0.localstorage-journal
[2011/04/26 06:35:48 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/13 03:02:06 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013/09/18 11:06:53 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d462f459c4353e2c628e6def1430aed7\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/09/18 11:08:03 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
[2013/09/18 10:51:03 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\845e04461d3d879b24c5b0d30947050a\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/09/18 10:51:50 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\dbfc784cc4bde7b16fb471e14563569d\System.Runtime.Serialization.ni.dll
[2013/09/22 15:30:44 | 000,304,640 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\1729a1c27c4c29abc3a3982df67c3e9d\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/09/22 15:30:44 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\1729a1c27c4c29abc3a3982df67c3e9d\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2013/10/11 00:24:56 | 002,786,816 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\be5f0f2e208bbb3c647acfbc33434251\System.Runtime.Serialization.ni.dll
[2013/10/11 00:24:56 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\be5f0f2e208bbb3c647acfbc33434251\System.Runtime.Serialization.ni.dll.aux
[2013/09/22 19:47:37 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\e9ae6390ba678193c056e647edb44849\System.Xml.Serialization.ni.dll
[2013/09/22 19:47:37 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\e9ae6390ba678193c056e647edb44849\System.Xml.Serialization.ni.dll.aux
[2013/09/22 19:39:34 | 000,373,248 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\6306ff71e246e8da5d0fb73a2c9c7766\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/09/22 19:39:34 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\6306ff71e246e8da5d0fb73a2c9c7766\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2013/10/18 12:34:10 | 003,602,944 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\8c26dbe126ceffec534b49eefd37dd36\System.Runtime.Serialization.ni.dll
[2013/10/18 12:34:10 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\8c26dbe126ceffec534b49eefd37dd36\System.Runtime.Serialization.ni.dll.aux
[2013/09/22 19:44:14 | 000,028,672 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\a2556a1137fbb8361cee016477e7f692\System.Xml.Serialization.ni.dll
[2013/09/22 19:44:14 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\a2556a1137fbb8361cee016477e7f692\System.Xml.Serialization.ni.dll.aux
[2012/07/08 23:40:08 | 001,050,096 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\0D741DA1E0EBC6D3CA11466FCD14361F\4.5.50709\System.Runtime.Serialization.dll.amd64
[2012/07/08 23:40:08 | 001,050,096 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\0D741DA1E0EBC6D3CA11466FCD14361F\4.5.50709\System.Runtime.Serialization.dll.x86
[2012/07/08 23:40:08 | 001,050,096 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\0D741DA1E0EBC6D3CA11466FCD14361F\4.5.50709\System.Runtime.Serialization.dll_gac_x86
[2012/07/09 01:42:12 | 000,027,760 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/07/08 23:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/08 23:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2012/07/08 23:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2012/07/09 01:42:12 | 000,113,704 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2012/07/08 23:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013/07/09 12:45:48 | 001,051,288 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012/07/08 23:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2012/07/08 23:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011/04/26 06:35:53 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/10/05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/07/09 12:45:48 | 001,051,288 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2012/07/08 23:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/08 23:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012/07/08 23:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012/07/08 23:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012/07/08 23:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2012/07/08 23:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2012/07/09 01:42:12 | 000,027,760 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/07/09 01:42:12 | 000,113,704 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009/06/10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011/04/26 06:35:44 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2012/10/05 11:52:38 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/07/09 12:45:48 | 001,051,288 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2012/07/08 23:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/08 23:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012/07/08 23:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012/07/08 23:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012/07/08 23:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2012/07/08 23:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2012/09/27 20:44:46 | 000,027,824 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/07/09 01:42:12 | 000,113,704 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2011/04/26 06:35:24 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009/07/14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/06/10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2011/04/26 06:35:24 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2011/04/26 06:35:44 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2011/04/26 06:35:54 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009/07/14 02:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2011/04/26 06:36:16 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2011/04/26 06:35:58 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009/07/14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009/06/10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010/11/21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012/10/05 11:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2012/10/05 11:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2010/11/21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012/10/05 11:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2012/10/05 11:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2013/09/02 10:23:04 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2013/09/02 10:23:04 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2011/04/26 06:37:05 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009/07/14 03:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2011/04/26 06:37:08 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009/07/14 03:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 03:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011/02/05 18:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011/02/05 14:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009/07/14 03:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010/11/21 04:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012/10/05 19:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2012/10/05 19:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2010/11/21 04:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012/10/05 19:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2012/10/05 19:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2010/11/21 04:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012/10/05 18:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012/10/05 18:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2011/04/26 06:34:03 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2012/10/05 21:12:17 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012/10/05 20:59:28 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2010/11/21 04:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012/10/05 18:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012/10/05 18:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2010/11/21 04:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012/10/05 18:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012/10/05 18:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2011/04/26 06:35:48 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/11/21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012/10/05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012/10/05 11:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2011/04/26 06:36:16 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010/11/13 03:02:06 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010/11/13 03:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2010/11/21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2011/04/26 06:35:53 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011/04/26 06:35:24 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2011/04/26 06:36:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2010/11/21 04:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

[Márty84]

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:services
AdobeARMservice
gupdate
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

:otl
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..\SearchScopes\{933AADB6-AC3F-45B7-9309-15A8CBCB4E09}: "URL" = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=6a49ca83000000000000c0f8da1c940b&affilt=3&r=419
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O2 - BHO: (hosts) - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-3440131790-827048697-2130922516-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-3440131790-827048697-2130922516-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-3440131790-827048697-2130922516-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O15 - HKU\S-1-5-21-3440131790-827048697-2130922516-1001\..Trusted Domains: localhost ([]http in Internet)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013/09/02 20:22:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG
[2013/10/14 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG2014
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[6 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[1 C:\windows\temp\*.tmp files -> C:\windows\temp\*.tmp -> ]
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:373E1720

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] /64

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[Jaqkes]

Dobrý den,
dal jsem spustit jako správce. Zkopíroval text a dal opravit. Program mi zamrznul, tak jsem zkusil počkat 15-20 minut a rozhodl jsem se ho vypnout. Takže klasicky Crtl+alt+del a aniž by mi vyjel správce úloh, tak se mi hodila modrá obrazovka, kde bylo napsáno že windows detekoval jakesi cosi. Moc jsem to nestíhal přečíst a windows se restartnul.

Na ploše se mi objevily 2 dokumenty: desktop.ini

První:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
CyberLink YouCam.lnk=@C:\PROGRA~2\Lenovo\YouCam\MUITRA~1\Resource.dll,-216
Lenovo Security Suite.lnk=@C:\PROGRA~2\Lenovo\LENOVO~2\MUIREC~1.DLL,-101

Druhý:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

Tak nevím no =/