Logfile of random's system information tool 1.09 (written by random/random)
Run by Petra at 2014-03-30 19:12:58
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 400 GB (86%) free of 465 GB
Total RAM: 1917 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:13:01, on 30.3.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\LemurLeap\bin\XTLSApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Petra\Downloads\RSIT(1).exe
C:\Program Files\trend micro\Petra.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [EADM] "C:\Program Files\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Update LemurLeap - Unknown owner - C:\Program Files\LemurLeap\updateLemurLeap.exe
O23 - Service: Util LemurLeap - Unknown owner - C:\Program Files\LemurLeap\bin\utilLemurLeap.exe
--
End of file - 8982 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... 10&UM=1&q="
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nullsoft.com/winampDetector;version=1]
"Description"=Winamp Detector
"Path"=C:\Program Files\Winamp Detect\npwachk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default\searchplugins\
conduit.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-22 378736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL [2013-06-22 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-22 378736]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-02 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-02 151064]
""= []
"LenovoFSC"=C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [2009-06-26 49152]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"PWRAGD"=C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe [2009-08-13 72256]
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28 49976]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2009-08-04 244208]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2014-03-19 4971024]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"=C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2013-10-31 449760]
"EADM"=C:\Program Files\Origin\Origin.exe [2014-03-30 3588952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]
"cz.seznam.software.autoupdate"=C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"uTorrent"=C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe [2014-03-29 1264984]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-02-10 20922016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-07-28 216576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-03-30 19:02:25 ----D---- C:\rsit
2014-03-30 19:02:25 ----D---- C:\Program Files\trend micro
2014-03-29 22:36:47 ----D---- C:\Users\Petra\AppData\Roaming\Anino Games
2014-03-29 14:48:39 ----D---- C:\Program Files\Mozilla Firefox
2014-03-20 19:29:04 ----D---- C:\Program Files\Common Files\Skype
2014-03-20 19:29:03 ----RD---- C:\Program Files\Skype
2014-03-18 19:49:39 ----A---- C:\Windows\system32\drivers\wStLib.sys
2014-03-18 19:22:05 ----D---- C:\ProgramData\Avg_Update_0214d
2014-03-17 18:19:38 ----D---- C:\Users\Petra\AppData\Roaming\Tap It Games
2014-03-14 23:13:29 ----D---- C:\Users\Petra\AppData\Roaming\AVG2014
2014-03-14 23:08:01 ----D---- C:\ProgramData\AVG2014
2014-03-12 22:20:45 ----D---- C:\Program Files\TeamViewer
2014-03-11 20:30:24 ----A---- C:\Windows\system32\qedit.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 20:30:04 ----A---- C:\Windows\system32\jsproxy.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\jscript9diag.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\iernonce.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieapfltr.dll
2014-03-11 20:30:03 ----A---- C:\Windows\system32\wininet.dll
2014-03-11 20:30:03 ----A---- C:\Windows\system32\ieui.dll
2014-03-11 20:30:02 ----A---- C:\Windows\system32\ieUnatt.exe
2014-03-11 20:30:02 ----A---- C:\Windows\system32\iertutil.dll
2014-03-11 20:30:01 ----A---- C:\Windows\system32\mshtml.dll
2014-03-11 20:30:01 ----A---- C:\Windows\system32\jscript9.dll
2014-03-11 20:30:00 ----A---- C:\Windows\system32\urlmon.dll
2014-03-11 20:29:59 ----A---- C:\Windows\system32\msfeeds.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\msrating.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\iesetup.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\ieframe.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\ie4uinit.exe
2014-03-11 20:29:25 ----A---- C:\Windows\system32\wwansvc.dll
2014-03-11 20:28:58 ----A---- C:\Windows\system32\win32k.sys
2014-03-11 20:28:30 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-03-11 20:28:02 ----A---- C:\Windows\system32\wer.dll
2014-03-08 18:29:13 ----D---- C:\Users\Petra\AppData\Roaming\saves
2014-03-03 17:19:36 ----D---- C:\Users\Petra\AppData\Roaming\Lazy Turtle Games
2014-03-03 16:46:15 ----D---- C:\Users\Petra\AppData\Roaming\Five-BN Games
======List of files/folders modified in the last 1 month======
2014-03-30 19:12:58 ----D---- C:\Windows\Temp
2014-03-30 19:11:44 ----D---- C:\Users\Petra\AppData\Roaming\uTorrent
2014-03-30 19:09:40 ----D---- C:\Users\Petra\AppData\Roaming\Skype
2014-03-30 19:02:25 ----RD---- C:\Program Files
2014-03-30 18:57:36 ----D---- C:\ProgramData\Origin
2014-03-30 18:41:12 ----D---- C:\ProgramData\MFAData
2014-03-30 18:40:03 ----D---- C:\Windows\system32\config
2014-03-30 18:35:12 ----D---- C:\Users\Petra\AppData\Roaming\Seznam.cz
2014-03-30 18:30:20 ----A---- C:\Windows\win.ini
2014-03-30 18:30:08 ----D---- C:\Program Files\Origin
2014-03-30 17:58:33 ----D---- C:\Windows\System32
2014-03-30 17:58:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-30 17:58:32 ----D---- C:\Windows\inf
2014-03-30 15:17:47 ----SHD---- C:\System Volume Information
2014-03-30 15:15:02 ----D---- C:\Windows\Prefetch
2014-03-30 08:01:07 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-03-29 23:14:51 ----AD---- C:\ProgramData\TEMP
2014-03-29 21:36:35 ----D---- C:\Users\Petra\AppData\Roaming\Artifex Mundi
2014-03-29 21:35:43 ----D---- C:\Program Files\Alawarhry.cz
2014-03-29 20:35:20 ----D---- C:\Users\Petra\AppData\Roaming\Elephant Games
2014-03-29 20:35:20 ----D---- C:\ProgramData\Elephant Games
2014-03-29 20:34:23 ----D---- C:\BigFishCache
2014-03-27 21:05:47 ----D---- C:\Windows\system32\catroot2
2014-03-26 17:59:02 ----HD---- C:\Program Files\InstallShield Installation Information
2014-03-24 16:29:16 ----SHD---- C:\Windows\Installer
2014-03-24 16:26:57 ----HD---- C:\$AVG
2014-03-20 19:29:10 ----D---- C:\ProgramData\Skype
2014-03-20 19:29:04 ----D---- C:\Program Files\Common Files
2014-03-19 00:38:26 ----D---- C:\Windows\system32\MRT
2014-03-19 00:36:15 ----A---- C:\Windows\system32\MRT.exe
2014-03-18 19:49:39 ----D---- C:\Windows\system32\drivers
2014-03-18 19:49:39 ----D---- C:\Program Files\LemurLeap
2014-03-18 19:22:05 ----HD---- C:\ProgramData
2014-03-17 19:26:24 ----D---- C:\ProgramData\Playrix Entertainment
2014-03-17 17:38:17 ----D---- C:\Users\Petra\AppData\Roaming\Blue Tea Games
2014-03-15 19:49:58 ----D---- C:\Program Files\Hry.cz
2014-03-15 19:36:12 ----D---- C:\ProgramData\AlawarWrapper
2014-03-14 23:12:25 ----D---- C:\ProgramData\AVG2013
2014-03-14 23:09:49 ----D---- C:\Windows\system32\catroot
2014-03-14 23:09:46 ----D---- C:\Windows\system32\DriverStore
2014-03-14 23:07:38 ----D---- C:\Program Files\AVG
2014-03-12 22:21:12 ----D---- C:\Windows\system32\Tasks
2014-03-12 22:20:57 ----RSD---- C:\Windows\Fonts
2014-03-12 17:58:17 ----D---- C:\Windows\winsxs
2014-03-12 17:55:52 ----D---- C:\Program Files\Internet Explorer
2014-03-11 21:11:36 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-03-01 16:40:02 ----D---- C:\Users\Petra\AppData\Roaming\BlamGames
2014-03-01 15:47:45 ----D---- C:\Users\Petra\AppData\Roaming\Eipix
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2013-11-25 149272]
R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2013-10-01 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2013-09-10 27448]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS [2013-06-22 310320]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2013-11-25 120600]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2013-09-26 47928]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-25 210712]
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2014-01-19 22808]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2013-11-01 176952]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys [2010-01-20 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys [2013-07-26 467592]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-06 243128]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2013-06-29 376480]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20130628.001\IDSvix86.sys [2013-06-28 386720]
R1 MpKsle24939e1;MpKsle24939e1; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC774FD3-B341-4460-8040-7982C108799A}\MpKsle24939e1.sys [2014-03-30 39464]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS [2013-06-22 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2013-06-22 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS [2011-09-22 217464]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-06-29 106656]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-07-28 5924864]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-05 2745760]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2013-06-22 33088]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 SuperIO;Lenovo ASD HWM Driver; C:\Windows\system32\DRIVERS\spio.sys [2009-06-06 11720]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2013-06-22 124976]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2013-09-16 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2013-09-16 25200]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130629.007\NAVENG.SYS [2013-06-29 93272]
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130629.007\NAVEX15.SYS [2013-06-29 1611992]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor\pcdsrvc.pkms [2009-08-18 20848]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS [2013-06-22 308272]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 SYMFW;Symantec Network Filter Driver; C:\Windows\system32\drivers\NIS\1007000.01E\SYMFW.SYS []
S3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\system32\drivers\NIS\1007000.01E\SYMNDISV.SYS []
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG2014\avgfws.exe [2013-09-24 1358944]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2014-02-23 3782672]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2013-09-24 348008]
R2 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-13 72256]
R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2009-09-04 15872]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-17 4915040]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2009-08-28 1019904]
R2 Update LemurLeap;Update LemurLeap; C:\Program Files\LemurLeap\updateLemurLeap.exe [2014-03-29 348448]
R2 Util LemurLeap;Util LemurLeap; C:\Program Files\LemurLeap\bin\utilLemurLeap.exe [2014-03-29 348448]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
S2 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-04 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-04 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-04 166384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-29 119408]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-04 313840]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-04-30 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2009-09-04 1474560]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-06-30 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu logu.vyskakujici reklamy.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosim o kontrolu logu.vyskakujici reklamy.
Zdravim 
Mate tam strasny binec v antivirech. Bezi tam MSE, AVG a NIS. Ktery tedy chcete pouzivat?
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Mate tam strasny binec v antivirech. Bezi tam MSE, AVG a NIS. Ktery tedy chcete pouzivat? Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: prosim o kontrolu logu.vyskakujici reklamy.
zdravim,antiviry odinstalovany,ponechan jen jeden.pc je sestry a ta tomu tak nerozumi
# AdwCleaner v3.022 - Report created 31/03/2014 at 22:47:12
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Petra - PETRA-VOSA
# Running from : C:\Users\Petra\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Update LemurLeap
[#] Service Deleted : Util LemurLeap
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\AlawarWrapper
[!] Folder Deleted : C:\Program Files\LemurLeap
Folder Deleted : C:\Users\Petra\AppData\Local\AlawarWrapper
Folder Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default\Smartbar
Folder Deleted : C:\Users\Tonik\AppData\Roaming\Mozilla\Firefox\Profiles\vxaspw46.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File Deleted : C:\END
File Deleted : C:\Users\Petra\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default\searchplugins\Conduit.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{415419C3-DAD0-4DF1-AC37-22C72AD81878}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ImageStoreRandomFolder]
-\\ Mozilla Firefox v28.0 (cs)
[ File : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default\prefs.js ]
Line Deleted : user_pref("CT1750559.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT1750559.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM Dance\",\"description\":\"1.FM Dance\",\"url\":\"mms://dance.1.fm/energydance128k?MSWMExt=.asf\"}");
Line Deleted : user_pref("CT1750559.1000234.TWC_TMP_city", "PRAGUE");
Line Deleted : user_pref("CT1750559.1000234.TWC_TMP_country", "CZ");
Line Deleted : user_pref("CT1750559.1000234.TWC_country", "CZECH REPUBLIC");
Line Deleted : user_pref("CT1750559.1000234.TWC_locId", "EZXX0012");
Line Deleted : user_pref("CT1750559.1000234.TWC_location", "Prague, Czech Republic");
Line Deleted : user_pref("CT1750559.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT1750559.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT1750559.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("CT1750559.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"25°C\",\"temperatureClear\":\"25°C\",\"highTemperature\":\"29°C\",\"lowTemperature\":\"19°C\",\"feelsLike\":\"25°C\",[...]
Line Deleted : user_pref("CT1750559.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.FF19Solved", "true");
Line Deleted : user_pref("CT1750559.FirstTime", "true");
Line Deleted : user_pref("CT1750559.FirstTimeFF3", "true");
Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT1750559&ctid=CT1750559&SearchSource=2&CUI=UN35355979931603910&UM=1&sspv=TB_CH5&q=");
Line Deleted : user_pref("CT1750559.UserID", "UN35355979931603910");
Line Deleted : user_pref("CT1750559.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.appButtonDisablenull.enc", "MA==");
Line Deleted : user_pref("CT1750559.autoDisableScopes", -1);
Line Deleted : user_pref("CT1750559.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT1750559.countryCode", "CZ");
Line Deleted : user_pref("CT1750559.defaultSearch", "true");
Line Deleted : user_pref("CT1750559.enableAlerts", "true");
Line Deleted : user_pref("CT1750559.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT1750559.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT1750559.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT1750559.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT1750559.fixUrls", true);
Line Deleted : user_pref("CT1750559.fullUserID", "UN35355979931603910.IN.20130726103052");
Line Deleted : user_pref("CT1750559.homepageuserchanged", true);
Line Deleted : user_pref("CT1750559.installDate", "26/07/2013 10:30:51");
Line Deleted : user_pref("CT1750559.installId", "dm");
Line Deleted : user_pref("CT1750559.installSessionId", "15e526d9-f062-420a-b2f4-6b89314be2f7");
Line Deleted : user_pref("CT1750559.installSp", "FALSE");
Line Deleted : user_pref("CT1750559.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT1750559.installUsage", "2013-07-26T11:30:58.4614848+03:00");
Line Deleted : user_pref("CT1750559.installUsageEarly", "2013-07-26T11:30:57.5722905+03:00");
Line Deleted : user_pref("CT1750559.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT1750559.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT1750559.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT1750559.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.keyword", "true");
Line Deleted : user_pref("CT1750559.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT1750559&octid=CT1750559&SearchSource=15&CUI=UN35355979931603910&SSPV=&Lay=1&UM=1\"}");
Line Deleted : user_pref("CT1750559.lastVersion", "10.20.1.508");
Line Deleted : user_pref("CT1750559.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT1750559.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT1750559.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://BSPlayerControlBar.OurToolbar.com/\",\[...]
Line Deleted : user_pref("CT1750559.openThankYouPage", "false");
Line Deleted : user_pref("CT1750559.openUninstallPage", "true");
Line Deleted : user_pref("CT1750559.originalHomepage", "www.seznam.cz");
Line Deleted : user_pref("CT1750559.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT1750559.originalSearchEngine", "");
Line Deleted : user_pref("CT1750559.originalSearchEngineName", "");
Line Deleted : user_pref("CT1750559.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT1750559.search.searchAppId", "128520273115419467");
Line Deleted : user_pref("CT1750559.search.searchCount", "0");
Line Deleted : user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.searchRevert", "false");
Line Deleted : user_pref("CT1750559.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchUserMode", "1");
Line Deleted : user_pref("CT1750559.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1750559\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BSPlayerControlBar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BS Player ControlBar \"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_services_Configuration_lastUpdate", "1381340247285");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1374827458349");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appsMetadata_lastUpdate", "1374827458021");
Line Deleted : user_pref("CT1750559.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1374827457957");
Line Deleted : user_pref("CT1750559.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1374827457478");
Line Deleted : user_pref("CT1750559.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1374827458532");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.16.4.29_lastUpdate", "1375734318944");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377253041286");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378844240394");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380014972411");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.20.1.508_lastUpdate", "1381421080384");
Line Deleted : user_pref("CT1750559.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1374827458052");
Line Deleted : user_pref("CT1750559.serviceLayer_services_searchAPI_lastUpdate", "1381340247235");
Line Deleted : user_pref("CT1750559.serviceLayer_services_serviceMap_lastUpdate", "1381340247003");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarContextMenu_lastUpdate", "1374827457895");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarSettings_lastUpdate", "1381421080259");
Line Deleted : user_pref("CT1750559.serviceLayer_services_translation_lastUpdate", "1381340246955");
Line Deleted : user_pref("CT1750559.settingsINI", true);
Line Deleted : user_pref("CT1750559.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT1750559.showToolbarPermission", "false");
Line Deleted : user_pref("CT1750559.smartbar.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT1750559.smartbar.homepage", "true");
Line Deleted : user_pref("CT1750559.smartbar.isHidden", true);
Line Deleted : user_pref("CT1750559.smartbar.toolbarName", "BS Player ControlBar ");
Line Deleted : user_pref("CT1750559.startPage", "true");
Line Deleted : user_pref("CT1750559.toolbarBornServerTime", "26-7-2013");
Line Deleted : user_pref("CT1750559.toolbarCurrentServerTime", "10-10-2013");
Line Deleted : user_pref("CT1750559.toolbarLoginClientTime", "Fri Jul 26 2013 10:30:58 GMT+0200");
Line Deleted : user_pref("CT1750559.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT1750559.versionFromInstaller", "10.16.4.29");
Line Deleted : user_pref("CT1750559.xpeMode", "3");
Line Deleted : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381421077322,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "BS Player ControlBar Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT1750559&ctid=CT1750559&SearchSource=2&CUI=UN35355979931603910&UM=1&sspv=TB_CH5&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
Line Deleted : user_pref("browser.search.defaultenginename", "BS Player ControlBar Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "BS Player ControlBar Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&CUI=UN35355979931603910&UM=1&SearchSource=3&q={searchTerms}&sspv=TB_CH5");
Line Deleted : user_pref("browser.search.selectedEngine", "BS Player ControlBar Customized Web Search");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN35355979931603910&UM=1&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN35355979931603910&UM=1&SearchSource=13&sspv=TB_CH5");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN35355979931603910&UM=1&sspv=TB_CH5&q=,hxxp://search.conduit.com/Results[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.machineId", "KHOLTPAQFC+9JVPXKNJT+AKNXQTOYZETUAVJ3FO33JS2PJHALO1DUE0HB0+56YT+RO0K6UY4UQT7G1EDYGGT6A");
[ File : C:\Users\Tonik\AppData\Roaming\Mozilla\Firefox\Profiles\vxaspw46.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [13678 octets] - [31/03/2014 22:46:10]
AdwCleaner[S0].txt - [13899 octets] - [31/03/2014 22:47:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13960 octets] ##########
# AdwCleaner v3.022 - Report created 31/03/2014 at 22:47:12
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Petra - PETRA-VOSA
# Running from : C:\Users\Petra\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Update LemurLeap
[#] Service Deleted : Util LemurLeap
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\AlawarWrapper
[!] Folder Deleted : C:\Program Files\LemurLeap
Folder Deleted : C:\Users\Petra\AppData\Local\AlawarWrapper
Folder Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default\Smartbar
Folder Deleted : C:\Users\Tonik\AppData\Roaming\Mozilla\Firefox\Profiles\vxaspw46.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File Deleted : C:\END
File Deleted : C:\Users\Petra\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default\searchplugins\Conduit.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{415419C3-DAD0-4DF1-AC37-22C72AD81878}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ImageStoreRandomFolder]
-\\ Mozilla Firefox v28.0 (cs)
[ File : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default\prefs.js ]
Line Deleted : user_pref("CT1750559.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT1750559.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM Dance\",\"description\":\"1.FM Dance\",\"url\":\"mms://dance.1.fm/energydance128k?MSWMExt=.asf\"}");
Line Deleted : user_pref("CT1750559.1000234.TWC_TMP_city", "PRAGUE");
Line Deleted : user_pref("CT1750559.1000234.TWC_TMP_country", "CZ");
Line Deleted : user_pref("CT1750559.1000234.TWC_country", "CZECH REPUBLIC");
Line Deleted : user_pref("CT1750559.1000234.TWC_locId", "EZXX0012");
Line Deleted : user_pref("CT1750559.1000234.TWC_location", "Prague, Czech Republic");
Line Deleted : user_pref("CT1750559.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT1750559.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT1750559.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("CT1750559.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"25°C\",\"temperatureClear\":\"25°C\",\"highTemperature\":\"29°C\",\"lowTemperature\":\"19°C\",\"feelsLike\":\"25°C\",[...]
Line Deleted : user_pref("CT1750559.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.FF19Solved", "true");
Line Deleted : user_pref("CT1750559.FirstTime", "true");
Line Deleted : user_pref("CT1750559.FirstTimeFF3", "true");
Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT1750559&ctid=CT1750559&SearchSource=2&CUI=UN35355979931603910&UM=1&sspv=TB_CH5&q=");
Line Deleted : user_pref("CT1750559.UserID", "UN35355979931603910");
Line Deleted : user_pref("CT1750559.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.appButtonDisablenull.enc", "MA==");
Line Deleted : user_pref("CT1750559.autoDisableScopes", -1);
Line Deleted : user_pref("CT1750559.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT1750559.countryCode", "CZ");
Line Deleted : user_pref("CT1750559.defaultSearch", "true");
Line Deleted : user_pref("CT1750559.enableAlerts", "true");
Line Deleted : user_pref("CT1750559.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT1750559.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT1750559.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT1750559.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT1750559.fixUrls", true);
Line Deleted : user_pref("CT1750559.fullUserID", "UN35355979931603910.IN.20130726103052");
Line Deleted : user_pref("CT1750559.homepageuserchanged", true);
Line Deleted : user_pref("CT1750559.installDate", "26/07/2013 10:30:51");
Line Deleted : user_pref("CT1750559.installId", "dm");
Line Deleted : user_pref("CT1750559.installSessionId", "15e526d9-f062-420a-b2f4-6b89314be2f7");
Line Deleted : user_pref("CT1750559.installSp", "FALSE");
Line Deleted : user_pref("CT1750559.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT1750559.installUsage", "2013-07-26T11:30:58.4614848+03:00");
Line Deleted : user_pref("CT1750559.installUsageEarly", "2013-07-26T11:30:57.5722905+03:00");
Line Deleted : user_pref("CT1750559.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT1750559.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT1750559.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT1750559.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.keyword", "true");
Line Deleted : user_pref("CT1750559.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT1750559&octid=CT1750559&SearchSource=15&CUI=UN35355979931603910&SSPV=&Lay=1&UM=1\"}");
Line Deleted : user_pref("CT1750559.lastVersion", "10.20.1.508");
Line Deleted : user_pref("CT1750559.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT1750559.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT1750559.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://BSPlayerControlBar.OurToolbar.com/\",\[...]
Line Deleted : user_pref("CT1750559.openThankYouPage", "false");
Line Deleted : user_pref("CT1750559.openUninstallPage", "true");
Line Deleted : user_pref("CT1750559.originalHomepage", "www.seznam.cz");
Line Deleted : user_pref("CT1750559.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT1750559.originalSearchEngine", "");
Line Deleted : user_pref("CT1750559.originalSearchEngineName", "");
Line Deleted : user_pref("CT1750559.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT1750559.search.searchAppId", "128520273115419467");
Line Deleted : user_pref("CT1750559.search.searchCount", "0");
Line Deleted : user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.searchRevert", "false");
Line Deleted : user_pref("CT1750559.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchUserMode", "1");
Line Deleted : user_pref("CT1750559.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1750559\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BSPlayerControlBar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BS Player ControlBar \"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_services_Configuration_lastUpdate", "1381340247285");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1374827458349");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appsMetadata_lastUpdate", "1374827458021");
Line Deleted : user_pref("CT1750559.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1374827457957");
Line Deleted : user_pref("CT1750559.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1374827457478");
Line Deleted : user_pref("CT1750559.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1374827458532");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.16.4.29_lastUpdate", "1375734318944");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377253041286");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378844240394");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380014972411");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.20.1.508_lastUpdate", "1381421080384");
Line Deleted : user_pref("CT1750559.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1374827458052");
Line Deleted : user_pref("CT1750559.serviceLayer_services_searchAPI_lastUpdate", "1381340247235");
Line Deleted : user_pref("CT1750559.serviceLayer_services_serviceMap_lastUpdate", "1381340247003");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarContextMenu_lastUpdate", "1374827457895");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarSettings_lastUpdate", "1381421080259");
Line Deleted : user_pref("CT1750559.serviceLayer_services_translation_lastUpdate", "1381340246955");
Line Deleted : user_pref("CT1750559.settingsINI", true);
Line Deleted : user_pref("CT1750559.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT1750559.showToolbarPermission", "false");
Line Deleted : user_pref("CT1750559.smartbar.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT1750559.smartbar.homepage", "true");
Line Deleted : user_pref("CT1750559.smartbar.isHidden", true);
Line Deleted : user_pref("CT1750559.smartbar.toolbarName", "BS Player ControlBar ");
Line Deleted : user_pref("CT1750559.startPage", "true");
Line Deleted : user_pref("CT1750559.toolbarBornServerTime", "26-7-2013");
Line Deleted : user_pref("CT1750559.toolbarCurrentServerTime", "10-10-2013");
Line Deleted : user_pref("CT1750559.toolbarLoginClientTime", "Fri Jul 26 2013 10:30:58 GMT+0200");
Line Deleted : user_pref("CT1750559.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT1750559.versionFromInstaller", "10.16.4.29");
Line Deleted : user_pref("CT1750559.xpeMode", "3");
Line Deleted : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381421077322,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "BS Player ControlBar Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT1750559&ctid=CT1750559&SearchSource=2&CUI=UN35355979931603910&UM=1&sspv=TB_CH5&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
Line Deleted : user_pref("browser.search.defaultenginename", "BS Player ControlBar Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "BS Player ControlBar Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&CUI=UN35355979931603910&UM=1&SearchSource=3&q={searchTerms}&sspv=TB_CH5");
Line Deleted : user_pref("browser.search.selectedEngine", "BS Player ControlBar Customized Web Search");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN35355979931603910&UM=1&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN35355979931603910&UM=1&SearchSource=13&sspv=TB_CH5");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN35355979931603910&UM=1&sspv=TB_CH5&q=,hxxp://search.conduit.com/Results[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.machineId", "KHOLTPAQFC+9JVPXKNJT+AKNXQTOYZETUAVJ3FO33JS2PJHALO1DUE0HB0+56YT+RO0K6UY4UQT7G1EDYGGT6A");
[ File : C:\Users\Tonik\AppData\Roaming\Mozilla\Firefox\Profiles\vxaspw46.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [13678 octets] - [31/03/2014 22:46:10]
AdwCleaner[S0].txt - [13899 octets] - [31/03/2014 22:47:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13960 octets] ##########
Re: prosim o kontrolu logu.vyskakujici reklamy.
Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: prosim o kontrolu logu.vyskakujici reklamy.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1.4.2014
Scan Time: 12:44:52
Logfile: Malwarebytes Anti-Malware.lnk 1.txt
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.04.01.02
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Petra
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 255210
Time Elapsed: 13 min, 0 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 4
PUP.Optional.LemurLeap.A, HKU\S-1-5-21-3808252141-163001717-3248989872-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{415419C3-DAD0-4DF1-AC37-22C72AD81878}, , [fc2a29fcf289b3831e95000b758df10f],
PUP.Optional.LemurLeap.A, HKU\S-1-5-21-3808252141-163001717-3248989872-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{415419C3-DAD0-4DF1-AC37-22C72AD81878}, , [fc2a29fcf289b3831e95000b758df10f],
PUP.Optional.LemurLeap.A, HKLM\SOFTWARE\LemurLeap, , [c165a97c8bf0c17527ea8ff9f60dda26],
PUP.Optional.LemurLeap.A, HKU\S-1-5-21-3808252141-163001717-3248989872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LemurLeap, , [5bcbd84d6f0c1f17d65fd9a88f74b14f],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\xpi, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\xpi\defaults, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\xpi\defaults\preferences, , [9294a2834e2d1b1b9dfb98b98a78b44c],
Files: 16
PUP.Optional.Somoto.A, C:\Users\Petra\AppData\Local\Temp\nsl925.tmp, , [21058a9b1269f046c7ea1af5b9486997],
PUP.Optional.LemurLeap.A, C:\Users\Petra\AppData\Local\Temp\LemurLeap_sm.exe, , [57cf49dc5f1c56e034a310cc53b03fc1],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\ctbe.exe, , [b274fa2b1a6160d6f28c63bbcc345ea2],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\ffLogic.exe, , [28fe7fa6255644f24a1e0212e02139c7],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\statisticsStub.exe, , [f82e57ceec8f40f624c90ef07789fb05],
PUP.Optional.OpenCandy, C:\Users\Tonik\Downloads\winamp565_full_emusic-7plus_all.exe, , [1e0831f4cdaeab8b5578d8595fa557a9],
PUP.Optional.Somoto.A, C:\Users\Petra\AppData\Local\Application Data\Bundled software uninstaller\bi_client.exe, , [45e16abbea91d462258ca26ded1414ec],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [ab7b31f45b2046f0085d78088e75b14f],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\chromeid.txt, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\conduit.xml, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\CT1750559.xpi, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\ddt.csf, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\setup.ini.txt, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\version.txt, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\xpi\install.rdf, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\xpi\defaults\preferences\defaults.js, , [9294a2834e2d1b1b9dfb98b98a78b44c],
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 1.4.2014
Scan Time: 12:44:52
Logfile: Malwarebytes Anti-Malware.lnk 1.txt
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.04.01.02
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Petra
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 255210
Time Elapsed: 13 min, 0 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 4
PUP.Optional.LemurLeap.A, HKU\S-1-5-21-3808252141-163001717-3248989872-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{415419C3-DAD0-4DF1-AC37-22C72AD81878}, , [fc2a29fcf289b3831e95000b758df10f],
PUP.Optional.LemurLeap.A, HKU\S-1-5-21-3808252141-163001717-3248989872-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{415419C3-DAD0-4DF1-AC37-22C72AD81878}, , [fc2a29fcf289b3831e95000b758df10f],
PUP.Optional.LemurLeap.A, HKLM\SOFTWARE\LemurLeap, , [c165a97c8bf0c17527ea8ff9f60dda26],
PUP.Optional.LemurLeap.A, HKU\S-1-5-21-3808252141-163001717-3248989872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LemurLeap, , [5bcbd84d6f0c1f17d65fd9a88f74b14f],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\xpi, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\xpi\defaults, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\xpi\defaults\preferences, , [9294a2834e2d1b1b9dfb98b98a78b44c],
Files: 16
PUP.Optional.Somoto.A, C:\Users\Petra\AppData\Local\Temp\nsl925.tmp, , [21058a9b1269f046c7ea1af5b9486997],
PUP.Optional.LemurLeap.A, C:\Users\Petra\AppData\Local\Temp\LemurLeap_sm.exe, , [57cf49dc5f1c56e034a310cc53b03fc1],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\ctbe.exe, , [b274fa2b1a6160d6f28c63bbcc345ea2],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\ffLogic.exe, , [28fe7fa6255644f24a1e0212e02139c7],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\statisticsStub.exe, , [f82e57ceec8f40f624c90ef07789fb05],
PUP.Optional.OpenCandy, C:\Users\Tonik\Downloads\winamp565_full_emusic-7plus_all.exe, , [1e0831f4cdaeab8b5578d8595fa557a9],
PUP.Optional.Somoto.A, C:\Users\Petra\AppData\Local\Application Data\Bundled software uninstaller\bi_client.exe, , [45e16abbea91d462258ca26ded1414ec],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [ab7b31f45b2046f0085d78088e75b14f],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\chromeid.txt, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\conduit.xml, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\CT1750559.xpi, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\ddt.csf, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\setup.ini.txt, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\version.txt, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\xpi\install.rdf, , [9294a2834e2d1b1b9dfb98b98a78b44c],
PUP.Optional.Conduit.A, C:\Users\Petra\AppData\Local\Temp\CT1750559\xpi\defaults\preferences\defaults.js, , [9294a2834e2d1b1b9dfb98b98a78b44c],
Physical Sectors: 0
(No malicious items detected)
(end)
Re: prosim o kontrolu logu.vyskakujici reklamy.
Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test zopakujte. Napiste, jestli neco nasel, podle toho zvolim dalsi postup.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: prosim o kontrolu logu.vyskakujici reklamy.
zdravim,tak malware uz nic nenasel.
Re: prosim o kontrolu logu.vyskakujici reklamy.
Fajn, tak ho odinstalujte. Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: prosim o kontrolu logu.vyskakujici reklamy.
zdravim,omlouvam se za zpozdeni.zde je log:
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Petra [Práva správce]
Mód : Kontrola -- Datum : 04/03/2014 22:47:04
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\18917libfoxloader.dll [x] -> ODEBRÁNO
[SUSP PATH] szndesktop.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-3808252141-163001717-3248989872-1000\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-3808252141-163001717-3248989872-1000\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F309AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F249A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F50731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F26395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F308ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F294AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F26A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F535E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F253E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F251BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F24EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F263E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2FCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F506CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F24BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F304BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F305DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2BF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F27C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2FF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F523B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F286E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F306E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F33611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F339D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F522E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F53172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F529C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F31081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F33CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F260AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F285B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F273D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F53296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5068D)
[Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABCF9D)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE000)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE029)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE049)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD2A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEA9A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEABD)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEAE0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE9D3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE9F6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEA1F)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEA71)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEA48)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD845)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE9AA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD822)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD9A2)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD868)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD8DA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC74)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE9D3)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC05)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDB87)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDB5E)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD9A2)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDB32)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDBDC)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDBB3)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD2A)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD88E)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD8DA)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD8B7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD9C5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB03)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDFB7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDB06)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDA17)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD9E5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDADD)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDA71)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7FC)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC25)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDCFE)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD822)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC48)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC25)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7FC)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD91D)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE981)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC74)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC97)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB75)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7AA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7D3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE958)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC25)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE9AA)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD88E)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE981)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD8FD)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC25)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDCC7)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD557)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD580)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD6BA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD6E6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD656)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD62D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD52E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD68B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD4D9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD4A1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD466)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD42E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD5D2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD70C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_ProxTÕ Õø"UÿÿÿÿÕtDJ)TÕ j) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD732)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD505)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDADD)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD781)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD758)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD5A9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC25)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDFB7)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD822)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE049)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD8DA)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDFDA)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD96C)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD88E)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD845)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD9A2)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB75)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD943)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD822)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD91D)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB03)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD50)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB26)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD50)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD73)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDDB8)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDF8D)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDE8C)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB52)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD02B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE61D)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD0EC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD2E0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD217)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE072)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE1B4)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD99)
[Address] EAT @explorer.exe (DllCanUnloadNow) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71712B3B)
[Address] EAT @explorer.exe (DllGetClassObject) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172188E)
[Address] EAT @explorer.exe (DllGetVersion) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71712982)
[Address] EAT @explorer.exe (DllRegisterServer) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717A7DC5)
[Address] EAT @explorer.exe (DllUnregisterServer) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717A818F)
[Address] EAT @explorer.exe (Migrate10CachedPackagesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AC744)
[Address] EAT @explorer.exe (Migrate10CachedPackagesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AE1AC)
[Address] EAT @explorer.exe (MsiAdvertiseProductA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B257F)
[Address] EAT @explorer.exe (MsiAdvertiseProductExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B27D7)
[Address] EAT @explorer.exe (MsiAdvertiseProductExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AD6C1)
[Address] EAT @explorer.exe (MsiAdvertiseProductW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AD46F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B8A3F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BB641)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C5903)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1057)
[Address] EAT @explorer.exe (MsiApplyPatchA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B2D5D)
[Address] EAT @explorer.exe (MsiApplyPatchW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AD943)
[Address] EAT @explorer.exe (MsiBeginTransactionA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C9441)
[Address] EAT @explorer.exe (MsiBeginTransactionW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C39D4)
[Address] EAT @explorer.exe (MsiCloseAllHandles) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D00C3)
[Address] EAT @explorer.exe (MsiCloseHandle) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0015)
[Address] EAT @explorer.exe (MsiCollectUserInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1C3A)
[Address] EAT @explorer.exe (MsiCollectUserInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AD16F)
[Address] EAT @explorer.exe (MsiConfigureFeatureA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1D5A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BD70A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BE41B)
[Address] EAT @explorer.exe (MsiConfigureFeatureW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AD2B7)
[Address] EAT @explorer.exe (MsiConfigureProductA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF256)
[Address] EAT @explorer.exe (MsiConfigureProductExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BDACA)
[Address] EAT @explorer.exe (MsiConfigureProductExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BE891)
[Address] EAT @explorer.exe (MsiConfigureProductW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF581)
[Address] EAT @explorer.exe (MsiCreateAndVerifyInstallerDirectory) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172B2E1)
[Address] EAT @explorer.exe (MsiCreateRecord) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1514)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D55D1)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D48EF)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D48A9)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1397)
[Address] EAT @explorer.exe (MsiDatabaseCommit) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0DEB)
[Address] EAT @explorer.exe (MsiDatabaseExportA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D4792)
[Address] EAT @explorer.exe (MsiDatabaseExportW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1008)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D485D)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1270)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D45FD)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3C54)
[Address] EAT @explorer.exe (MsiDatabaseImportA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D472E)
[Address] EAT @explorer.exe (MsiDatabaseImportW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0F1E)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D4643)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0C8F)
[Address] EAT @explorer.exe (MsiDatabaseMergeA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D4817)
[Address] EAT @explorer.exe (MsiDatabaseMergeW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1111)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D45B7)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D02B7)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BDA7B)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71706286)
[Address] EAT @explorer.exe (MsiDeleteUserDataA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BA367)
[Address] EAT @explorer.exe (MsiDeleteUserDataW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B69EB)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717CD4C5)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717CC559)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717CD9D9)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717CC9E1)
[Address] EAT @explorer.exe (MsiDoActionA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D613D)
[Address] EAT @explorer.exe (MsiDoActionW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2D61)
[Address] EAT @explorer.exe (MsiEnableLogA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B189B)
[Address] EAT @explorer.exe (MsiEnableLogW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AFBE9)
[Address] EAT @explorer.exe (MsiEnableUIPreview) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D39CD)
[Address] EAT @explorer.exe (MsiEndTransaction) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C3E11)
[Address] EAT @explorer.exe (MsiEnumClientsA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172EC96)
[Address] EAT @explorer.exe (MsiEnumClientsExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C5D6E)
[Address] EAT @explorer.exe (MsiEnumClientsExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C13A7)
[Address] EAT @explorer.exe (MsiEnumClientsW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71713647)
[Address] EAT @explorer.exe (MsiEnumComponentCostsA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7847)
[Address] EAT @explorer.exe (MsiEnumComponentCostsW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7A95)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BCD6D)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7171384D)
[Address] EAT @explorer.exe (MsiEnumComponentsA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B91B9)
[Address] EAT @explorer.exe (MsiEnumComponentsExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C5B08)
[Address] EAT @explorer.exe (MsiEnumComponentsExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C121D)
[Address] EAT @explorer.exe (MsiEnumComponentsW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BBA57)
[Address] EAT @explorer.exe (MsiEnumFeaturesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B9C04)
[Address] EAT @explorer.exe (MsiEnumFeaturesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BC259)
[Address] EAT @explorer.exe (MsiEnumPatchesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C97EB)
[Address] EAT @explorer.exe (MsiEnumPatchesExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C4897)
[Address] EAT @explorer.exe (MsiEnumPatchesExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C0E79)
[Address] EAT @explorer.exe (MsiEnumPatchesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C468E)
[Address] EAT @explorer.exe (MsiEnumProductsA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B9175)
[Address] EAT @explorer.exe (MsiEnumProductsExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C6313)
[Address] EAT @explorer.exe (MsiEnumProductsExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1729)
[Address] EAT @explorer.exe (MsiEnumProductsW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7171559D)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B9109)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BB9EB)
[Address] EAT @explorer.exe (MsiEvaluateConditionA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D61C6)
[Address] EAT @explorer.exe (MsiEvaluateConditionW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D30C1)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C4FAE)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C4C22)
[Address] EAT @explorer.exe (MsiFormatRecordA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2A73)
[Address] EAT @explorer.exe (MsiFormatRecordW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2BF9)
[Address] EAT @explorer.exe (MsiGetActiveDatabase) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2639)
[Address] EAT @explorer.exe (MsiGetComponentPathA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BEEBD)
[Address] EAT @explorer.exe (MsiGetComponentPathExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C6053)
[Address] EAT @explorer.exe (MsiGetComponentPathExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1559)
[Address] EAT @explorer.exe (MsiGetComponentPathW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717062DD)
[Address] EAT @explorer.exe (MsiGetComponentStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D71E3)
[Address] EAT @explorer.exe (MsiGetComponentStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D72DC)
[Address] EAT @explorer.exe (MsiGetDatabaseState) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0ED9)
[Address] EAT @explorer.exe (MsiGetFeatureCostA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D75FD)
[Address] EAT @explorer.exe (MsiGetFeatureCostW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7702)
[Address] EAT @explorer.exe (MsiGetFeatureInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B0D1A)
[Address] EAT @explorer.exe (MsiGetFeatureInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AF5EE)
[Address] EAT @explorer.exe (MsiGetFeatureStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6CD5)
[Address] EAT @explorer.exe (MsiGetFeatureStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6DC3)
[Address] EAT @explorer.exe (MsiGetFeatureUsageA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BA111)
[Address] EAT @explorer.exe (MsiGetFeatureUsageW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BC9BD)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7CC5)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D36EC)
[Address] EAT @explorer.exe (MsiGetFileHashA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1214)
[Address] EAT @explorer.exe (MsiGetFileHashW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACA49)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B128C)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACA9F)
[Address] EAT @explorer.exe (MsiGetFileVersionA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B0EF8)
[Address] EAT @explorer.exe (MsiGetFileVersionW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B3D2F)
[Address] EAT @explorer.exe (MsiGetLanguage) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2727)
[Address] EAT @explorer.exe (MsiGetLastErrorRecord) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1D69)
[Address] EAT @explorer.exe (MsiGetMode) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D279F)
[Address] EAT @explorer.exe (MsiGetPatchFileListA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717CD25D)
[Address] EAT @explorer.exe (MsiGetPatchFileListW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C8B6E)
[Address] EAT @explorer.exe (MsiGetPatchInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BA24F)
[Address] EAT @explorer.exe (MsiGetPatchInfoExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C55E9)
[Address] EAT @explorer.exe (MsiGetPatchInfoExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C5177)
[Address] EAT @explorer.exe (MsiGetPatchInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BCAFB)
[Address] EAT @explorer.exe (MsiGetProductCodeA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172EADC)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BED5F)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF353)
[Address] EAT @explorer.exe (MsiGetProductCodeW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172EE6C)
[Address] EAT @explorer.exe (MsiGetProductInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BD362)
[Address] EAT @explorer.exe (MsiGetProductInfoExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C65DE)
[Address] EAT @explorer.exe (MsiGetProductInfoExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C18FF)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B0880)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AF132)
[Address] EAT @explorer.exe (MsiGetProductInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71714273)
[Address] EAT @explorer.exe (MsiGetProductPropertyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B0B90)
[Address] EAT @explorer.exe (MsiGetProductPropertyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AF48B)
[Address] EAT @explorer.exe (MsiGetPropertyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D596D)
[Address] EAT @explorer.exe (MsiGetPropertyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D5BA3)
[Address] EAT @explorer.exe (MsiGetShortcutTargetA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B2A58)
[Address] EAT @explorer.exe (MsiGetShortcutTargetW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B4689)
[Address] EAT @explorer.exe (MsiGetSourcePathA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6209)
[Address] EAT @explorer.exe (MsiGetSourcePathW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D640D)
[Address] EAT @explorer.exe (MsiGetSummaryInformationA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D58BD)
[Address] EAT @explorer.exe (MsiGetSummaryInformationW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D4293)
[Address] EAT @explorer.exe (MsiGetTargetPathA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D65F5)
[Address] EAT @explorer.exe (MsiGetTargetPathW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D67F9)
[Address] EAT @explorer.exe (MsiGetUserInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B91FE)
[Address] EAT @explorer.exe (MsiGetUserInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172E466)
[Address] EAT @explorer.exe (MsiInstallMissingComponentA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B22C7)
[Address] EAT @explorer.exe (MsiInstallMissingComponentW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B43D9)
[Address] EAT @explorer.exe (MsiInstallMissingFileA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B2067)
[Address] EAT @explorer.exe (MsiInstallMissingFileW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B4179)
[Address] EAT @explorer.exe (MsiInstallProductA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B197E)
[Address] EAT @explorer.exe (MsiInstallProductW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACE4B)
[Address] EAT @explorer.exe (MsiInvalidateFeatureCache) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7176D1D3)
[Address] EAT @explorer.exe (MsiIsProductElevatedA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B3306)
[Address] EAT @explorer.exe (MsiIsProductElevatedW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B4A5D)
[Address] EAT @explorer.exe (MsiJoinTransaction) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C3FEB)
[Address] EAT @explorer.exe (MsiLoadStringA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B141F)
[Address] EAT @explorer.exe (MsiLoadStringW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7171AE09)
[Address] EAT @explorer.exe (MsiLocateComponentA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF19F)
[Address] EAT @explorer.exe (MsiLocateComponentW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF4CA)
[Address] EAT @explorer.exe (MsiMessageBoxA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B16DA)
[Address] EAT @explorer.exe (MsiMessageBoxExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1528)
[Address] EAT @explorer.exe (MsiMessageBoxExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACCB1)
[Address] EAT @explorer.exe (MsiMessageBoxW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACE24)
[Address] EAT @explorer.exe (MsiNotifySidChangeA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BA306)
[Address] EAT @explorer.exe (MsiNotifySidChangeW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B501B)
[Address] EAT @explorer.exe (MsiOpenDatabaseA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D4691)
[Address] EAT @explorer.exe (MsiOpenDatabaseW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3D8D)
[Address] EAT @explorer.exe (MsiOpenPackageA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AEDC0)
[Address] EAT @explorer.exe (MsiOpenPackageExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AC63E)
[Address] EAT @explorer.exe (MsiOpenPackageExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AC8E9)
[Address] EAT @explorer.exe (MsiOpenPackageW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AF7AB)
[Address] EAT @explorer.exe (MsiOpenProductA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B8BF2)
[Address] EAT @explorer.exe (MsiOpenProductW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BB857)
[Address] EAT @explorer.exe (MsiPreviewBillboardA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7D4E)
[Address] EAT @explorer.exe (MsiPreviewBillboardW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3AEA)
[Address] EAT @explorer.exe (MsiPreviewDialogA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7D0B)
[Address] EAT @explorer.exe (MsiPreviewDialogW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3A96)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BCBB2)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BDF39)
[Address] EAT @explorer.exe (MsiProcessMessage) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2F51)
[Address] EAT @explorer.exe (MsiProvideAssemblyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BFD5D)
[Address] EAT @explorer.exe (MsiProvideAssemblyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C0765)
[Address] EAT @explorer.exe (MsiProvideComponentA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF7B9)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BFAB3)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71714F84)
[Address] EAT @explorer.exe (MsiProvideComponentW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C030C)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172C385)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172D411)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71708A47)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71708C86)
[Address] EAT @explorer.exe (MsiQueryComponentStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C687C)
[Address] EAT @explorer.exe (MsiQueryComponentStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1AE1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF6F1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C6A94)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1CD9)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BFC02)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C057D)
[Address] EAT @explorer.exe (MsiQueryFeatureStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7170617D)
[Address] EAT @explorer.exe (MsiQueryProductStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BD45D)
[Address] EAT @explorer.exe (MsiQueryProductStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717149FE)
[Address] EAT @explorer.exe (MsiRecordClearData) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1D27)
[Address] EAT @explorer.exe (MsiRecordDataSize) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D16E5)
[Address] EAT @explorer.exe (MsiRecordGetFieldCount) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1916)
[Address] EAT @explorer.exe (MsiRecordGetInteger) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D18B5)
[Address] EAT @explorer.exe (MsiRecordGetStringA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3F1D)
[Address] EAT @explorer.exe (MsiRecordGetStringW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D40CC)
[Address] EAT @explorer.exe (MsiRecordIsNull) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D15F5)
[Address] EAT @explorer.exe (MsiRecordReadStream) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1B6D)
[Address] EAT @explorer.exe (MsiRecordSetInteger) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D17C2)
[Address] EAT @explorer.exe (MsiRecordSetStreamA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D5877)
[Address] EAT @explorer.exe (MsiRecordSetStreamW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1A03)
[Address] EAT @explorer.exe (MsiRecordSetStringA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D561D)
[Address] EAT @explorer.exe (MsiRecordSetStringW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D572E)
[Address] EAT @explorer.exe (MsiReinstallFeatureA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1EDE)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BD8C2)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BE657)
[Address] EAT @explorer.exe (MsiReinstallFeatureW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71718C24)
[Address] EAT @explorer.exe (MsiReinstallProductA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1AFE)
[Address] EAT @explorer.exe (MsiReinstallProductW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACFF1)
[Address] EAT @explorer.exe (MsiRemovePatchesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C9606)
[Address] EAT @explorer.exe (MsiRemovePatchesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C3702)
[Address] EAT @explorer.exe (MsiSequenceA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6180)
[Address] EAT @explorer.exe (MsiSequenceW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2E4B)
[Address] EAT @explorer.exe (MsiSetComponentStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D73EB)
[Address] EAT @explorer.exe (MsiSetComponentStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D74E5)
[Address] EAT @explorer.exe (MsiSetExternalUIA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AC72F)
[Address] EAT @explorer.exe (MsiSetExternalUIRecord) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C336B)
[Address] EAT @explorer.exe (MsiSetExternalUIW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71714E86)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7001)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D70B4)
[Address] EAT @explorer.exe (MsiSetFeatureStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6E2D)
[Address] EAT @explorer.exe (MsiSetFeatureStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6EDF)
[Address] EAT @explorer.exe (MsiSetInstallLevel) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3424)
[Address] EAT @explorer.exe (MsiSetInternalUI) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71714FE6)
[Address] EAT @explorer.exe (MsiSetMode) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D28BB)
[Address] EAT @explorer.exe (MsiSetOfflineContextW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D8485)
[Address] EAT @explorer.exe (MsiSetPropertyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D5DC1)
[Address] EAT @explorer.exe (MsiSetPropertyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D5F85)
[Address] EAT @explorer.exe (MsiSetTargetPathA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D69DD)
[Address] EAT @explorer.exe (MsiSetTargetPathW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6B61)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7136)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2165)
[Address] EAT @explorer.exe (MsiSourceListAddSourceA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B3037)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C6F13)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1F43)
[Address] EAT @explorer.exe (MsiSourceListAddSourceW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ADC51)
[Address] EAT @explorer.exe (MsiSourceListClearAllA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B2EF0)
[Address] EAT @explorer.exe (MsiSourceListClearAllExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7875)
[Address] EAT @explorer.exe (MsiSourceListClearAllExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C281B)
[Address] EAT @explorer.exe (MsiSourceListClearAllW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ADAEB)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C764A)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C260D)
[Address] EAT @explorer.exe (MsiSourceListClearSourceA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7436)
[Address] EAT @explorer.exe (MsiSourceListClearSourceW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2405)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C834E)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C31B5)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7C4B)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2C07)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B31B8)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7A6C)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2A09)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ADDDB)
[Address] EAT @explorer.exe (MsiSourceListGetInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7E30)
[Address] EAT @explorer.exe (MsiSourceListGetInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2DB5)
[Address] EAT @explorer.exe (MsiSourceListSetInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C80F8)
[Address] EAT @explorer.exe (MsiSourceListSetInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2FAB)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D21B9)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyCount) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1E3D)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D238B)
[Address] EAT @explorer.exe (MsiSummaryInfoPersist) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2551)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D5906)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1F2B)
[Address] EAT @explorer.exe (MsiUseFeatureA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C0D83)
[Address] EAT @explorer.exe (MsiUseFeatureExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF9E8)
[Address] EAT @explorer.exe (MsiUseFeatureExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71714D3A)
[Address] EAT @explorer.exe (MsiUseFeatureW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C0DA0)
[Address] EAT @explorer.exe (MsiVerifyDiskSpace) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3863)
[Address] EAT @explorer.exe (MsiVerifyPackageA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B07AA)
[Address] EAT @explorer.exe (MsiVerifyPackageW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AF097)
[Address] EAT @explorer.exe (MsiViewClose) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0BAF)
[Address] EAT @explorer.exe (MsiViewExecute) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D070F)
[Address] EAT @explorer.exe (MsiViewFetch) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0833)
[Address] EAT @explorer.exe (MsiViewGetColumnInfo) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0A91)
[Address] EAT @explorer.exe (MsiViewGetErrorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D03F1)
[Address] EAT @explorer.exe (MsiViewGetErrorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D05CE)
[Address] EAT @explorer.exe (MsiViewModify) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D093F)
[Address] EAT @explorer.exe (QueryInstanceCount) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71712B2A)
[Address] EAT @firefox.exe (BeginBufferedAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F309AE)
[Address] EAT @firefox.exe (BeginBufferedPaint) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F249A1)
[Address] EAT @firefox.exe (BeginPanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F50731)
[Address] EAT @firefox.exe (BufferedPaintClear) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F26395)
[Address] EAT @firefox.exe (BufferedPaintInit) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2940E)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F308ED)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3E6B3)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3D395)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F294AB)
[Address] EAT @firefox.exe (CloseThemeData) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F26A18)
[Address] EAT @firefox.exe (DrawThemeBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23982)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3D9DA)
[Address] EAT @firefox.exe (DrawThemeEdge) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43B52)
[Address] EAT @firefox.exe (DrawThemeIcon) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F535E7)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F253E5)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F251BF)
[Address] EAT @firefox.exe (DrawThemeText) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F24EA1)
[Address] EAT @firefox.exe (DrawThemeTextEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F263E6)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2FCAF)
[Address] EAT @firefox.exe (EnableTheming) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52FEB)
[Address] EAT @firefox.exe (EndBufferedAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23F9A)
[Address] EAT @firefox.exe (EndBufferedPaint) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23F9A)
[Address] EAT @firefox.exe (EndPanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F506CC)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F24BAF)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F304BC)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30473)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52E7F)
[Address] EAT @firefox.exe (GetCurrentThemeName) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F305DD)
[Address] EAT @firefox.exe (GetThemeAppProperties) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30FB1)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2CD2E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F8BF)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3165D)
[Address] EAT @firefox.exe (GetThemeBitmap) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2BF93)
[Address] EAT @firefox.exe (GetThemeBool) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F27C1F)
[Address] EAT @firefox.exe (GetThemeColor) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52932)
[Address] EAT @firefox.exe (GetThemeEnumValue) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @firefox.exe (GetThemeFilename) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52412)
[Address] EAT @firefox.exe (GetThemeFont) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2FF21)
[Address] EAT @firefox.exe (GetThemeInt) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @firefox.exe (GetThemeIntList) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F523B1)
[Address] EAT @firefox.exe (GetThemeMargins) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F286E9)
[Address] EAT @firefox.exe (GetThemeMetric) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F306E2)
[Address] EAT @firefox.exe (GetThemePartSize) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2CDB1)
[Address] EAT @firefox.exe (GetThemePosition) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52350)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43FBB)
[Address] EAT @firefox.exe (GetThemeRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F33611)
[Address] EAT @firefox.exe (GetThemeStream) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F339D9)
[Address] EAT @firefox.exe (GetThemeString) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F522E4)
[Address] EAT @firefox.exe (GetThemeSysBool) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F53172)
[Address] EAT @firefox.exe (GetThemeSysColor) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43274)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5301E)
[Address] EAT @firefox.exe (GetThemeSysFont) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F529C4)
[Address] EAT @firefox.exe (GetThemeSysInt) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52BD3)
[Address] EAT @firefox.exe (GetThemeSysSize) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5320B)
[Address] EAT @firefox.exe (GetThemeSysString) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52B3F)
[Address] EAT @firefox.exe (GetThemeTextExtent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22D57)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F992)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F31081)
[Address] EAT @firefox.exe (GetWindowTheme) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2DF46)
[Address] EAT @firefox.exe (HitTestThemeBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F33CE3)
[Address] EAT @firefox.exe (IsAppThemed) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F869)
[Address] EAT @firefox.exe (IsCompositionActive) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22E9A)
[Address] EAT @firefox.exe (IsThemeActive) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F785)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F260AB)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5312B)
[Address] EAT @firefox.exe (IsThemePartDefined) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F285B4)
[Address] EAT @firefox.exe (OpenThemeData) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F273D2)
[Address] EAT @firefox.exe (OpenThemeDataEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43D43)
[Address] EAT @firefox.exe (SetThemeAppProperties) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F53296)
[Address] EAT @firefox.exe (SetWindowTheme) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30134)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3CFE6)
[Address] EAT @firefox.exe (ThemeInitApiHook) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2B176)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5068D)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500418AS ATA Device +++++
--- User ---
[MBR] e262884ec21d4d7498454357d36fa09c
[BSP] e4ce95cf81ea7fb8546c9a79433e5f3a : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465238 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955267072 | Size: 10500 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB2.0 CF CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) USB2.0 SM CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) USB2.0 SD CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) USB2.0 MS CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
Dokončeno : << RKreport[0]_S_04032014_224704.txt >>
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Petra [Práva správce]
Mód : Kontrola -- Datum : 04/03/2014 22:47:04
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\18917libfoxloader.dll [x] -> ODEBRÁNO
[SUSP PATH] szndesktop.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-3808252141-163001717-3248989872-1000\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-3808252141-163001717-3248989872-1000\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F309AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F249A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F50731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F26395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F308ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F294AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F26A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F535E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F253E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F251BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F24EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F263E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2FCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F506CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F24BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F304BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F305DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2BF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F27C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2FF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F523B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F286E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F306E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F33611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F339D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F522E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F53172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F529C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F31081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F33CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F260AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F285B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F273D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F53296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5068D)
[Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABCF9D)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE000)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE029)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE049)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD2A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEA9A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEABD)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEAE0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE9D3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE9F6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEA1F)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEA71)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEA48)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD845)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE9AA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD822)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD9A2)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD868)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD8DA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC74)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE9D3)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC05)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDB87)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDB5E)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD9A2)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDB32)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDBDC)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDBB3)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD2A)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD88E)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD8DA)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD8B7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD9C5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB03)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDFB7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDB06)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDA17)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD9E5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDADD)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDA71)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7FC)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC25)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDCFE)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD822)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC48)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC25)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7FC)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD91D)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE981)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC74)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC97)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB75)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7AA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7D3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE958)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC25)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE9AA)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD88E)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE981)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD8FD)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC25)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDCC7)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD557)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD580)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD6BA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD6E6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD656)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD62D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD52E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD68B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD4D9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD4A1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD466)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD42E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD5D2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD70C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_ProxTÕ Õø"UÿÿÿÿÕtDJ)TÕ j) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD732)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD505)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDADD)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD781)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD758)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD5A9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDC25)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDFB7)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD822)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE049)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD8DA)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDFDA)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD96C)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD88E)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD845)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD9A2)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB75)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD943)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD822)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD91D)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB03)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD50)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB26)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD50)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD73)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDDB8)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDF8D)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDE8C)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABEB52)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD02B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE61D)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD0EC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD2E0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABD217)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE072)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABE1B4)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73ABDD99)
[Address] EAT @explorer.exe (DllCanUnloadNow) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71712B3B)
[Address] EAT @explorer.exe (DllGetClassObject) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172188E)
[Address] EAT @explorer.exe (DllGetVersion) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71712982)
[Address] EAT @explorer.exe (DllRegisterServer) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717A7DC5)
[Address] EAT @explorer.exe (DllUnregisterServer) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717A818F)
[Address] EAT @explorer.exe (Migrate10CachedPackagesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AC744)
[Address] EAT @explorer.exe (Migrate10CachedPackagesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AE1AC)
[Address] EAT @explorer.exe (MsiAdvertiseProductA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B257F)
[Address] EAT @explorer.exe (MsiAdvertiseProductExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B27D7)
[Address] EAT @explorer.exe (MsiAdvertiseProductExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AD6C1)
[Address] EAT @explorer.exe (MsiAdvertiseProductW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AD46F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B8A3F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BB641)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C5903)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1057)
[Address] EAT @explorer.exe (MsiApplyPatchA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B2D5D)
[Address] EAT @explorer.exe (MsiApplyPatchW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AD943)
[Address] EAT @explorer.exe (MsiBeginTransactionA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C9441)
[Address] EAT @explorer.exe (MsiBeginTransactionW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C39D4)
[Address] EAT @explorer.exe (MsiCloseAllHandles) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D00C3)
[Address] EAT @explorer.exe (MsiCloseHandle) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0015)
[Address] EAT @explorer.exe (MsiCollectUserInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1C3A)
[Address] EAT @explorer.exe (MsiCollectUserInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AD16F)
[Address] EAT @explorer.exe (MsiConfigureFeatureA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1D5A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BD70A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BE41B)
[Address] EAT @explorer.exe (MsiConfigureFeatureW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AD2B7)
[Address] EAT @explorer.exe (MsiConfigureProductA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF256)
[Address] EAT @explorer.exe (MsiConfigureProductExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BDACA)
[Address] EAT @explorer.exe (MsiConfigureProductExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BE891)
[Address] EAT @explorer.exe (MsiConfigureProductW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF581)
[Address] EAT @explorer.exe (MsiCreateAndVerifyInstallerDirectory) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172B2E1)
[Address] EAT @explorer.exe (MsiCreateRecord) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1514)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D55D1)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D48EF)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D48A9)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1397)
[Address] EAT @explorer.exe (MsiDatabaseCommit) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0DEB)
[Address] EAT @explorer.exe (MsiDatabaseExportA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D4792)
[Address] EAT @explorer.exe (MsiDatabaseExportW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1008)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D485D)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1270)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D45FD)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3C54)
[Address] EAT @explorer.exe (MsiDatabaseImportA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D472E)
[Address] EAT @explorer.exe (MsiDatabaseImportW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0F1E)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D4643)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0C8F)
[Address] EAT @explorer.exe (MsiDatabaseMergeA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D4817)
[Address] EAT @explorer.exe (MsiDatabaseMergeW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1111)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D45B7)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D02B7)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BDA7B)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71706286)
[Address] EAT @explorer.exe (MsiDeleteUserDataA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BA367)
[Address] EAT @explorer.exe (MsiDeleteUserDataW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B69EB)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717CD4C5)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717CC559)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717CD9D9)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717CC9E1)
[Address] EAT @explorer.exe (MsiDoActionA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D613D)
[Address] EAT @explorer.exe (MsiDoActionW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2D61)
[Address] EAT @explorer.exe (MsiEnableLogA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B189B)
[Address] EAT @explorer.exe (MsiEnableLogW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AFBE9)
[Address] EAT @explorer.exe (MsiEnableUIPreview) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D39CD)
[Address] EAT @explorer.exe (MsiEndTransaction) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C3E11)
[Address] EAT @explorer.exe (MsiEnumClientsA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172EC96)
[Address] EAT @explorer.exe (MsiEnumClientsExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C5D6E)
[Address] EAT @explorer.exe (MsiEnumClientsExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C13A7)
[Address] EAT @explorer.exe (MsiEnumClientsW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71713647)
[Address] EAT @explorer.exe (MsiEnumComponentCostsA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7847)
[Address] EAT @explorer.exe (MsiEnumComponentCostsW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7A95)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BCD6D)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7171384D)
[Address] EAT @explorer.exe (MsiEnumComponentsA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B91B9)
[Address] EAT @explorer.exe (MsiEnumComponentsExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C5B08)
[Address] EAT @explorer.exe (MsiEnumComponentsExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C121D)
[Address] EAT @explorer.exe (MsiEnumComponentsW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BBA57)
[Address] EAT @explorer.exe (MsiEnumFeaturesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B9C04)
[Address] EAT @explorer.exe (MsiEnumFeaturesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BC259)
[Address] EAT @explorer.exe (MsiEnumPatchesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C97EB)
[Address] EAT @explorer.exe (MsiEnumPatchesExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C4897)
[Address] EAT @explorer.exe (MsiEnumPatchesExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C0E79)
[Address] EAT @explorer.exe (MsiEnumPatchesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C468E)
[Address] EAT @explorer.exe (MsiEnumProductsA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B9175)
[Address] EAT @explorer.exe (MsiEnumProductsExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C6313)
[Address] EAT @explorer.exe (MsiEnumProductsExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1729)
[Address] EAT @explorer.exe (MsiEnumProductsW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7171559D)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B9109)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BB9EB)
[Address] EAT @explorer.exe (MsiEvaluateConditionA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D61C6)
[Address] EAT @explorer.exe (MsiEvaluateConditionW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D30C1)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C4FAE)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C4C22)
[Address] EAT @explorer.exe (MsiFormatRecordA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2A73)
[Address] EAT @explorer.exe (MsiFormatRecordW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2BF9)
[Address] EAT @explorer.exe (MsiGetActiveDatabase) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2639)
[Address] EAT @explorer.exe (MsiGetComponentPathA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BEEBD)
[Address] EAT @explorer.exe (MsiGetComponentPathExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C6053)
[Address] EAT @explorer.exe (MsiGetComponentPathExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1559)
[Address] EAT @explorer.exe (MsiGetComponentPathW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717062DD)
[Address] EAT @explorer.exe (MsiGetComponentStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D71E3)
[Address] EAT @explorer.exe (MsiGetComponentStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D72DC)
[Address] EAT @explorer.exe (MsiGetDatabaseState) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0ED9)
[Address] EAT @explorer.exe (MsiGetFeatureCostA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D75FD)
[Address] EAT @explorer.exe (MsiGetFeatureCostW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7702)
[Address] EAT @explorer.exe (MsiGetFeatureInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B0D1A)
[Address] EAT @explorer.exe (MsiGetFeatureInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AF5EE)
[Address] EAT @explorer.exe (MsiGetFeatureStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6CD5)
[Address] EAT @explorer.exe (MsiGetFeatureStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6DC3)
[Address] EAT @explorer.exe (MsiGetFeatureUsageA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BA111)
[Address] EAT @explorer.exe (MsiGetFeatureUsageW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BC9BD)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7CC5)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D36EC)
[Address] EAT @explorer.exe (MsiGetFileHashA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1214)
[Address] EAT @explorer.exe (MsiGetFileHashW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACA49)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B128C)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACA9F)
[Address] EAT @explorer.exe (MsiGetFileVersionA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B0EF8)
[Address] EAT @explorer.exe (MsiGetFileVersionW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B3D2F)
[Address] EAT @explorer.exe (MsiGetLanguage) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2727)
[Address] EAT @explorer.exe (MsiGetLastErrorRecord) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1D69)
[Address] EAT @explorer.exe (MsiGetMode) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D279F)
[Address] EAT @explorer.exe (MsiGetPatchFileListA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717CD25D)
[Address] EAT @explorer.exe (MsiGetPatchFileListW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C8B6E)
[Address] EAT @explorer.exe (MsiGetPatchInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BA24F)
[Address] EAT @explorer.exe (MsiGetPatchInfoExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C55E9)
[Address] EAT @explorer.exe (MsiGetPatchInfoExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C5177)
[Address] EAT @explorer.exe (MsiGetPatchInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BCAFB)
[Address] EAT @explorer.exe (MsiGetProductCodeA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172EADC)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BED5F)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF353)
[Address] EAT @explorer.exe (MsiGetProductCodeW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172EE6C)
[Address] EAT @explorer.exe (MsiGetProductInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BD362)
[Address] EAT @explorer.exe (MsiGetProductInfoExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C65DE)
[Address] EAT @explorer.exe (MsiGetProductInfoExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C18FF)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B0880)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AF132)
[Address] EAT @explorer.exe (MsiGetProductInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71714273)
[Address] EAT @explorer.exe (MsiGetProductPropertyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B0B90)
[Address] EAT @explorer.exe (MsiGetProductPropertyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AF48B)
[Address] EAT @explorer.exe (MsiGetPropertyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D596D)
[Address] EAT @explorer.exe (MsiGetPropertyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D5BA3)
[Address] EAT @explorer.exe (MsiGetShortcutTargetA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B2A58)
[Address] EAT @explorer.exe (MsiGetShortcutTargetW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B4689)
[Address] EAT @explorer.exe (MsiGetSourcePathA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6209)
[Address] EAT @explorer.exe (MsiGetSourcePathW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D640D)
[Address] EAT @explorer.exe (MsiGetSummaryInformationA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D58BD)
[Address] EAT @explorer.exe (MsiGetSummaryInformationW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D4293)
[Address] EAT @explorer.exe (MsiGetTargetPathA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D65F5)
[Address] EAT @explorer.exe (MsiGetTargetPathW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D67F9)
[Address] EAT @explorer.exe (MsiGetUserInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B91FE)
[Address] EAT @explorer.exe (MsiGetUserInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172E466)
[Address] EAT @explorer.exe (MsiInstallMissingComponentA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B22C7)
[Address] EAT @explorer.exe (MsiInstallMissingComponentW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B43D9)
[Address] EAT @explorer.exe (MsiInstallMissingFileA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B2067)
[Address] EAT @explorer.exe (MsiInstallMissingFileW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B4179)
[Address] EAT @explorer.exe (MsiInstallProductA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B197E)
[Address] EAT @explorer.exe (MsiInstallProductW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACE4B)
[Address] EAT @explorer.exe (MsiInvalidateFeatureCache) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7176D1D3)
[Address] EAT @explorer.exe (MsiIsProductElevatedA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B3306)
[Address] EAT @explorer.exe (MsiIsProductElevatedW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B4A5D)
[Address] EAT @explorer.exe (MsiJoinTransaction) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C3FEB)
[Address] EAT @explorer.exe (MsiLoadStringA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B141F)
[Address] EAT @explorer.exe (MsiLoadStringW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7171AE09)
[Address] EAT @explorer.exe (MsiLocateComponentA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF19F)
[Address] EAT @explorer.exe (MsiLocateComponentW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF4CA)
[Address] EAT @explorer.exe (MsiMessageBoxA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B16DA)
[Address] EAT @explorer.exe (MsiMessageBoxExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1528)
[Address] EAT @explorer.exe (MsiMessageBoxExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACCB1)
[Address] EAT @explorer.exe (MsiMessageBoxW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACE24)
[Address] EAT @explorer.exe (MsiNotifySidChangeA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BA306)
[Address] EAT @explorer.exe (MsiNotifySidChangeW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B501B)
[Address] EAT @explorer.exe (MsiOpenDatabaseA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D4691)
[Address] EAT @explorer.exe (MsiOpenDatabaseW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3D8D)
[Address] EAT @explorer.exe (MsiOpenPackageA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AEDC0)
[Address] EAT @explorer.exe (MsiOpenPackageExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AC63E)
[Address] EAT @explorer.exe (MsiOpenPackageExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AC8E9)
[Address] EAT @explorer.exe (MsiOpenPackageW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AF7AB)
[Address] EAT @explorer.exe (MsiOpenProductA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B8BF2)
[Address] EAT @explorer.exe (MsiOpenProductW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BB857)
[Address] EAT @explorer.exe (MsiPreviewBillboardA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7D4E)
[Address] EAT @explorer.exe (MsiPreviewBillboardW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3AEA)
[Address] EAT @explorer.exe (MsiPreviewDialogA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7D0B)
[Address] EAT @explorer.exe (MsiPreviewDialogW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3A96)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BCBB2)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BDF39)
[Address] EAT @explorer.exe (MsiProcessMessage) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2F51)
[Address] EAT @explorer.exe (MsiProvideAssemblyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BFD5D)
[Address] EAT @explorer.exe (MsiProvideAssemblyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C0765)
[Address] EAT @explorer.exe (MsiProvideComponentA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF7B9)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BFAB3)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71714F84)
[Address] EAT @explorer.exe (MsiProvideComponentW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C030C)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172C385)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7172D411)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71708A47)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71708C86)
[Address] EAT @explorer.exe (MsiQueryComponentStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C687C)
[Address] EAT @explorer.exe (MsiQueryComponentStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1AE1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF6F1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C6A94)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1CD9)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BFC02)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C057D)
[Address] EAT @explorer.exe (MsiQueryFeatureStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7170617D)
[Address] EAT @explorer.exe (MsiQueryProductStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BD45D)
[Address] EAT @explorer.exe (MsiQueryProductStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717149FE)
[Address] EAT @explorer.exe (MsiRecordClearData) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1D27)
[Address] EAT @explorer.exe (MsiRecordDataSize) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D16E5)
[Address] EAT @explorer.exe (MsiRecordGetFieldCount) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1916)
[Address] EAT @explorer.exe (MsiRecordGetInteger) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D18B5)
[Address] EAT @explorer.exe (MsiRecordGetStringA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3F1D)
[Address] EAT @explorer.exe (MsiRecordGetStringW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D40CC)
[Address] EAT @explorer.exe (MsiRecordIsNull) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D15F5)
[Address] EAT @explorer.exe (MsiRecordReadStream) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1B6D)
[Address] EAT @explorer.exe (MsiRecordSetInteger) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D17C2)
[Address] EAT @explorer.exe (MsiRecordSetStreamA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D5877)
[Address] EAT @explorer.exe (MsiRecordSetStreamW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1A03)
[Address] EAT @explorer.exe (MsiRecordSetStringA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D561D)
[Address] EAT @explorer.exe (MsiRecordSetStringW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D572E)
[Address] EAT @explorer.exe (MsiReinstallFeatureA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1EDE)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BD8C2)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BE657)
[Address] EAT @explorer.exe (MsiReinstallFeatureW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71718C24)
[Address] EAT @explorer.exe (MsiReinstallProductA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B1AFE)
[Address] EAT @explorer.exe (MsiReinstallProductW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ACFF1)
[Address] EAT @explorer.exe (MsiRemovePatchesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C9606)
[Address] EAT @explorer.exe (MsiRemovePatchesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C3702)
[Address] EAT @explorer.exe (MsiSequenceA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6180)
[Address] EAT @explorer.exe (MsiSequenceW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2E4B)
[Address] EAT @explorer.exe (MsiSetComponentStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D73EB)
[Address] EAT @explorer.exe (MsiSetComponentStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D74E5)
[Address] EAT @explorer.exe (MsiSetExternalUIA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AC72F)
[Address] EAT @explorer.exe (MsiSetExternalUIRecord) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C336B)
[Address] EAT @explorer.exe (MsiSetExternalUIW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71714E86)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D7001)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D70B4)
[Address] EAT @explorer.exe (MsiSetFeatureStateA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6E2D)
[Address] EAT @explorer.exe (MsiSetFeatureStateW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6EDF)
[Address] EAT @explorer.exe (MsiSetInstallLevel) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3424)
[Address] EAT @explorer.exe (MsiSetInternalUI) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71714FE6)
[Address] EAT @explorer.exe (MsiSetMode) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D28BB)
[Address] EAT @explorer.exe (MsiSetOfflineContextW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D8485)
[Address] EAT @explorer.exe (MsiSetPropertyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D5DC1)
[Address] EAT @explorer.exe (MsiSetPropertyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D5F85)
[Address] EAT @explorer.exe (MsiSetTargetPathA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D69DD)
[Address] EAT @explorer.exe (MsiSetTargetPathW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D6B61)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7136)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2165)
[Address] EAT @explorer.exe (MsiSourceListAddSourceA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B3037)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C6F13)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C1F43)
[Address] EAT @explorer.exe (MsiSourceListAddSourceW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ADC51)
[Address] EAT @explorer.exe (MsiSourceListClearAllA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B2EF0)
[Address] EAT @explorer.exe (MsiSourceListClearAllExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7875)
[Address] EAT @explorer.exe (MsiSourceListClearAllExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C281B)
[Address] EAT @explorer.exe (MsiSourceListClearAllW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ADAEB)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C764A)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C260D)
[Address] EAT @explorer.exe (MsiSourceListClearSourceA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7436)
[Address] EAT @explorer.exe (MsiSourceListClearSourceW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2405)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C834E)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C31B5)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7C4B)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2C07)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B31B8)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7A6C)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2A09)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717ADDDB)
[Address] EAT @explorer.exe (MsiSourceListGetInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C7E30)
[Address] EAT @explorer.exe (MsiSourceListGetInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2DB5)
[Address] EAT @explorer.exe (MsiSourceListSetInfoA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C80F8)
[Address] EAT @explorer.exe (MsiSourceListSetInfoW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C2FAB)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D21B9)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyCount) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1E3D)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D238B)
[Address] EAT @explorer.exe (MsiSummaryInfoPersist) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D2551)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D5906)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D1F2B)
[Address] EAT @explorer.exe (MsiUseFeatureA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C0D83)
[Address] EAT @explorer.exe (MsiUseFeatureExA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717BF9E8)
[Address] EAT @explorer.exe (MsiUseFeatureExW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71714D3A)
[Address] EAT @explorer.exe (MsiUseFeatureW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717C0DA0)
[Address] EAT @explorer.exe (MsiVerifyDiskSpace) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D3863)
[Address] EAT @explorer.exe (MsiVerifyPackageA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717B07AA)
[Address] EAT @explorer.exe (MsiVerifyPackageW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717AF097)
[Address] EAT @explorer.exe (MsiViewClose) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0BAF)
[Address] EAT @explorer.exe (MsiViewExecute) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D070F)
[Address] EAT @explorer.exe (MsiViewFetch) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0833)
[Address] EAT @explorer.exe (MsiViewGetColumnInfo) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D0A91)
[Address] EAT @explorer.exe (MsiViewGetErrorA) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D03F1)
[Address] EAT @explorer.exe (MsiViewGetErrorW) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D05CE)
[Address] EAT @explorer.exe (MsiViewModify) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x717D093F)
[Address] EAT @explorer.exe (QueryInstanceCount) : msxml6.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x71712B2A)
[Address] EAT @firefox.exe (BeginBufferedAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F309AE)
[Address] EAT @firefox.exe (BeginBufferedPaint) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F249A1)
[Address] EAT @firefox.exe (BeginPanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F50731)
[Address] EAT @firefox.exe (BufferedPaintClear) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F26395)
[Address] EAT @firefox.exe (BufferedPaintInit) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2940E)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F308ED)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3E6B3)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3D395)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F294AB)
[Address] EAT @firefox.exe (CloseThemeData) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F26A18)
[Address] EAT @firefox.exe (DrawThemeBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23982)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3D9DA)
[Address] EAT @firefox.exe (DrawThemeEdge) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43B52)
[Address] EAT @firefox.exe (DrawThemeIcon) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F535E7)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F253E5)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F251BF)
[Address] EAT @firefox.exe (DrawThemeText) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F24EA1)
[Address] EAT @firefox.exe (DrawThemeTextEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F263E6)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2FCAF)
[Address] EAT @firefox.exe (EnableTheming) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52FEB)
[Address] EAT @firefox.exe (EndBufferedAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23F9A)
[Address] EAT @firefox.exe (EndBufferedPaint) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23F9A)
[Address] EAT @firefox.exe (EndPanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F506CC)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F24BAF)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F304BC)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30473)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52E7F)
[Address] EAT @firefox.exe (GetCurrentThemeName) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F305DD)
[Address] EAT @firefox.exe (GetThemeAppProperties) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30FB1)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2CD2E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F8BF)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3165D)
[Address] EAT @firefox.exe (GetThemeBitmap) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2BF93)
[Address] EAT @firefox.exe (GetThemeBool) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F27C1F)
[Address] EAT @firefox.exe (GetThemeColor) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52932)
[Address] EAT @firefox.exe (GetThemeEnumValue) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @firefox.exe (GetThemeFilename) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52412)
[Address] EAT @firefox.exe (GetThemeFont) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2FF21)
[Address] EAT @firefox.exe (GetThemeInt) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @firefox.exe (GetThemeIntList) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F523B1)
[Address] EAT @firefox.exe (GetThemeMargins) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F286E9)
[Address] EAT @firefox.exe (GetThemeMetric) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F306E2)
[Address] EAT @firefox.exe (GetThemePartSize) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2CDB1)
[Address] EAT @firefox.exe (GetThemePosition) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52350)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43FBB)
[Address] EAT @firefox.exe (GetThemeRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F33611)
[Address] EAT @firefox.exe (GetThemeStream) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F339D9)
[Address] EAT @firefox.exe (GetThemeString) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F522E4)
[Address] EAT @firefox.exe (GetThemeSysBool) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F53172)
[Address] EAT @firefox.exe (GetThemeSysColor) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43274)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5301E)
[Address] EAT @firefox.exe (GetThemeSysFont) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F529C4)
[Address] EAT @firefox.exe (GetThemeSysInt) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52BD3)
[Address] EAT @firefox.exe (GetThemeSysSize) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5320B)
[Address] EAT @firefox.exe (GetThemeSysString) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52B3F)
[Address] EAT @firefox.exe (GetThemeTextExtent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22D57)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F992)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F31081)
[Address] EAT @firefox.exe (GetWindowTheme) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2DF46)
[Address] EAT @firefox.exe (HitTestThemeBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F33CE3)
[Address] EAT @firefox.exe (IsAppThemed) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F869)
[Address] EAT @firefox.exe (IsCompositionActive) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22E9A)
[Address] EAT @firefox.exe (IsThemeActive) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F785)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F260AB)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5312B)
[Address] EAT @firefox.exe (IsThemePartDefined) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F285B4)
[Address] EAT @firefox.exe (OpenThemeData) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F273D2)
[Address] EAT @firefox.exe (OpenThemeDataEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43D43)
[Address] EAT @firefox.exe (SetThemeAppProperties) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F53296)
[Address] EAT @firefox.exe (SetWindowTheme) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30134)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3CFE6)
[Address] EAT @firefox.exe (ThemeInitApiHook) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2B176)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5068D)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500418AS ATA Device +++++
--- User ---
[MBR] e262884ec21d4d7498454357d36fa09c
[BSP] e4ce95cf81ea7fb8546c9a79433e5f3a : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465238 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955267072 | Size: 10500 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB2.0 CF CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) USB2.0 SM CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) USB2.0 SD CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) USB2.0 MS CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
Dokončeno : << RKreport[0]_S_04032014_224704.txt >>
Re: prosim o kontrolu logu.vyskakujici reklamy.
Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: prosim o kontrolu logu.vyskakujici reklamy.
zdravim,omlouvam se ze jsem tady dlouho nebyl.
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Petra [Práva správce]
Mód : Odebrat -- Datum : 04/07/2014 21:23:15
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\18917libfoxloader.dll [x] -> ODEBRÁNO
[SUSP PATH] szndesktop.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> VYMAZÁNO
[RUN][SUSP PATH] HKUS\S-1-5-21-3808252141-163001717-3248989872-1000\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-3808252141-163001717-3248989872-1000\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRAZENO (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B09AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A49A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D0731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A6395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B08ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BE6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BD395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A94AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A6A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BD9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D35E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A53E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A51BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A4EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A63E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AFCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D06CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A4BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B04BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B05DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ACD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ABF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A7C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AFF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D23B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A86E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B06E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ACDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B3611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B39D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D22E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D3172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D29C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A2D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B1081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ADF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B3CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A2E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A60AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A85B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A73D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D3296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BCFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AB176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D068D)
[Address] EAT @explorer.exe (DllGetClassObject) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420CF9D)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E000)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E029)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E049)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD2A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EA9A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EABD)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EAE0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E9D3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E9F6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EA1F)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EA71)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EA48)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D845)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E9AA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D822)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D9A2)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D868)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D8DA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC74)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E9D3)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC05)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DB87)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DB5E)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D9A2)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DB32)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DBDC)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DBB3)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD2A)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D88E)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D8DA)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D8B7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D9C5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB03)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DFB7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DB06)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DA17)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D9E5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DADD)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DA71)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7FC)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC25)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DCFE)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D822)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC48)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC25)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7FC)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D91D)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E981)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC74)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC97)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB75)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7AA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7D3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E958)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC25)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E9AA)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D88E)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E981)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D8FD)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC25)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DCC7)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D557)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D580)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D6BA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D6E6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D656)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D62D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D52E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D68B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D4D9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D4A1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D466)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D42E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D5D2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D70C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_ProxâhËðø") : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D732)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D505)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DADD)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D781)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D758)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D5A9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC25)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DFB7)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D822)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E049)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D8DA)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DFDA)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D96C)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D88E)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D845)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D9A2)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB75)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D943)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D822)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D91D)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB03)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD50)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB26)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD50)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD73)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DDB8)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DF8D)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DE8C)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB52)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D02B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E61D)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D0EC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D2E0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D217)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E072)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E1B4)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD99)
[Address] EAT @explorer.exe (BluetoothAddressToString) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6043740F)
[Address] EAT @explorer.exe (BluetoothAuthenticateDevice) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604382A0)
[Address] EAT @explorer.exe (BluetoothAuthenticateDeviceEx) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604383B9)
[Address] EAT @explorer.exe (BluetoothAuthenticateMultipleDevices) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604382C8)
[Address] EAT @explorer.exe (BluetoothAuthenticationAgent) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604298BE)
[Address] EAT @explorer.exe (BluetoothDisconnectDevice) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042DD74)
[Address] EAT @explorer.exe (BluetoothDisplayDeviceProperties) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604341AB)
[Address] EAT @explorer.exe (BluetoothEnableDiscovery) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E424)
[Address] EAT @explorer.exe (BluetoothEnableIncomingConnections) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E6C4)
[Address] EAT @explorer.exe (BluetoothEnumerateInstalledServices) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042DE94)
[Address] EAT @explorer.exe (BluetoothEnumerateInstalledServicesEx) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042F7A2)
[Address] EAT @explorer.exe (BluetoothFindBrowseGroupClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CB63)
[Address] EAT @explorer.exe (BluetoothFindClassIdClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CB63)
[Address] EAT @explorer.exe (BluetoothFindDeviceClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D785)
[Address] EAT @explorer.exe (BluetoothFindFirstBrowseGroup) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042DB97)
[Address] EAT @explorer.exe (BluetoothFindFirstClassId) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D8F5)
[Address] EAT @explorer.exe (BluetoothFindFirstDevice) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E9E6)
[Address] EAT @explorer.exe (BluetoothFindFirstProfileDescriptor) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042DC7E)
[Address] EAT @explorer.exe (BluetoothFindFirstProtocolDescriptorStack) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D9D5)
[Address] EAT @explorer.exe (BluetoothFindFirstProtocolEntry) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042DACC)
[Address] EAT @explorer.exe (BluetoothFindFirstRadio) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D6E6)
[Address] EAT @explorer.exe (BluetoothFindFirstService) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6043032D)
[Address] EAT @explorer.exe (BluetoothFindFirstServiceEx) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042EDBE)
[Address] EAT @explorer.exe (BluetoothFindNextBrowseGroup) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CB98)
[Address] EAT @explorer.exe (BluetoothFindNextClassId) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C97D)
[Address] EAT @explorer.exe (BluetoothFindNextDevice) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C194)
[Address] EAT @explorer.exe (BluetoothFindNextProfileDescriptor) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CBFD)
[Address] EAT @explorer.exe (BluetoothFindNextProtocolDescriptorStack) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C9D4)
[Address] EAT @explorer.exe (BluetoothFindNextProtocolEntry) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CAA8)
[Address] EAT @explorer.exe (BluetoothFindNextRadio) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C066)
[Address] EAT @explorer.exe (BluetoothFindNextService) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D84C)
[Address] EAT @explorer.exe (BluetoothFindProfileDescriptorClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CB63)
[Address] EAT @explorer.exe (BluetoothFindProtocolDescriptorStackClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CA5B)
[Address] EAT @explorer.exe (BluetoothFindProtocolEntryClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CB63)
[Address] EAT @explorer.exe (BluetoothFindRadioClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C1CD)
[Address] EAT @explorer.exe (BluetoothFindServiceClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C92F)
[Address] EAT @explorer.exe (BluetoothGetDeviceInfo) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E8F6)
[Address] EAT @explorer.exe (BluetoothGetRadioInfo) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D083)
[Address] EAT @explorer.exe (BluetoothIsConnectable) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E6E6)
[Address] EAT @explorer.exe (BluetoothIsDiscoverable) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E5F3)
[Address] EAT @explorer.exe (BluetoothIsVersionAvailable) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D4B2)
[Address] EAT @explorer.exe (BluetoothMapClassOfDeviceToImageIndex) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6043731E)
[Address] EAT @explorer.exe (BluetoothMapClassOfDeviceToString) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60436F6D)
[Address] EAT @explorer.exe (BluetoothRegisterForAuthentication) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60430114)
[Address] EAT @explorer.exe (BluetoothRegisterForAuthenticationEx) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60430137)
[Address] EAT @explorer.exe (BluetoothRemoveDevice) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60430EBD)
[Address] EAT @explorer.exe (BluetoothSdpEnumAttributes) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CCD9)
[Address] EAT @explorer.exe (BluetoothSdpGetAttributeValue) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60431530)
[Address] EAT @explorer.exe (BluetoothSdpGetContainerElementData) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60431488)
[Address] EAT @explorer.exe (BluetoothSdpGetElementData) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60431223)
[Address] EAT @explorer.exe (BluetoothSdpGetString) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60431883)
[Address] EAT @explorer.exe (BluetoothSelectDevices) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60433D76)
[Address] EAT @explorer.exe (BluetoothSelectDevicesFree) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6043253F)
[Address] EAT @explorer.exe (BluetoothSendAuthenticationResponse) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E323)
[Address] EAT @explorer.exe (BluetoothSendAuthenticationResponseEx) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E235)
[Address] EAT @explorer.exe (BluetoothSetLocalServiceInfo) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042FB77)
[Address] EAT @explorer.exe (BluetoothSetServiceState) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60430DDB)
[Address] EAT @explorer.exe (BluetoothUnregisterAuthentication) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CF30)
[Address] EAT @explorer.exe (BluetoothUpdateDeviceRecord) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D7E1)
[Address] EAT @explorer.exe (BthpEnableAllServices) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6043106A)
[Address] EAT @explorer.exe (BthpFindPnpInfo) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042EEC6)
[Address] EAT @explorer.exe (BthpMapStatusToErr) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604373DF)
[Address] EAT @explorer.exe (CPlApplet) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042BB60)
[Address] EAT @explorer.exe (DllCanUnloadNow) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042B2E6)
[Address] EAT @explorer.exe (DllGetClassObject) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042B1E8)
[Address] EAT @firefox.exe (BeginBufferedAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B09AE)
[Address] EAT @firefox.exe (BeginBufferedPaint) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A49A1)
[Address] EAT @firefox.exe (BeginPanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D0731)
[Address] EAT @firefox.exe (BufferedPaintClear) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A6395)
[Address] EAT @firefox.exe (BufferedPaintInit) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A940E)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B08ED)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BE6B3)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BD395)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A94AB)
[Address] EAT @firefox.exe (CloseThemeData) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A6A18)
[Address] EAT @firefox.exe (DrawThemeBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3982)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BD9DA)
[Address] EAT @firefox.exe (DrawThemeEdge) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3B52)
[Address] EAT @firefox.exe (DrawThemeIcon) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D35E7)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A53E5)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A51BF)
[Address] EAT @firefox.exe (DrawThemeText) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A4EA1)
[Address] EAT @firefox.exe (DrawThemeTextEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A63E6)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AFCAF)
[Address] EAT @firefox.exe (EnableTheming) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2FEB)
[Address] EAT @firefox.exe (EndBufferedAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3F9A)
[Address] EAT @firefox.exe (EndBufferedPaint) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3F9A)
[Address] EAT @firefox.exe (EndPanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D06CC)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A4BAF)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B04BC)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0473)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2E7F)
[Address] EAT @firefox.exe (GetCurrentThemeName) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B05DD)
[Address] EAT @firefox.exe (GetThemeAppProperties) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0FB1)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ACD2E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF8BF)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B165D)
[Address] EAT @firefox.exe (GetThemeBitmap) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ABF93)
[Address] EAT @firefox.exe (GetThemeBool) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A7C1F)
[Address] EAT @firefox.exe (GetThemeColor) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2932)
[Address] EAT @firefox.exe (GetThemeEnumValue) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @firefox.exe (GetThemeFilename) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2412)
[Address] EAT @firefox.exe (GetThemeFont) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AFF21)
[Address] EAT @firefox.exe (GetThemeInt) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @firefox.exe (GetThemeIntList) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D23B1)
[Address] EAT @firefox.exe (GetThemeMargins) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A86E9)
[Address] EAT @firefox.exe (GetThemeMetric) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B06E2)
[Address] EAT @firefox.exe (GetThemePartSize) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ACDB1)
[Address] EAT @firefox.exe (GetThemePosition) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2350)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3FBB)
[Address] EAT @firefox.exe (GetThemeRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B3611)
[Address] EAT @firefox.exe (GetThemeStream) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B39D9)
[Address] EAT @firefox.exe (GetThemeString) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D22E4)
[Address] EAT @firefox.exe (GetThemeSysBool) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D3172)
[Address] EAT @firefox.exe (GetThemeSysColor) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3274)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D301E)
[Address] EAT @firefox.exe (GetThemeSysFont) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D29C4)
[Address] EAT @firefox.exe (GetThemeSysInt) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2BD3)
[Address] EAT @firefox.exe (GetThemeSysSize) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D320B)
[Address] EAT @firefox.exe (GetThemeSysString) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2B3F)
[Address] EAT @firefox.exe (GetThemeTextExtent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A2D57)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF992)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B1081)
[Address] EAT @firefox.exe (GetWindowTheme) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ADF46)
[Address] EAT @firefox.exe (HitTestThemeBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B3CE3)
[Address] EAT @firefox.exe (IsAppThemed) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF869)
[Address] EAT @firefox.exe (IsCompositionActive) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A2E9A)
[Address] EAT @firefox.exe (IsThemeActive) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF785)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A60AB)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D312B)
[Address] EAT @firefox.exe (IsThemePartDefined) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A85B4)
[Address] EAT @firefox.exe (OpenThemeData) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A73D2)
[Address] EAT @firefox.exe (OpenThemeDataEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3D43)
[Address] EAT @firefox.exe (SetThemeAppProperties) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D3296)
[Address] EAT @firefox.exe (SetWindowTheme) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0134)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BCFE6)
[Address] EAT @firefox.exe (ThemeInitApiHook) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AB176)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D068D)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500418AS ATA Device +++++
--- User ---
[MBR] e262884ec21d4d7498454357d36fa09c
[BSP] e4ce95cf81ea7fb8546c9a79433e5f3a : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465238 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955267072 | Size: 10500 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB2.0 CF CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) USB2.0 SM CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) USB2.0 SD CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) USB2.0 MS CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
Dokončeno : << RKreport[0]_D_04072014_212315.txt >>
RKreport[0]_S_04032014_224704.txt;RKreport[0]_S_04072014_212240.txt
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Petra [Práva správce]
Mód : Oprava HOSTS -- Datum : 04/07/2014 21:23:36
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\18917libfoxloader.dll [x] -> ODEBRÁNO
[SUSP PATH] szndesktop.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[0]_H_04072014_212336.txt >>
RKreport[0]_D_04072014_212315.txt;RKreport[0]_S_04032014_224704.txt;RKreport[0]_S_04072014_212240.txt
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Petra [Práva správce]
Mód : Odebrat -- Datum : 04/07/2014 21:23:15
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\18917libfoxloader.dll [x] -> ODEBRÁNO
[SUSP PATH] szndesktop.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> VYMAZÁNO
[RUN][SUSP PATH] HKUS\S-1-5-21-3808252141-163001717-3248989872-1000\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-3808252141-163001717-3248989872-1000\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRAZENO (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B09AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A49A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D0731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A6395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B08ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BE6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BD395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A94AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A6A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BD9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D35E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A53E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A51BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A4EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A63E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AFCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D06CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A4BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B04BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B05DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ACD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ABF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A7C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AFF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D23B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A86E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B06E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ACDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B3611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B39D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D22E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D3172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D29C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A2D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B1081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ADF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B3CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A2E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A60AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A85B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A73D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D3296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BCFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AB176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D068D)
[Address] EAT @explorer.exe (DllGetClassObject) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420CF9D)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E000)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E029)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E049)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD2A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EA9A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EABD)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EAE0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E9D3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E9F6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EA1F)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EA71)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EA48)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D845)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E9AA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D822)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D9A2)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D868)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D8DA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC74)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E9D3)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC05)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DB87)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DB5E)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D9A2)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DB32)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DBDC)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DBB3)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD2A)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D88E)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D8DA)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D8B7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D9C5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB03)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DFB7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DB06)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DA17)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D9E5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DADD)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DA71)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7FC)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC25)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DCFE)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D822)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC48)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC25)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7FC)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D91D)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E981)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC74)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC97)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB75)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7AA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7D3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E958)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC25)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E9AA)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D88E)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E981)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D8FD)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC25)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DCC7)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D557)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D580)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D6BA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D6E6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D656)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D62D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D52E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D68B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D4D9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D4A1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D466)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D42E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D5D2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D70C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_ProxâhËðø") : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D732)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D505)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DADD)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D781)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D758)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D5A9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DC25)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DFB7)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D822)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E049)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D8DA)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DFDA)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D96C)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D88E)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D845)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D9A2)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB75)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D943)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D822)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D91D)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB03)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD50)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB26)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD50)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD73)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DDB8)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DF8D)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DE8C)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420EB52)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D02B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E61D)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D0EC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D2E0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420D217)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E072)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420E1B4)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : ntmarta.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7420DD99)
[Address] EAT @explorer.exe (BluetoothAddressToString) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6043740F)
[Address] EAT @explorer.exe (BluetoothAuthenticateDevice) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604382A0)
[Address] EAT @explorer.exe (BluetoothAuthenticateDeviceEx) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604383B9)
[Address] EAT @explorer.exe (BluetoothAuthenticateMultipleDevices) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604382C8)
[Address] EAT @explorer.exe (BluetoothAuthenticationAgent) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604298BE)
[Address] EAT @explorer.exe (BluetoothDisconnectDevice) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042DD74)
[Address] EAT @explorer.exe (BluetoothDisplayDeviceProperties) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604341AB)
[Address] EAT @explorer.exe (BluetoothEnableDiscovery) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E424)
[Address] EAT @explorer.exe (BluetoothEnableIncomingConnections) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E6C4)
[Address] EAT @explorer.exe (BluetoothEnumerateInstalledServices) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042DE94)
[Address] EAT @explorer.exe (BluetoothEnumerateInstalledServicesEx) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042F7A2)
[Address] EAT @explorer.exe (BluetoothFindBrowseGroupClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CB63)
[Address] EAT @explorer.exe (BluetoothFindClassIdClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CB63)
[Address] EAT @explorer.exe (BluetoothFindDeviceClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D785)
[Address] EAT @explorer.exe (BluetoothFindFirstBrowseGroup) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042DB97)
[Address] EAT @explorer.exe (BluetoothFindFirstClassId) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D8F5)
[Address] EAT @explorer.exe (BluetoothFindFirstDevice) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E9E6)
[Address] EAT @explorer.exe (BluetoothFindFirstProfileDescriptor) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042DC7E)
[Address] EAT @explorer.exe (BluetoothFindFirstProtocolDescriptorStack) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D9D5)
[Address] EAT @explorer.exe (BluetoothFindFirstProtocolEntry) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042DACC)
[Address] EAT @explorer.exe (BluetoothFindFirstRadio) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D6E6)
[Address] EAT @explorer.exe (BluetoothFindFirstService) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6043032D)
[Address] EAT @explorer.exe (BluetoothFindFirstServiceEx) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042EDBE)
[Address] EAT @explorer.exe (BluetoothFindNextBrowseGroup) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CB98)
[Address] EAT @explorer.exe (BluetoothFindNextClassId) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C97D)
[Address] EAT @explorer.exe (BluetoothFindNextDevice) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C194)
[Address] EAT @explorer.exe (BluetoothFindNextProfileDescriptor) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CBFD)
[Address] EAT @explorer.exe (BluetoothFindNextProtocolDescriptorStack) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C9D4)
[Address] EAT @explorer.exe (BluetoothFindNextProtocolEntry) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CAA8)
[Address] EAT @explorer.exe (BluetoothFindNextRadio) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C066)
[Address] EAT @explorer.exe (BluetoothFindNextService) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D84C)
[Address] EAT @explorer.exe (BluetoothFindProfileDescriptorClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CB63)
[Address] EAT @explorer.exe (BluetoothFindProtocolDescriptorStackClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CA5B)
[Address] EAT @explorer.exe (BluetoothFindProtocolEntryClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CB63)
[Address] EAT @explorer.exe (BluetoothFindRadioClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C1CD)
[Address] EAT @explorer.exe (BluetoothFindServiceClose) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042C92F)
[Address] EAT @explorer.exe (BluetoothGetDeviceInfo) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E8F6)
[Address] EAT @explorer.exe (BluetoothGetRadioInfo) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D083)
[Address] EAT @explorer.exe (BluetoothIsConnectable) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E6E6)
[Address] EAT @explorer.exe (BluetoothIsDiscoverable) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E5F3)
[Address] EAT @explorer.exe (BluetoothIsVersionAvailable) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D4B2)
[Address] EAT @explorer.exe (BluetoothMapClassOfDeviceToImageIndex) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6043731E)
[Address] EAT @explorer.exe (BluetoothMapClassOfDeviceToString) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60436F6D)
[Address] EAT @explorer.exe (BluetoothRegisterForAuthentication) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60430114)
[Address] EAT @explorer.exe (BluetoothRegisterForAuthenticationEx) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60430137)
[Address] EAT @explorer.exe (BluetoothRemoveDevice) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60430EBD)
[Address] EAT @explorer.exe (BluetoothSdpEnumAttributes) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CCD9)
[Address] EAT @explorer.exe (BluetoothSdpGetAttributeValue) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60431530)
[Address] EAT @explorer.exe (BluetoothSdpGetContainerElementData) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60431488)
[Address] EAT @explorer.exe (BluetoothSdpGetElementData) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60431223)
[Address] EAT @explorer.exe (BluetoothSdpGetString) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60431883)
[Address] EAT @explorer.exe (BluetoothSelectDevices) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60433D76)
[Address] EAT @explorer.exe (BluetoothSelectDevicesFree) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6043253F)
[Address] EAT @explorer.exe (BluetoothSendAuthenticationResponse) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E323)
[Address] EAT @explorer.exe (BluetoothSendAuthenticationResponseEx) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042E235)
[Address] EAT @explorer.exe (BluetoothSetLocalServiceInfo) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042FB77)
[Address] EAT @explorer.exe (BluetoothSetServiceState) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x60430DDB)
[Address] EAT @explorer.exe (BluetoothUnregisterAuthentication) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042CF30)
[Address] EAT @explorer.exe (BluetoothUpdateDeviceRecord) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042D7E1)
[Address] EAT @explorer.exe (BthpEnableAllServices) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6043106A)
[Address] EAT @explorer.exe (BthpFindPnpInfo) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042EEC6)
[Address] EAT @explorer.exe (BthpMapStatusToErr) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x604373DF)
[Address] EAT @explorer.exe (CPlApplet) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042BB60)
[Address] EAT @explorer.exe (DllCanUnloadNow) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042B2E6)
[Address] EAT @explorer.exe (DllGetClassObject) : imapi2.dll -> HOOKED (C:\Windows\System32\bthprops.cpl @ 0x6042B1E8)
[Address] EAT @firefox.exe (BeginBufferedAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B09AE)
[Address] EAT @firefox.exe (BeginBufferedPaint) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A49A1)
[Address] EAT @firefox.exe (BeginPanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D0731)
[Address] EAT @firefox.exe (BufferedPaintClear) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A6395)
[Address] EAT @firefox.exe (BufferedPaintInit) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A940E)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B08ED)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BE6B3)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BD395)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A94AB)
[Address] EAT @firefox.exe (CloseThemeData) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A6A18)
[Address] EAT @firefox.exe (DrawThemeBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3982)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BD9DA)
[Address] EAT @firefox.exe (DrawThemeEdge) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3B52)
[Address] EAT @firefox.exe (DrawThemeIcon) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D35E7)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A53E5)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A51BF)
[Address] EAT @firefox.exe (DrawThemeText) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A4EA1)
[Address] EAT @firefox.exe (DrawThemeTextEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A63E6)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AFCAF)
[Address] EAT @firefox.exe (EnableTheming) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2FEB)
[Address] EAT @firefox.exe (EndBufferedAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3F9A)
[Address] EAT @firefox.exe (EndBufferedPaint) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A3F9A)
[Address] EAT @firefox.exe (EndPanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D06CC)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A4BAF)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B04BC)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0473)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2E7F)
[Address] EAT @firefox.exe (GetCurrentThemeName) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B05DD)
[Address] EAT @firefox.exe (GetThemeAppProperties) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0FB1)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ACD2E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF8BF)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B165D)
[Address] EAT @firefox.exe (GetThemeBitmap) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ABF93)
[Address] EAT @firefox.exe (GetThemeBool) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A7C1F)
[Address] EAT @firefox.exe (GetThemeColor) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2932)
[Address] EAT @firefox.exe (GetThemeEnumValue) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @firefox.exe (GetThemeFilename) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2412)
[Address] EAT @firefox.exe (GetThemeFont) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AFF21)
[Address] EAT @firefox.exe (GetThemeInt) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A616C)
[Address] EAT @firefox.exe (GetThemeIntList) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D23B1)
[Address] EAT @firefox.exe (GetThemeMargins) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A86E9)
[Address] EAT @firefox.exe (GetThemeMetric) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B06E2)
[Address] EAT @firefox.exe (GetThemePartSize) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ACDB1)
[Address] EAT @firefox.exe (GetThemePosition) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2350)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3FBB)
[Address] EAT @firefox.exe (GetThemeRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B3611)
[Address] EAT @firefox.exe (GetThemeStream) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B39D9)
[Address] EAT @firefox.exe (GetThemeString) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D22E4)
[Address] EAT @firefox.exe (GetThemeSysBool) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D3172)
[Address] EAT @firefox.exe (GetThemeSysColor) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3274)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D301E)
[Address] EAT @firefox.exe (GetThemeSysFont) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D29C4)
[Address] EAT @firefox.exe (GetThemeSysInt) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2BD3)
[Address] EAT @firefox.exe (GetThemeSysSize) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D320B)
[Address] EAT @firefox.exe (GetThemeSysString) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D2B3F)
[Address] EAT @firefox.exe (GetThemeTextExtent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A2D57)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF992)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B1081)
[Address] EAT @firefox.exe (GetWindowTheme) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748ADF46)
[Address] EAT @firefox.exe (HitTestThemeBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B3CE3)
[Address] EAT @firefox.exe (IsAppThemed) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF869)
[Address] EAT @firefox.exe (IsCompositionActive) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A2E9A)
[Address] EAT @firefox.exe (IsThemeActive) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AF785)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A60AB)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D312B)
[Address] EAT @firefox.exe (IsThemePartDefined) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A85B4)
[Address] EAT @firefox.exe (OpenThemeData) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748A73D2)
[Address] EAT @firefox.exe (OpenThemeDataEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748C3D43)
[Address] EAT @firefox.exe (SetThemeAppProperties) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D3296)
[Address] EAT @firefox.exe (SetWindowTheme) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748B0134)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748BCFE6)
[Address] EAT @firefox.exe (ThemeInitApiHook) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748AB176)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x748D068D)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500418AS ATA Device +++++
--- User ---
[MBR] e262884ec21d4d7498454357d36fa09c
[BSP] e4ce95cf81ea7fb8546c9a79433e5f3a : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465238 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955267072 | Size: 10500 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB2.0 CF CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) USB2.0 SM CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) USB2.0 SD CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) USB2.0 MS CardReader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
Dokončeno : << RKreport[0]_D_04072014_212315.txt >>
RKreport[0]_S_04032014_224704.txt;RKreport[0]_S_04072014_212240.txt
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Petra [Práva správce]
Mód : Oprava HOSTS -- Datum : 04/07/2014 21:23:36
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\18917libfoxloader.dll [x] -> ODEBRÁNO
[SUSP PATH] szndesktop.exe -- C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[0]_H_04072014_212336.txt >>
RKreport[0]_D_04072014_212315.txt;RKreport[0]_S_04032014_224704.txt;RKreport[0]_S_04072014_212240.txt
Re: prosim o kontrolu logu.vyskakujici reklamy.
Dejte novy log z RSIT
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: prosim o kontrolu logu.vyskakujici reklamy.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Petra at 2014-04-08 18:14:04
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 402 GB (86%) free of 465 GB
Total RAM: 1917 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:14:11, on 8.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\calc.exe
C:\Users\Petra\Downloads\RSIT(1).exe
C:\Program Files\trend micro\Petra.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [EADM] "C:\Program Files\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
--
End of file - 7516 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nullsoft.com/winampDetector;version=1]
"Description"=Winamp Detector
"Path"=C:\Program Files\Winamp Detect\npwachk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-02 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-02 151064]
""= []
"LenovoFSC"=C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [2009-06-26 49152]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"PWRAGD"=C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe [2009-08-13 72256]
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28 49976]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2009-08-04 244208]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"=C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2013-10-31 449760]
"EADM"=C:\Program Files\Origin\Origin.exe [2014-03-30 3588952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]
"uTorrent"=C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe [2014-03-29 1264984]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-02-10 20922016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-07-28 216576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-04-01 12:31:15 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-04-01 12:30:51 ----D---- C:\ProgramData\Malwarebytes
2014-03-31 22:46:07 ----D---- C:\AdwCleaner
2014-03-30 19:02:25 ----D---- C:\rsit
2014-03-30 19:02:25 ----D---- C:\Program Files\trend micro
2014-03-29 22:36:47 ----D---- C:\Users\Petra\AppData\Roaming\Anino Games
2014-03-29 14:48:39 ----D---- C:\Program Files\Mozilla Firefox
2014-03-20 19:29:04 ----D---- C:\Program Files\Common Files\Skype
2014-03-20 19:29:03 ----RD---- C:\Program Files\Skype
2014-03-18 19:49:39 ----A---- C:\Windows\system32\drivers\wStLib.sys
2014-03-18 19:22:05 ----D---- C:\ProgramData\Avg_Update_0214d
2014-03-17 18:19:38 ----D---- C:\Users\Petra\AppData\Roaming\Tap It Games
2014-03-14 23:13:29 ----D---- C:\Users\Petra\AppData\Roaming\AVG2014
2014-03-14 23:08:01 ----D---- C:\ProgramData\AVG2014
2014-03-12 22:20:45 ----D---- C:\Program Files\TeamViewer
2014-03-11 20:30:24 ----A---- C:\Windows\system32\qedit.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 20:30:04 ----A---- C:\Windows\system32\jsproxy.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\jscript9diag.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\iernonce.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieapfltr.dll
2014-03-11 20:30:03 ----A---- C:\Windows\system32\wininet.dll
2014-03-11 20:30:03 ----A---- C:\Windows\system32\ieui.dll
2014-03-11 20:30:02 ----A---- C:\Windows\system32\ieUnatt.exe
2014-03-11 20:30:02 ----A---- C:\Windows\system32\iertutil.dll
2014-03-11 20:30:01 ----A---- C:\Windows\system32\mshtml.dll
2014-03-11 20:30:01 ----A---- C:\Windows\system32\jscript9.dll
2014-03-11 20:30:00 ----A---- C:\Windows\system32\urlmon.dll
2014-03-11 20:29:59 ----A---- C:\Windows\system32\msfeeds.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\msrating.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\iesetup.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\ieframe.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\ie4uinit.exe
2014-03-11 20:29:25 ----A---- C:\Windows\system32\wwansvc.dll
2014-03-11 20:28:58 ----A---- C:\Windows\system32\win32k.sys
2014-03-11 20:28:30 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-03-11 20:28:02 ----A---- C:\Windows\system32\wer.dll
======List of files/folders modified in the last 1 month======
2014-04-08 18:14:11 ----D---- C:\Windows\Prefetch
2014-04-08 18:12:49 ----D---- C:\ProgramData\Origin
2014-04-08 18:12:11 ----D---- C:\Users\Petra\AppData\Roaming\uTorrent
2014-04-08 17:40:24 ----D---- C:\Users\Petra\AppData\Roaming\Skype
2014-04-08 10:50:31 ----D---- C:\Windows\system32\config
2014-04-08 10:07:16 ----D---- C:\Windows\Temp
2014-04-08 08:48:22 ----D---- C:\Program Files\Origin
2014-04-07 21:34:20 ----D---- C:\Windows\System32
2014-04-07 21:22:35 ----D---- C:\Windows\system32\drivers
2014-04-07 17:08:34 ----SHD---- C:\System Volume Information
2014-04-07 12:13:12 ----D---- C:\Users\Petra\AppData\Roaming\Seznam.cz
2014-04-03 22:43:29 ----RD---- C:\Program Files
2014-04-03 17:28:12 ----D---- C:\Windows\system32\catroot
2014-04-03 17:27:44 ----SHD---- C:\Windows\Installer
2014-04-03 17:27:32 ----D---- C:\Windows
2014-04-03 17:27:29 ----D---- C:\Program Files\Microsoft Security Client
2014-04-01 22:12:29 ----D---- C:\Windows\Vss
2014-04-01 22:10:09 ----D---- C:\Windows\inf
2014-04-01 12:30:51 ----HD---- C:\ProgramData
2014-03-31 22:49:02 ----D---- C:\ProgramData\MFAData
2014-03-31 22:49:01 ----D---- C:\Program Files\Common Files
2014-03-31 22:48:32 ----A---- C:\Windows\win.ini
2014-03-31 22:47:35 ----D---- C:\Program Files\LemurLeap
2014-03-31 22:43:48 ----D---- C:\Program Files\AVG
2014-03-31 22:40:27 ----HD---- C:\$AVG
2014-03-31 22:18:36 ----D---- C:\ProgramData\Norton
2014-03-31 22:17:59 ----D---- C:\Windows\system32\DriverStore
2014-03-30 20:33:12 ----D---- C:\Program Files\Hry.cz
2014-03-30 20:30:16 ----D---- C:\Program Files\Alawarhry.cz
2014-03-30 19:16:25 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-03-30 17:58:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-30 08:01:07 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-03-29 23:14:51 ----AD---- C:\ProgramData\TEMP
2014-03-29 21:36:35 ----D---- C:\Users\Petra\AppData\Roaming\Artifex Mundi
2014-03-29 20:35:20 ----D---- C:\Users\Petra\AppData\Roaming\Elephant Games
2014-03-29 20:35:20 ----D---- C:\ProgramData\Elephant Games
2014-03-29 20:34:23 ----D---- C:\BigFishCache
2014-03-27 21:05:47 ----D---- C:\Windows\system32\catroot2
2014-03-26 17:59:02 ----HD---- C:\Program Files\InstallShield Installation Information
2014-03-20 19:29:10 ----D---- C:\ProgramData\Skype
2014-03-19 00:38:26 ----D---- C:\Windows\system32\MRT
2014-03-19 00:36:15 ----A---- C:\Windows\system32\MRT.exe
2014-03-17 19:26:24 ----D---- C:\ProgramData\Playrix Entertainment
2014-03-17 17:38:17 ----D---- C:\Users\Petra\AppData\Roaming\Blue Tea Games
2014-03-14 23:12:25 ----D---- C:\ProgramData\AVG2013
2014-03-12 22:21:12 ----D---- C:\Windows\system32\Tasks
2014-03-12 22:20:57 ----RSD---- C:\Windows\Fonts
2014-03-12 17:58:17 ----D---- C:\Windows\winsxs
2014-03-12 17:55:52 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-06 243128]
R1 wStLib;wStLib; C:\Windows\system32\drivers\wStLib.sys [2014-03-18 52920]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-07-28 5924864]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-05 2745760]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2013-06-22 33088]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 SuperIO;Lenovo ASD HWM Driver; C:\Windows\system32\DRIVERS\spio.sys [2009-06-06 11720]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2013-09-16 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2013-09-16 25200]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor\pcdsrvc.pkms [2009-08-18 20848]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-13 72256]
R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2009-09-04 15872]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-17 4915040]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2009-08-28 1019904]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S2 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-04 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-04 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-04 166384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-29 119408]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-04 313840]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-04-30 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2009-09-04 1474560]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-06-30 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Run by Petra at 2014-04-08 18:14:04
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 402 GB (86%) free of 465 GB
Total RAM: 1917 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:14:11, on 8.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\calc.exe
C:\Users\Petra\Downloads\RSIT(1).exe
C:\Program Files\trend micro\Petra.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [EADM] "C:\Program Files\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
--
End of file - 7516 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nullsoft.com/winampDetector;version=1]
"Description"=Winamp Detector
"Path"=C:\Program Files\Winamp Detect\npwachk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-02 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-02 151064]
""= []
"LenovoFSC"=C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [2009-06-26 49152]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"PWRAGD"=C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe [2009-08-13 72256]
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28 49976]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2009-08-04 244208]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"=C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2013-10-31 449760]
"EADM"=C:\Program Files\Origin\Origin.exe [2014-03-30 3588952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]
"uTorrent"=C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe [2014-03-29 1264984]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-02-10 20922016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-07-28 216576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-04-01 12:31:15 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-04-01 12:30:51 ----D---- C:\ProgramData\Malwarebytes
2014-03-31 22:46:07 ----D---- C:\AdwCleaner
2014-03-30 19:02:25 ----D---- C:\rsit
2014-03-30 19:02:25 ----D---- C:\Program Files\trend micro
2014-03-29 22:36:47 ----D---- C:\Users\Petra\AppData\Roaming\Anino Games
2014-03-29 14:48:39 ----D---- C:\Program Files\Mozilla Firefox
2014-03-20 19:29:04 ----D---- C:\Program Files\Common Files\Skype
2014-03-20 19:29:03 ----RD---- C:\Program Files\Skype
2014-03-18 19:49:39 ----A---- C:\Windows\system32\drivers\wStLib.sys
2014-03-18 19:22:05 ----D---- C:\ProgramData\Avg_Update_0214d
2014-03-17 18:19:38 ----D---- C:\Users\Petra\AppData\Roaming\Tap It Games
2014-03-14 23:13:29 ----D---- C:\Users\Petra\AppData\Roaming\AVG2014
2014-03-14 23:08:01 ----D---- C:\ProgramData\AVG2014
2014-03-12 22:20:45 ----D---- C:\Program Files\TeamViewer
2014-03-11 20:30:24 ----A---- C:\Windows\system32\qedit.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 20:30:04 ----A---- C:\Windows\system32\jsproxy.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\jscript9diag.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\iernonce.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-03-11 20:30:04 ----A---- C:\Windows\system32\ieapfltr.dll
2014-03-11 20:30:03 ----A---- C:\Windows\system32\wininet.dll
2014-03-11 20:30:03 ----A---- C:\Windows\system32\ieui.dll
2014-03-11 20:30:02 ----A---- C:\Windows\system32\ieUnatt.exe
2014-03-11 20:30:02 ----A---- C:\Windows\system32\iertutil.dll
2014-03-11 20:30:01 ----A---- C:\Windows\system32\mshtml.dll
2014-03-11 20:30:01 ----A---- C:\Windows\system32\jscript9.dll
2014-03-11 20:30:00 ----A---- C:\Windows\system32\urlmon.dll
2014-03-11 20:29:59 ----A---- C:\Windows\system32\msfeeds.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\msrating.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\iesetup.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\ieframe.dll
2014-03-11 20:29:58 ----A---- C:\Windows\system32\ie4uinit.exe
2014-03-11 20:29:25 ----A---- C:\Windows\system32\wwansvc.dll
2014-03-11 20:28:58 ----A---- C:\Windows\system32\win32k.sys
2014-03-11 20:28:30 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-03-11 20:28:02 ----A---- C:\Windows\system32\wer.dll
======List of files/folders modified in the last 1 month======
2014-04-08 18:14:11 ----D---- C:\Windows\Prefetch
2014-04-08 18:12:49 ----D---- C:\ProgramData\Origin
2014-04-08 18:12:11 ----D---- C:\Users\Petra\AppData\Roaming\uTorrent
2014-04-08 17:40:24 ----D---- C:\Users\Petra\AppData\Roaming\Skype
2014-04-08 10:50:31 ----D---- C:\Windows\system32\config
2014-04-08 10:07:16 ----D---- C:\Windows\Temp
2014-04-08 08:48:22 ----D---- C:\Program Files\Origin
2014-04-07 21:34:20 ----D---- C:\Windows\System32
2014-04-07 21:22:35 ----D---- C:\Windows\system32\drivers
2014-04-07 17:08:34 ----SHD---- C:\System Volume Information
2014-04-07 12:13:12 ----D---- C:\Users\Petra\AppData\Roaming\Seznam.cz
2014-04-03 22:43:29 ----RD---- C:\Program Files
2014-04-03 17:28:12 ----D---- C:\Windows\system32\catroot
2014-04-03 17:27:44 ----SHD---- C:\Windows\Installer
2014-04-03 17:27:32 ----D---- C:\Windows
2014-04-03 17:27:29 ----D---- C:\Program Files\Microsoft Security Client
2014-04-01 22:12:29 ----D---- C:\Windows\Vss
2014-04-01 22:10:09 ----D---- C:\Windows\inf
2014-04-01 12:30:51 ----HD---- C:\ProgramData
2014-03-31 22:49:02 ----D---- C:\ProgramData\MFAData
2014-03-31 22:49:01 ----D---- C:\Program Files\Common Files
2014-03-31 22:48:32 ----A---- C:\Windows\win.ini
2014-03-31 22:47:35 ----D---- C:\Program Files\LemurLeap
2014-03-31 22:43:48 ----D---- C:\Program Files\AVG
2014-03-31 22:40:27 ----HD---- C:\$AVG
2014-03-31 22:18:36 ----D---- C:\ProgramData\Norton
2014-03-31 22:17:59 ----D---- C:\Windows\system32\DriverStore
2014-03-30 20:33:12 ----D---- C:\Program Files\Hry.cz
2014-03-30 20:30:16 ----D---- C:\Program Files\Alawarhry.cz
2014-03-30 19:16:25 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-03-30 17:58:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-30 08:01:07 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-03-29 23:14:51 ----AD---- C:\ProgramData\TEMP
2014-03-29 21:36:35 ----D---- C:\Users\Petra\AppData\Roaming\Artifex Mundi
2014-03-29 20:35:20 ----D---- C:\Users\Petra\AppData\Roaming\Elephant Games
2014-03-29 20:35:20 ----D---- C:\ProgramData\Elephant Games
2014-03-29 20:34:23 ----D---- C:\BigFishCache
2014-03-27 21:05:47 ----D---- C:\Windows\system32\catroot2
2014-03-26 17:59:02 ----HD---- C:\Program Files\InstallShield Installation Information
2014-03-20 19:29:10 ----D---- C:\ProgramData\Skype
2014-03-19 00:38:26 ----D---- C:\Windows\system32\MRT
2014-03-19 00:36:15 ----A---- C:\Windows\system32\MRT.exe
2014-03-17 19:26:24 ----D---- C:\ProgramData\Playrix Entertainment
2014-03-17 17:38:17 ----D---- C:\Users\Petra\AppData\Roaming\Blue Tea Games
2014-03-14 23:12:25 ----D---- C:\ProgramData\AVG2013
2014-03-12 22:21:12 ----D---- C:\Windows\system32\Tasks
2014-03-12 22:20:57 ----RSD---- C:\Windows\Fonts
2014-03-12 17:58:17 ----D---- C:\Windows\winsxs
2014-03-12 17:55:52 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-06 243128]
R1 wStLib;wStLib; C:\Windows\system32\drivers\wStLib.sys [2014-03-18 52920]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-07-28 5924864]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-05 2745760]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2013-06-22 33088]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 SuperIO;Lenovo ASD HWM Driver; C:\Windows\system32\DRIVERS\spio.sys [2009-06-06 11720]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2013-09-16 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2013-09-16 25200]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor\pcdsrvc.pkms [2009-08-18 20848]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-13 72256]
R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2009-09-04 15872]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-17 4915040]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2009-08-28 1019904]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S2 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-04 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-04 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-04 166384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-29 119408]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-04 313840]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-04-30 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2009-09-04 1474560]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-06-30 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Re: prosim o kontrolu logu.vyskakujici reklamy.
Jeste jeden sken a budem mazat.
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: prosim o kontrolu logu.vyskakujici reklamy.
OTL logfile created on: 4/9/2014 10:27:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petra\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1.87 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 55.18% Memory free
3.74 Gb Paging File | 2.69 Gb Available in Paging File | 71.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.33 Gb Total Space | 394.34 Gb Free Space | 86.80% Space Free | Partition Type: NTFS
Drive D: | 91.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Q: | 10.25 Gb Total Space | 5.80 Gb Free Space | 56.53% Space Free | Partition Type: NTFS
Computer Name: PETRA-VOSA | User Name: Petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/09 22:25:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
PRC - [2014/03/29 14:49:33 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/03/29 13:12:46 | 001,264,984 | ---- | M] (BitTorrent Inc.) -- C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/02/17 15:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/31 12:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/31 12:35:30 | 000,449,760 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013/07/28 23:09:08 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/04 23:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/08/28 23:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/13 07:07:06 | 000,064,064 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2009/08/13 07:06:10 | 000,072,256 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/05/28 07:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/29 14:49:03 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/02/13 23:06:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 23:06:15 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 23:06:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014/02/13 23:05:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 23:05:21 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/10/31 12:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/09/13 11:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/07/05 10:47:28 | 000,607,232 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2013/06/22 07:58:07 | 000,133,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.shdocvw\1.1.0.0__aafc021ca424f5ad\Interop.shdocvw.dll
MOD - [2013/06/22 07:58:07 | 000,054,768 | ---- | M] () -- C:\Windows\assembly\GAC_32\pcdtoolbar\1.0.0.160__aafc021ca424f5ad\pcdtoolbar.dll
MOD - [2013/05/20 12:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
MOD - [2012/12/18 11:02:22 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2009/08/11 19:00:00 | 000,028,672 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/05/28 07:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
========== Services (SafeList) ==========
SRV - [2014/03/30 19:16:26 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/29 14:49:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/03/01 05:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/02/17 15:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/30 15:13:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Running] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/09/04 23:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/08/28 23:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/13 07:06:10 | 000,072,256 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/08/04 21:36:56 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/08/04 21:36:46 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/08/04 21:33:46 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/08/04 21:33:34 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/08/04 21:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
========== Driver Services (SafeList) ==========
DRV - [2014/03/18 19:49:39 | 000,052,920 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\wStLib.sys -- (wStLib)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/10/06 23:29:31 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/09/16 21:43:40 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2013/09/16 21:43:40 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2013/06/22 07:58:15 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/08/18 08:08:14 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06000000}_0)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/06/06 02:18:08 | 000,011,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spio.sys -- (SuperIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D1ADD977-6C21-4B11-ABFA-40A2F588C839}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox;
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/07/26 09:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petra\AppData\Roaming\Mozilla\Extensions
[2014/03/20 20:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default\extensions
[2014/03/29 14:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/29 14:49:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2014/04/07 21:23:36 | 000,000,741 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKU\S-1-5-21-3808252141-163001717-3248989872-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-3808252141-163001717-3248989872-1000..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-3808252141-163001717-3248989872-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-3808252141-163001717-3248989872-1000..\Run: [uTorrent] C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE794C2E-3740-491B-B746-D4E9ABDCDF09}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/05 23:52:08 | 000,000,169 | R--- | M] () - D:\Autorun.ini -- [ CDFS ]
O32 - AutoRun File - [2008/12/05 23:52:08 | 000,038,600 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/12/05 23:52:08 | 000,000,080 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{78917b61-daff-11e2-8fa4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{78917b61-daff-11e2-8fa4-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{c1b53d5a-2e67-11e3-8d1e-4487fcde5973}\Shell - "" = AutoRun
O33 - MountPoints2\{c1b53d5a-2e67-11e3-8d1e-4487fcde5973}\Shell\AutoRun\command - "" = D:\Everest.exe -- [2008/12/05 23:52:13 | 001,802,240 | R--- | M] ()
O33 - MountPoints2\{def99f09-f5ca-11e2-8402-4487fcde5973}\Shell - "" = AutoRun
O33 - MountPoints2\{def99f09-f5ca-11e2-8402-4487fcde5973}\Shell\AutoRun\command - "" = J:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014/04/09 22:25:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
[2014/04/09 11:05:00 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Strokes - The Legend of Snow Kingdom Collectors Edition
[2014/04/09 11:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Strokes - The Legend of Snow Kingdom Collectors Edition
[2014/04/09 09:41:50 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/04/09 09:41:50 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/04/09 09:41:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll
[2014/04/09 09:40:26 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/03 22:44:01 | 000,000,000 | ---D | C] -- C:\Users\Petra\Desktop\RK_Quarantine
[2014/04/01 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\AlawarWrapper
[2014/04/01 12:31:15 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/04/01 12:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/31 22:46:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/30 19:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/03/30 19:02:25 | 000,000,000 | ---D | C] -- C:\rsit
[2014/03/29 22:36:47 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Anino Games
[2014/03/29 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Collector's Edition
[2014/03/29 19:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Collector's Edition
[2014/03/29 14:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/20 19:29:19 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\Skype
[2014/03/20 19:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/20 19:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/03/20 19:29:03 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/03/18 19:49:39 | 000,052,920 | ---- | C] (StdLib) -- C:\Windows\System32\drivers\wStLib.sys
[2014/03/18 19:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_0214d
[2014/03/17 18:19:38 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Tap It Games
[2014/03/14 23:13:29 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\AVG2014
[2014/03/14 23:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/03/14 19:58:53 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\Avg2014
[2014/03/12 22:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2014/03/11 20:30:24 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/11 20:30:04 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/03/11 20:30:04 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/11 20:30:04 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/03/11 20:30:04 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/03/11 20:30:04 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/03/11 20:30:04 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/11 20:30:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/11 20:30:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/03/11 20:30:03 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/11 20:30:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/11 20:30:01 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/11 20:29:59 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/11 20:29:59 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/11 20:29:58 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/11 20:29:58 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/11 20:29:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/11 20:28:58 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/11 20:28:02 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/09 22:29:17 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/04/09 22:25:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
[2014/04/09 22:25:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/09 22:25:38 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/09 18:12:38 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/09 18:12:38 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/09 18:04:48 | 1507,778,560 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/09 11:06:15 | 000,002,567 | ---- | M] () -- C:\Users\Public\Desktop\Play Dark Strokes - The Legend of Snow Kingdom Collectors Edition.lnk
[2014/04/09 11:06:15 | 000,001,352 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/04/05 16:13:17 | 000,578,180 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.51.26.jpg
[2014/04/05 16:13:13 | 000,566,761 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.43.52.jpg
[2014/04/05 16:13:10 | 000,566,239 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.15.10.jpg
[2014/04/05 16:13:07 | 000,588,606 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.13.19.jpg
[2014/04/05 16:13:04 | 000,529,096 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.05.56.jpg
[2014/04/05 15:59:45 | 000,082,754 | ---- | M] () -- C:\Users\Petra\Desktop\ME152571c_20141C90DD112DB6172141AE4EEBD05BE3DF.jpg
[2014/04/05 14:18:58 | 000,563,795 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.22.10.jpg
[2014/04/05 12:41:34 | 000,461,648 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-05 11.59.44.jpg
[2014/04/03 22:42:38 | 003,972,608 | ---- | M] () -- C:\Users\Petra\Desktop\RogueKiller.exe
[2014/04/03 17:27:46 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/01 22:14:11 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/03/31 22:12:47 | 001,950,720 | ---- | M] () -- C:\Users\Petra\Desktop\adwcleaner.exe
[2014/03/31 02:13:30 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/30 19:16:25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/30 19:16:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/30 17:58:33 | 000,668,138 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014/03/30 17:58:33 | 000,653,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/30 17:58:33 | 000,140,798 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014/03/30 17:58:33 | 000,121,398 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/30 13:31:42 | 000,221,298 | ---- | M] () -- C:\Users\Petra\Desktop\2014-03-30 15.02.24.jpg
[2014/03/30 13:31:06 | 000,218,130 | ---- | M] () -- C:\Users\Petra\Desktop\2014-03-30 15.02.37.jpg
[2014/03/30 13:12:12 | 000,382,548 | ---- | M] () -- C:\Users\Petra\Desktop\2014-03-30 14.50.07.jpg
[2014/03/29 19:56:30 | 000,002,532 | ---- | M] () -- C:\Users\Public\Desktop\Play Nightmares from the Deep - Davy Jones Collector's Edition.lnk
[2014/03/26 17:59:25 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/03/20 23:49:57 | 000,676,154 | ---- | M] () -- C:\Users\Petra\Desktop\mobilita.pdf
[2014/03/18 19:49:39 | 000,052,920 | ---- | M] (StdLib) -- C:\Windows\System32\drivers\wStLib.sys
[2014/03/13 19:15:03 | 000,317,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/12 22:20:53 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/09 22:29:17 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/04/09 11:06:15 | 000,002,567 | ---- | C] () -- C:\Users\Public\Desktop\Play Dark Strokes - The Legend of Snow Kingdom Collectors Edition.lnk
[2014/04/09 11:06:15 | 000,001,352 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/04/05 15:59:45 | 000,082,754 | ---- | C] () -- C:\Users\Petra\Desktop\ME152571c_20141C90DD112DB6172141AE4EEBD05BE3DF.jpg
[2014/04/05 14:20:40 | 000,529,096 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.05.56.jpg
[2014/04/05 14:20:00 | 000,588,606 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.13.19.jpg
[2014/04/05 14:19:33 | 000,566,239 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.15.10.jpg
[2014/04/05 14:18:45 | 000,563,795 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.22.10.jpg
[2014/04/05 14:17:40 | 000,566,761 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.43.52.jpg
[2014/04/05 14:16:26 | 000,578,180 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.51.26.jpg
[2014/04/05 12:41:23 | 000,461,648 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-05 11.59.44.jpg
[2014/04/03 22:42:34 | 003,972,608 | ---- | C] () -- C:\Users\Petra\Desktop\RogueKiller.exe
[2014/03/31 22:12:42 | 001,950,720 | ---- | C] () -- C:\Users\Petra\Desktop\adwcleaner.exe
[2014/03/30 13:31:32 | 000,221,298 | ---- | C] () -- C:\Users\Petra\Desktop\2014-03-30 15.02.24.jpg
[2014/03/30 13:30:59 | 000,218,130 | ---- | C] () -- C:\Users\Petra\Desktop\2014-03-30 15.02.37.jpg
[2014/03/30 13:12:03 | 000,382,548 | ---- | C] () -- C:\Users\Petra\Desktop\2014-03-30 14.50.07.jpg
[2014/03/29 19:56:30 | 000,002,532 | ---- | C] () -- C:\Users\Public\Desktop\Play Nightmares from the Deep - Davy Jones Collector's Edition.lnk
[2014/03/20 23:49:56 | 000,676,154 | ---- | C] () -- C:\Users\Petra\Desktop\mobilita.pdf
[2014/03/12 22:20:53 | 000,001,143 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/03/12 22:20:53 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/03/08 18:29:13 | 000,649,350 | ---- | C] () -- C:\Users\Petra\AppData\Roaming\log.sflog
[2014/02/15 12:52:42 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013/07/27 14:26:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/06/22 08:48:15 | 000,668,138 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2013/06/22 08:48:15 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2013/06/22 08:48:15 | 000,140,798 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2013/06/22 08:48:15 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2013/06/22 08:45:20 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2013/06/22 08:45:20 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2013/06/22 08:45:20 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2013/06/22 08:45:19 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2013/06/22 07:54:39 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/11/09 11:18:10 | 000,024,064 | ---- | C] () -- C:\Windows\System32\xrxs1l3.dll
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/08/27 18:26:00 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/08/27 18:26:00 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/10/06 15:44:09 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\.minecraft
[2014/02/09 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\4 Friends Games
[2013/11/25 18:56:14 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\8floor
[2014/01/17 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Absolutist
[2013/11/09 20:29:50 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Alawar Stargaze
[2014/01/17 22:46:45 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\AlawarEntertainment
[2014/03/29 22:36:47 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Anino Games
[2014/03/29 21:36:35 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Artifex Mundi
[2014/03/14 23:13:29 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\AVG2014
[2013/12/25 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Big Top Games
[2014/03/01 16:40:02 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\BlamGames
[2014/03/17 17:38:17 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Blue Tea Games
[2013/12/25 17:28:53 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Boomzap
[2013/07/26 10:31:15 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\BSplayer Pro
[2013/11/01 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Building the Great Wall of China
[2013/08/13 19:12:24 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Color Brush
[2013/07/26 17:09:48 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\com.custardsquare.CircusCircus.RunAwayWithTheCircus
[2013/11/03 17:17:00 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\DAEMON Tools Lite
[2013/11/30 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\DarkManor
[2014/01/15 22:18:06 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Deep Shadows
[2013/06/22 07:34:27 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\DesktopPwrMgr
[2014/02/12 20:14:30 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\DominiGames
[2014/03/01 15:47:45 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Eipix
[2014/01/16 20:56:21 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\EleFun Games
[2014/03/29 20:35:20 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Elephant Games
[2013/11/11 22:48:41 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Enki Games
[2014/01/25 19:41:20 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\ERS Game Studios
[2014/03/03 16:46:15 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Five-BN Games
[2013/09/22 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Friday's games
[2013/08/22 16:14:57 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Game
[2013/11/25 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Games
[2013/10/26 19:36:11 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\GestaltGames
[2013/11/24 19:15:35 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Gogii
[2014/01/04 22:52:55 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Gogii Games
[2013/11/17 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\GrandMA Studios
[2013/11/19 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\IcarusGames
[2014/02/15 12:52:44 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\IteraLabs
[2014/03/03 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Lazy Turtle Games
[2013/09/17 17:54:47 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Lonely Troops
[2013/11/24 20:04:22 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Mad Head Games
[2014/02/01 20:33:46 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\MagicIndie
[2014/02/19 21:40:29 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Mariaglorum
[2013/12/01 20:42:47 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Maximize Games
[2014/02/06 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\NevoSoft Games
[2013/10/07 09:11:03 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Origin
[2014/02/02 19:41:42 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Orneon
[2013/10/06 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Red Alert 3 Uprising
[2014/03/08 18:30:11 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\saves
[2013/09/22 18:34:10 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Settlement. Colossus
[2014/04/07 12:13:12 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Seznam.cz
[2014/01/05 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\ShamanGS
[2014/02/09 21:41:20 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\T1 Games
[2014/03/17 18:19:38 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Tap It Games
[2013/11/05 19:08:17 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\TikisLab
[2014/01/07 21:23:02 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\TOMI2.THE GATES OF FATE
[2013/08/01 13:40:39 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\TuneUp Software
[2014/04/09 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\uTorrent
[2014/03/15 02:42:18 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\AVG2014
[2013/10/22 01:50:33 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\DAEMON Tools Lite
[2013/08/21 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\DesktopPwrMgr
[2014/04/07 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\Seznam.cz
[2013/08/21 22:29:44 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\TuneUp Software
[2014/04/07 21:35:17 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\uTorrent
[2013/09/19 08:57:18 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\WinZip
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 06:53:46 | 000,032,520 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/06/22 07:58:06 | 000,000,452 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2013/07/26 09:48:26 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2012/06/02 06:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2013/05/10 06:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013/05/13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013/07/09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\System32\cryptsvc.dll
[2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012/06/02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2013/05/10 07:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2012/06/02 06:41:59 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2013/10/05 03:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[2012/06/02 06:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: IASTORV.SYS >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
< MD5 for: LSASS.EXE >
[2011/11/17 09:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2013/09/25 02:54:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=559C7769B397F07E12725EE55337D4C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_a8a66792d452b56a\lsass.exe
[2013/09/25 02:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\System32\lsass.exe
[2013/09/25 02:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_a80cf783bb41b5b7\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[2012/06/02 06:40:31 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=A6034689ACF9D14973F8384AD5A5451E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2012/06/02 06:51:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[2011/11/17 07:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
< MD5 for: NDIS.SYS >
[2012/08/22 19:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2012/08/22 19:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys
[2012/08/22 19:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2010/11/20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011/03/11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\drivers\nvraid.sys
[2011/03/11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/03/11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011/03/11 07:28:10 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2011/03/11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2011/03/11 07:52:25 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SMSS.EXE >
[2013/03/19 04:43:41 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0294CC751D7FAEB13621EEFB8A749429 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2013/03/19 04:51:05 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=37F4765554F2CD34AAAB616F696E5539 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21490_none_ac8ab2c593af8bd4\smss.exe
[2013/07/08 05:02:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=634E0B45780F502304592C5615A31089 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_ae8fb42390bda114\smss.exe
[2013/03/19 04:50:03 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=B24BF638652522BB5E14AB7993FD4A5D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_ac19b4ca7a7f0306\smss.exe
[2013/08/29 02:51:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_aeb7f4db909fe272\smss.exe
[2013/03/19 04:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\System32\smss.exe
[2013/03/19 04:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
[2013/05/06 05:02:20 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=EC745C0949B101129AB6D39CD63808A6 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22318_none_aecf9361908de017\smss.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013/01/03 07:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013/01/04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013/07/06 07:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013/07/06 06:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2010/04/09 09:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2013/05/08 08:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2010/04/09 09:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
[2013/09/07 04:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013/01/03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2013/01/04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2013/09/08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\System32\drivers\tcpip.sys
[2013/09/08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2013/05/08 07:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2012/10/03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013/11/26 13:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012/10/03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\21bf4f1621143e0103daef3cc5a3013f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\21bf4f1621143e0103daef3cc5a3013f\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\3c6b54bcfb3c23f715dc558bc21287fd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3c6b54bcfb3c23f715dc558bc21287fd\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\*.tmp files -> C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\bbcc525f37ad87da3cf2bdd37ffaf044\*.tmp files -> C:\Windows\SoftwareDistribution\Download\bbcc525f37ad87da3cf2bdd37ffaf044\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\def445ec30865998d1fd1bc2aacd30ef\*.tmp files -> C:\Windows\SoftwareDistribution\Download\def445ec30865998d1fd1bc2aacd30ef\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\f9a13c42801955cef3eb2c50d610ae88\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f9a13c42801955cef3eb2c50d610ae88\*.tmp -> ]
[98 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\{6533B6D5-7008-4EB6-B9D1-49C42B44983D}\*.tmp files -> C:\Windows\Temp\{6533B6D5-7008-4EB6-B9D1-49C42B44983D}\*.tmp -> ]
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petra\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1.87 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 55.18% Memory free
3.74 Gb Paging File | 2.69 Gb Available in Paging File | 71.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.33 Gb Total Space | 394.34 Gb Free Space | 86.80% Space Free | Partition Type: NTFS
Drive D: | 91.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Q: | 10.25 Gb Total Space | 5.80 Gb Free Space | 56.53% Space Free | Partition Type: NTFS
Computer Name: PETRA-VOSA | User Name: Petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/09 22:25:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
PRC - [2014/03/29 14:49:33 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/03/29 13:12:46 | 001,264,984 | ---- | M] (BitTorrent Inc.) -- C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/02/17 15:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/31 12:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/31 12:35:30 | 000,449,760 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013/07/28 23:09:08 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/04 23:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/08/28 23:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/13 07:07:06 | 000,064,064 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2009/08/13 07:06:10 | 000,072,256 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/05/28 07:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/29 14:49:03 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/02/13 23:06:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 23:06:15 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 23:06:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014/02/13 23:05:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 23:05:21 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/10/31 12:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/09/13 11:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/07/05 10:47:28 | 000,607,232 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2013/06/22 07:58:07 | 000,133,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.shdocvw\1.1.0.0__aafc021ca424f5ad\Interop.shdocvw.dll
MOD - [2013/06/22 07:58:07 | 000,054,768 | ---- | M] () -- C:\Windows\assembly\GAC_32\pcdtoolbar\1.0.0.160__aafc021ca424f5ad\pcdtoolbar.dll
MOD - [2013/05/20 12:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
MOD - [2012/12/18 11:02:22 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2009/08/11 19:00:00 | 000,028,672 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/05/28 07:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
========== Services (SafeList) ==========
SRV - [2014/03/30 19:16:26 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/29 14:49:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/03/01 05:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/02/17 15:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/30 15:13:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Running] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/09/04 23:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/08/28 23:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/13 07:06:10 | 000,072,256 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/08/04 21:36:56 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/08/04 21:36:46 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/08/04 21:33:46 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/08/04 21:33:34 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/08/04 21:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
========== Driver Services (SafeList) ==========
DRV - [2014/03/18 19:49:39 | 000,052,920 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\wStLib.sys -- (wStLib)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/10/06 23:29:31 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/09/16 21:43:40 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2013/09/16 21:43:40 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2013/06/22 07:58:15 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/08/18 08:08:14 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06000000}_0)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/06/06 02:18:08 | 000,011,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spio.sys -- (SuperIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D1ADD977-6C21-4B11-ABFA-40A2F588C839}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox;
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/07/26 09:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petra\AppData\Roaming\Mozilla\Extensions
[2014/03/20 20:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3fikt9mx.default\extensions
[2014/03/29 14:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/29 14:49:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2014/04/07 21:23:36 | 000,000,741 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3808252141-163001717-3248989872-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKU\S-1-5-21-3808252141-163001717-3248989872-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-3808252141-163001717-3248989872-1000..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-3808252141-163001717-3248989872-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-3808252141-163001717-3248989872-1000..\Run: [uTorrent] C:\Users\Petra\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE794C2E-3740-491B-B746-D4E9ABDCDF09}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/05 23:52:08 | 000,000,169 | R--- | M] () - D:\Autorun.ini -- [ CDFS ]
O32 - AutoRun File - [2008/12/05 23:52:08 | 000,038,600 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/12/05 23:52:08 | 000,000,080 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{78917b61-daff-11e2-8fa4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{78917b61-daff-11e2-8fa4-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{c1b53d5a-2e67-11e3-8d1e-4487fcde5973}\Shell - "" = AutoRun
O33 - MountPoints2\{c1b53d5a-2e67-11e3-8d1e-4487fcde5973}\Shell\AutoRun\command - "" = D:\Everest.exe -- [2008/12/05 23:52:13 | 001,802,240 | R--- | M] ()
O33 - MountPoints2\{def99f09-f5ca-11e2-8402-4487fcde5973}\Shell - "" = AutoRun
O33 - MountPoints2\{def99f09-f5ca-11e2-8402-4487fcde5973}\Shell\AutoRun\command - "" = J:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014/04/09 22:25:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
[2014/04/09 11:05:00 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Strokes - The Legend of Snow Kingdom Collectors Edition
[2014/04/09 11:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Strokes - The Legend of Snow Kingdom Collectors Edition
[2014/04/09 09:41:50 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/04/09 09:41:50 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/04/09 09:41:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll
[2014/04/09 09:40:26 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/03 22:44:01 | 000,000,000 | ---D | C] -- C:\Users\Petra\Desktop\RK_Quarantine
[2014/04/01 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\AlawarWrapper
[2014/04/01 12:31:15 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/04/01 12:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/31 22:46:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/30 19:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/03/30 19:02:25 | 000,000,000 | ---D | C] -- C:\rsit
[2014/03/29 22:36:47 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Anino Games
[2014/03/29 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Collector's Edition
[2014/03/29 19:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightmares from the Deep - Davy Jones Collector's Edition
[2014/03/29 14:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/20 19:29:19 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\Skype
[2014/03/20 19:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/20 19:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/03/20 19:29:03 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/03/18 19:49:39 | 000,052,920 | ---- | C] (StdLib) -- C:\Windows\System32\drivers\wStLib.sys
[2014/03/18 19:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_0214d
[2014/03/17 18:19:38 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Tap It Games
[2014/03/14 23:13:29 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\AVG2014
[2014/03/14 23:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/03/14 19:58:53 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\Avg2014
[2014/03/12 22:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2014/03/11 20:30:24 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/11 20:30:04 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/03/11 20:30:04 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/11 20:30:04 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/03/11 20:30:04 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/03/11 20:30:04 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/03/11 20:30:04 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/11 20:30:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/11 20:30:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/03/11 20:30:03 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/11 20:30:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/11 20:30:01 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/11 20:29:59 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/11 20:29:59 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/11 20:29:58 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/11 20:29:58 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/11 20:29:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/11 20:28:58 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/11 20:28:02 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/09 22:29:17 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/04/09 22:25:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
[2014/04/09 22:25:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/09 22:25:38 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/09 18:12:38 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/09 18:12:38 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/09 18:04:48 | 1507,778,560 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/09 11:06:15 | 000,002,567 | ---- | M] () -- C:\Users\Public\Desktop\Play Dark Strokes - The Legend of Snow Kingdom Collectors Edition.lnk
[2014/04/09 11:06:15 | 000,001,352 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/04/05 16:13:17 | 000,578,180 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.51.26.jpg
[2014/04/05 16:13:13 | 000,566,761 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.43.52.jpg
[2014/04/05 16:13:10 | 000,566,239 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.15.10.jpg
[2014/04/05 16:13:07 | 000,588,606 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.13.19.jpg
[2014/04/05 16:13:04 | 000,529,096 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.05.56.jpg
[2014/04/05 15:59:45 | 000,082,754 | ---- | M] () -- C:\Users\Petra\Desktop\ME152571c_20141C90DD112DB6172141AE4EEBD05BE3DF.jpg
[2014/04/05 14:18:58 | 000,563,795 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-04 17.22.10.jpg
[2014/04/05 12:41:34 | 000,461,648 | ---- | M] () -- C:\Users\Petra\Desktop\2014-04-05 11.59.44.jpg
[2014/04/03 22:42:38 | 003,972,608 | ---- | M] () -- C:\Users\Petra\Desktop\RogueKiller.exe
[2014/04/03 17:27:46 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/01 22:14:11 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/03/31 22:12:47 | 001,950,720 | ---- | M] () -- C:\Users\Petra\Desktop\adwcleaner.exe
[2014/03/31 02:13:30 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/30 19:16:25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/30 19:16:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/30 17:58:33 | 000,668,138 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014/03/30 17:58:33 | 000,653,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/30 17:58:33 | 000,140,798 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014/03/30 17:58:33 | 000,121,398 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/30 13:31:42 | 000,221,298 | ---- | M] () -- C:\Users\Petra\Desktop\2014-03-30 15.02.24.jpg
[2014/03/30 13:31:06 | 000,218,130 | ---- | M] () -- C:\Users\Petra\Desktop\2014-03-30 15.02.37.jpg
[2014/03/30 13:12:12 | 000,382,548 | ---- | M] () -- C:\Users\Petra\Desktop\2014-03-30 14.50.07.jpg
[2014/03/29 19:56:30 | 000,002,532 | ---- | M] () -- C:\Users\Public\Desktop\Play Nightmares from the Deep - Davy Jones Collector's Edition.lnk
[2014/03/26 17:59:25 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/03/20 23:49:57 | 000,676,154 | ---- | M] () -- C:\Users\Petra\Desktop\mobilita.pdf
[2014/03/18 19:49:39 | 000,052,920 | ---- | M] (StdLib) -- C:\Windows\System32\drivers\wStLib.sys
[2014/03/13 19:15:03 | 000,317,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/12 22:20:53 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/09 22:29:17 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/04/09 11:06:15 | 000,002,567 | ---- | C] () -- C:\Users\Public\Desktop\Play Dark Strokes - The Legend of Snow Kingdom Collectors Edition.lnk
[2014/04/09 11:06:15 | 000,001,352 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/04/05 15:59:45 | 000,082,754 | ---- | C] () -- C:\Users\Petra\Desktop\ME152571c_20141C90DD112DB6172141AE4EEBD05BE3DF.jpg
[2014/04/05 14:20:40 | 000,529,096 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.05.56.jpg
[2014/04/05 14:20:00 | 000,588,606 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.13.19.jpg
[2014/04/05 14:19:33 | 000,566,239 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.15.10.jpg
[2014/04/05 14:18:45 | 000,563,795 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.22.10.jpg
[2014/04/05 14:17:40 | 000,566,761 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.43.52.jpg
[2014/04/05 14:16:26 | 000,578,180 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-04 17.51.26.jpg
[2014/04/05 12:41:23 | 000,461,648 | ---- | C] () -- C:\Users\Petra\Desktop\2014-04-05 11.59.44.jpg
[2014/04/03 22:42:34 | 003,972,608 | ---- | C] () -- C:\Users\Petra\Desktop\RogueKiller.exe
[2014/03/31 22:12:42 | 001,950,720 | ---- | C] () -- C:\Users\Petra\Desktop\adwcleaner.exe
[2014/03/30 13:31:32 | 000,221,298 | ---- | C] () -- C:\Users\Petra\Desktop\2014-03-30 15.02.24.jpg
[2014/03/30 13:30:59 | 000,218,130 | ---- | C] () -- C:\Users\Petra\Desktop\2014-03-30 15.02.37.jpg
[2014/03/30 13:12:03 | 000,382,548 | ---- | C] () -- C:\Users\Petra\Desktop\2014-03-30 14.50.07.jpg
[2014/03/29 19:56:30 | 000,002,532 | ---- | C] () -- C:\Users\Public\Desktop\Play Nightmares from the Deep - Davy Jones Collector's Edition.lnk
[2014/03/20 23:49:56 | 000,676,154 | ---- | C] () -- C:\Users\Petra\Desktop\mobilita.pdf
[2014/03/12 22:20:53 | 000,001,143 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/03/12 22:20:53 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/03/08 18:29:13 | 000,649,350 | ---- | C] () -- C:\Users\Petra\AppData\Roaming\log.sflog
[2014/02/15 12:52:42 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013/07/27 14:26:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/06/22 08:48:15 | 000,668,138 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2013/06/22 08:48:15 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2013/06/22 08:48:15 | 000,140,798 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2013/06/22 08:48:15 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2013/06/22 08:45:20 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2013/06/22 08:45:20 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2013/06/22 08:45:20 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2013/06/22 08:45:19 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2013/06/22 07:54:39 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/11/09 11:18:10 | 000,024,064 | ---- | C] () -- C:\Windows\System32\xrxs1l3.dll
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/08/27 18:26:00 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/08/27 18:26:00 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/10/06 15:44:09 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\.minecraft
[2014/02/09 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\4 Friends Games
[2013/11/25 18:56:14 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\8floor
[2014/01/17 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Absolutist
[2013/11/09 20:29:50 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Alawar Stargaze
[2014/01/17 22:46:45 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\AlawarEntertainment
[2014/03/29 22:36:47 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Anino Games
[2014/03/29 21:36:35 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Artifex Mundi
[2014/03/14 23:13:29 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\AVG2014
[2013/12/25 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Big Top Games
[2014/03/01 16:40:02 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\BlamGames
[2014/03/17 17:38:17 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Blue Tea Games
[2013/12/25 17:28:53 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Boomzap
[2013/07/26 10:31:15 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\BSplayer Pro
[2013/11/01 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Building the Great Wall of China
[2013/08/13 19:12:24 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Color Brush
[2013/07/26 17:09:48 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\com.custardsquare.CircusCircus.RunAwayWithTheCircus
[2013/11/03 17:17:00 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\DAEMON Tools Lite
[2013/11/30 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\DarkManor
[2014/01/15 22:18:06 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Deep Shadows
[2013/06/22 07:34:27 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\DesktopPwrMgr
[2014/02/12 20:14:30 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\DominiGames
[2014/03/01 15:47:45 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Eipix
[2014/01/16 20:56:21 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\EleFun Games
[2014/03/29 20:35:20 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Elephant Games
[2013/11/11 22:48:41 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Enki Games
[2014/01/25 19:41:20 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\ERS Game Studios
[2014/03/03 16:46:15 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Five-BN Games
[2013/09/22 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Friday's games
[2013/08/22 16:14:57 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Game
[2013/11/25 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Games
[2013/10/26 19:36:11 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\GestaltGames
[2013/11/24 19:15:35 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Gogii
[2014/01/04 22:52:55 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Gogii Games
[2013/11/17 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\GrandMA Studios
[2013/11/19 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\IcarusGames
[2014/02/15 12:52:44 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\IteraLabs
[2014/03/03 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Lazy Turtle Games
[2013/09/17 17:54:47 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Lonely Troops
[2013/11/24 20:04:22 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Mad Head Games
[2014/02/01 20:33:46 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\MagicIndie
[2014/02/19 21:40:29 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Mariaglorum
[2013/12/01 20:42:47 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Maximize Games
[2014/02/06 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\NevoSoft Games
[2013/10/07 09:11:03 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Origin
[2014/02/02 19:41:42 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Orneon
[2013/10/06 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Red Alert 3 Uprising
[2014/03/08 18:30:11 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\saves
[2013/09/22 18:34:10 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Settlement. Colossus
[2014/04/07 12:13:12 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Seznam.cz
[2014/01/05 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\ShamanGS
[2014/02/09 21:41:20 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\T1 Games
[2014/03/17 18:19:38 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Tap It Games
[2013/11/05 19:08:17 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\TikisLab
[2014/01/07 21:23:02 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\TOMI2.THE GATES OF FATE
[2013/08/01 13:40:39 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\TuneUp Software
[2014/04/09 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\uTorrent
[2014/03/15 02:42:18 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\AVG2014
[2013/10/22 01:50:33 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\DAEMON Tools Lite
[2013/08/21 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\DesktopPwrMgr
[2014/04/07 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\Seznam.cz
[2013/08/21 22:29:44 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\TuneUp Software
[2014/04/07 21:35:17 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\uTorrent
[2013/09/19 08:57:18 | 000,000,000 | ---D | M] -- C:\Users\Tonik\AppData\Roaming\WinZip
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 06:53:46 | 000,032,520 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/06/22 07:58:06 | 000,000,452 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2013/07/26 09:48:26 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2012/06/02 06:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2013/05/10 06:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013/05/13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013/07/09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\System32\cryptsvc.dll
[2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012/06/02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2013/05/10 07:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2012/06/02 06:41:59 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2013/10/05 03:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[2012/06/02 06:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: IASTORV.SYS >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
< MD5 for: LSASS.EXE >
[2011/11/17 09:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2013/09/25 02:54:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=559C7769B397F07E12725EE55337D4C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_a8a66792d452b56a\lsass.exe
[2013/09/25 02:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\System32\lsass.exe
[2013/09/25 02:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_a80cf783bb41b5b7\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[2012/06/02 06:40:31 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=A6034689ACF9D14973F8384AD5A5451E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2012/06/02 06:51:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[2011/11/17 07:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
< MD5 for: NDIS.SYS >
[2012/08/22 19:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2012/08/22 19:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys
[2012/08/22 19:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2010/11/20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011/03/11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\drivers\nvraid.sys
[2011/03/11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/03/11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011/03/11 07:28:10 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2011/03/11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2011/03/11 07:52:25 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SMSS.EXE >
[2013/03/19 04:43:41 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0294CC751D7FAEB13621EEFB8A749429 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2013/03/19 04:51:05 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=37F4765554F2CD34AAAB616F696E5539 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21490_none_ac8ab2c593af8bd4\smss.exe
[2013/07/08 05:02:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=634E0B45780F502304592C5615A31089 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_ae8fb42390bda114\smss.exe
[2013/03/19 04:50:03 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=B24BF638652522BB5E14AB7993FD4A5D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_ac19b4ca7a7f0306\smss.exe
[2013/08/29 02:51:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_aeb7f4db909fe272\smss.exe
[2013/03/19 04:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\System32\smss.exe
[2013/03/19 04:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
[2013/05/06 05:02:20 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=EC745C0949B101129AB6D39CD63808A6 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22318_none_aecf9361908de017\smss.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013/01/03 07:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013/01/04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013/07/06 07:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013/07/06 06:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2010/04/09 09:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2013/05/08 08:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2010/04/09 09:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
[2013/09/07 04:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013/01/03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2013/01/04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2013/09/08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\System32\drivers\tcpip.sys
[2013/09/08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2013/05/08 07:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2012/10/03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013/11/26 13:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012/10/03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\21bf4f1621143e0103daef3cc5a3013f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\21bf4f1621143e0103daef3cc5a3013f\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\3c6b54bcfb3c23f715dc558bc21287fd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3c6b54bcfb3c23f715dc558bc21287fd\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\*.tmp files -> C:\Windows\SoftwareDistribution\Download\59e1fa28495cdd77c27b61432454fc64\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\bbcc525f37ad87da3cf2bdd37ffaf044\*.tmp files -> C:\Windows\SoftwareDistribution\Download\bbcc525f37ad87da3cf2bdd37ffaf044\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\cadfd73a978beb54e8ac84ec9a4cf99b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\def445ec30865998d1fd1bc2aacd30ef\*.tmp files -> C:\Windows\SoftwareDistribution\Download\def445ec30865998d1fd1bc2aacd30ef\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\f9a13c42801955cef3eb2c50d610ae88\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f9a13c42801955cef3eb2c50d610ae88\*.tmp -> ]
[98 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\{6533B6D5-7008-4EB6-B9D1-49C42B44983D}\*.tmp files -> C:\Windows\Temp\{6533B6D5-7008-4EB6-B9D1-49C42B44983D}\*.tmp -> ]
Přispějete na provoz fóra?