prosim o kontrolu logu.
niekedy sa internet zasekava na par min. napr. pri prihlaseni na pokec.sk
Logfile of random's system information tool 1.09 (written by random/random)
Run by uzivatel1 at 2014-03-24 16:33:14
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 32 GB (44%) free of 71 GB
Total RAM: 1526 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:33:30, on 24. 3. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Evaer\videochannel.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\uzivatel1\Downloads\RSIT.exe
C:\Program Files\trend micro\uzivatel1.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.webisawsome.info/?pid= ... K&unqvl=49
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: webSave - {00D80CC2-26D6-97BC-B025-BD2F3992BEC8} - C:\Program Files\webSave\wlS.dll
O2 - BHO: SNT - {14E14886-58C2-A320-47DE-CC7357648A84} - C:\Program Files\SNT\YNcHKooM.dll
O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll
O2 - BHO: SNT - {2DD2A8A6-A78D-28EE-8F34-3A1F37ED4990} - C:\Program Files\SNT\2_ryuRcAL.dll
O2 - BHO: YoutubeAdblocker - {54B82E5B-6830-736E-6949-AA9E153BD3A3} - C:\Program Files\YoutubeAdblocker\Gx4xCSv_.dll
O2 - BHO: SNT - {884CC8DA-3251-1F1A-1311-FF4B1B4C71C6} - C:\Program Files\SNT\_GECv.dll
O2 - BHO: weebSave - {96537513-EA85-5BC1-52B0-101C195DCB21} - C:\Program Files\weebSave\6X.dll
O2 - BHO: websaavve - {F732E6D2-7436-2CB0-3E7D-1D72903D1A54} - C:\Program Files\websaavve\FQn14rR.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [avichannel] "C:\Program Files\Evaer\videochannel.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
--
End of file - 4830 bytes
=========Mozilla firefox=========
ProfilePath - C:\Users\uzivatel1\AppData\Roaming\Mozilla\Firefox\Profiles\1nwjnv6x.default
prefs.js - "browser.startup.homepage" - "google.sk"
prefs.js - "keyword.URL" - "http://websearch.webisawsome.info/?pid= ... =49&l=1&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Users\uzivatel1\AppData\Roaming\Mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\
aux0nwk@rv-.edu
donottrackplus@abine.com
https-everywhere@eff.org
{dd3d7613-0246-469d-bc65-2a3cc1668adc}
C:\Users\uzivatel1\AppData\Roaming\Mozilla\Firefox\Profiles\1nwjnv6x.default\searchplugins\
WebSearch.xml
zonealarm.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D80CC2-26D6-97BC-B025-BD2F3992BEC8}]
webSave - C:\Program Files\webSave\wlS.dll [2014-03-01 423936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14E14886-58C2-A320-47DE-CC7357648A84}]
SNT - C:\Program Files\SNT\YNcHKooM.dll [2014-03-01 423936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}]
Zonealarm Helper Object - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll [2013-07-22 302992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DD2A8A6-A78D-28EE-8F34-3A1F37ED4990}]
SNT - C:\Program Files\SNT\2_ryuRcAL.dll [2014-03-01 423936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54B82E5B-6830-736E-6949-AA9E153BD3A3}]
YoutubeAdblocker - C:\Program Files\YoutubeAdblocker\Gx4xCSv_.dll [2013-03-01 423936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{884CC8DA-3251-1F1A-1311-FF4B1B4C71C6}]
SNT - C:\Program Files\SNT\_GECv.dll [2014-03-01 423936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96537513-EA85-5BC1-52B0-101C195DCB21}]
weebSave - C:\Program Files\weebSave\6X.dll [2013-03-01 423936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F732E6D2-7436-2CB0-3E7D-1D72903D1A54}]
websaavve - C:\Program Files\websaavve\FQn14rR.dll [2013-03-01 423936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - ZoneAlarm Security Toolbar - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll [2013-07-22 289168]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"avichannel"=C:\Program Files\Evaer\videochannel.exe [2014-02-20 1780224]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avichannel]
C:\Program Files\Evaer\videochannel.exe [2014-02-20 1780224]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Pro]
C:\Program Files\Driver Pro\DPLauncher.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\PROGRA~1\Eraser\Eraser.exe --atRestart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveSupport]
C:\Program Files\LiveSupport\LiveSupport.exe /noshow /log []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2012-02-28 190768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
C:\Program Files\Optimizer Pro\OptProLauncher.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
"vidc.MPG4"=MPG4c32.dll
"vidc.MP42"=MPG4c32.dll
"vidc.MP43"=MPG4c32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-03-24 16:33:14 ----D---- C:\Program Files\trend micro
2014-03-24 16:22:48 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-03-11 22:31:37 ----A---- C:\Windows\system32\qedit.dll
2014-03-11 22:31:34 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 22:31:34 ----A---- C:\Windows\system32\jsproxy.dll
2014-03-11 22:31:34 ----A---- C:\Windows\system32\jscript9diag.dll
2014-03-11 22:31:34 ----A---- C:\Windows\system32\iernonce.dll
2014-03-11 22:31:34 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-03-11 22:31:34 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 22:31:34 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-03-11 22:31:33 ----A---- C:\Windows\system32\ieapfltr.dll
2014-03-11 22:31:32 ----A---- C:\Windows\system32\wininet.dll
2014-03-11 22:31:31 ----A---- C:\Windows\system32\ieui.dll
2014-03-11 22:31:30 ----A---- C:\Windows\system32\ieUnatt.exe
2014-03-11 22:31:29 ----A---- C:\Windows\system32\iertutil.dll
2014-03-11 22:31:28 ----A---- C:\Windows\system32\jscript9.dll
2014-03-11 22:31:26 ----A---- C:\Windows\system32\mshtml.dll
2014-03-11 22:31:23 ----A---- C:\Windows\system32\urlmon.dll
2014-03-11 22:31:22 ----A---- C:\Windows\system32\msfeeds.dll
2014-03-11 22:31:17 ----A---- C:\Windows\system32\msrating.dll
2014-03-11 22:31:17 ----A---- C:\Windows\system32\iesetup.dll
2014-03-11 22:31:17 ----A---- C:\Windows\system32\ie4uinit.exe
2014-03-11 22:31:16 ----A---- C:\Windows\system32\ieframe.dll
2014-03-11 22:30:18 ----A---- C:\Windows\system32\wwansvc.dll
2014-03-11 22:30:15 ----A---- C:\Windows\system32\win32k.sys
2014-03-11 22:30:13 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-03-11 22:30:13 ----A---- C:\Windows\system32\wer.dll
2014-03-08 14:31:52 ----SHD---- C:\Config.Msi
2014-03-08 13:59:56 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2014-03-08 13:59:46 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2014-03-08 12:09:25 ----D---- C:\Program Files\HD Tune
2014-03-08 11:29:16 ----D---- C:\Program Files\Virtual Console
2014-03-03 20:18:02 ----D---- C:\ProgramData\A-PDF
2014-03-02 11:49:23 ----A---- C:\Windows\WDICT32.INI
2014-03-02 00:29:22 ----A---- C:\Windows\system32\sun_debug1.txt
2014-03-02 00:29:22 ----A---- C:\Windows\system32\sun_debug.txt
2014-03-01 23:43:12 ----D---- C:\ProgramData\webbsaavve
2014-03-01 23:43:12 ----D---- C:\Program Files\webbsaavve
2014-03-01 23:38:51 ----D---- C:\Users\uzivatel1\AppData\Roaming\EZDownloader
2014-03-01 23:32:43 ----D---- C:\ProgramData\weebSave
2014-03-01 23:32:43 ----D---- C:\Program Files\weebSave
2014-03-01 23:30:30 ----D---- C:\Program Files\Optimizer Pro
2014-03-01 23:30:11 ----D---- C:\ProgramData\websaavve
2014-03-01 23:30:11 ----D---- C:\Program Files\websaavve
2014-03-01 23:24:31 ----D---- C:\ProgramData\Wuebbing
2014-03-01 23:24:31 ----D---- C:\Program Files\Wuebbing
2014-03-01 23:21:11 ----D---- C:\ProgramData\NextCouP
2014-03-01 23:21:10 ----D---- C:\Program Files\NextCouP
2014-03-01 23:02:40 ----D---- C:\ProgramData\wEbsaevE
2014-03-01 23:02:40 ----D---- C:\Program Files\wEbsaevE
2014-03-01 23:00:02 ----D---- C:\ProgramData\SNT
2014-03-01 23:00:01 ----D---- C:\Program Files\SNT
2014-03-01 23:00:01 ----A---- C:\Users\uzivatel1\AppData\Roaming\LiveSupport.exe_log.txt
2014-03-01 23:00:00 ----A---- C:\Users\uzivatel1\AppData\Roaming\regsvr32.exe_log.txt
2014-03-01 22:59:05 ----D---- C:\ProgramData\SafeSoft
2014-03-01 22:58:39 ----D---- C:\ProgramData\YoutubeAdblocker
2014-03-01 22:58:38 ----D---- C:\Program Files\YoutubeAdblocker
2014-03-01 22:58:25 ----D---- C:\ProgramData\webSave
2014-03-01 22:58:24 ----D---- C:\Program Files\webSave
2014-03-01 22:58:17 ----D---- C:\ProgramData\de3b06d2133bef33
2014-03-01 22:43:24 ----D---- C:\Program Files\PartitionGuru Free
2014-03-01 22:42:40 ----D---- C:\Program Files\Jotzey
2014-03-01 22:24:30 ----D---- C:\ProgramData\InstallMate
2014-03-01 22:19:22 ----D---- C:\Log
2014-03-01 21:02:19 ----D---- C:\Program Files\Runtime Software
2014-03-01 20:52:28 ----D---- C:\Program Files\Western Digital Corporation
2014-03-01 20:47:16 ----D---- C:\ProgramData\Licenses
2014-03-01 20:47:05 ----A---- C:\Windows\system32\drivers\rsdrv.sys
2014-03-01 20:45:37 ----D---- C:\Users\uzivatel1\AppData\Roaming\GetRightToGo
2014-03-01 11:23:57 ----D---- C:\Program Files\Autodesk
2014-02-26 17:20:38 ----D---- C:\Program Files\Common Files\Skype
2014-02-25 23:54:52 ----D---- C:\Windows\Migration
======List of files/folders modified in the last 1 month======
2014-03-24 16:33:25 ----D---- C:\Windows\Prefetch
2014-03-24 16:33:17 ----D---- C:\Windows\Temp
2014-03-24 16:33:14 ----RD---- C:\Program Files
2014-03-24 16:31:46 ----D---- C:\Users\uzivatel1\AppData\Roaming\Skype
2014-03-24 16:30:56 ----D---- C:\Windows\System32
2014-03-24 16:30:56 ----D---- C:\Windows\inf
2014-03-24 16:30:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-24 16:27:33 ----D---- C:\Windows\winsxs
2014-03-24 16:25:24 ----D---- C:\Windows\system32\catroot
2014-03-24 16:25:23 ----D---- C:\Windows\system32\catroot2
2014-03-24 16:23:12 ----D---- C:\Windows\system32\config
2014-03-24 16:23:08 ----D---- C:\Windows
2014-03-23 21:11:11 ----D---- C:\Windows\ModemLogs
2014-03-23 21:11:10 ----D---- C:\Windows\debug
2014-03-19 18:58:40 ----D---- C:\Windows\system32\MRT
2014-03-19 18:54:49 ----A---- C:\Windows\system32\MRT.exe
2014-03-14 23:02:25 ----D---- C:\Windows\Downloaded Program Files
2014-03-14 23:02:23 ----D---- C:\Windows\Tasks
2014-03-14 23:02:23 ----D---- C:\Windows\system32\Tasks
2014-03-14 23:02:15 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 22:45:40 ----D---- C:\Users\uzivatel1\AppData\Roaming\Nokia
2014-03-12 22:39:25 ----D---- C:\Program Files\Internet Explorer
2014-03-08 14:33:07 ----SHD---- C:\Windows\Installer
2014-03-08 14:33:03 ----DC---- C:\Windows\system32\DRVSTORE
2014-03-08 14:33:00 ----D---- C:\Windows\system32\DriverStore
2014-03-08 14:31:55 ----D---- C:\Windows\system32\drivers
2014-03-03 20:18:02 ----HD---- C:\ProgramData
2014-03-02 00:16:25 ----D---- C:\Windows\SoftwareDistribution
2014-03-01 23:46:41 ----RD---- C:\Program Files\Skype
2014-03-01 23:39:03 ----SD---- C:\Users\uzivatel1\AppData\Roaming\Microsoft
2014-03-01 23:21:08 ----D---- C:\Program Files\CCleaner
2014-03-01 22:58:16 ----RD---- C:\Users
2014-03-01 22:52:14 ----AD---- C:\ProgramData\TEMP
2014-02-27 18:52:39 ----D---- C:\Windows\Microsoft.NET
2014-02-26 17:20:38 ----D---- C:\Program Files\Common Files
2014-02-26 17:20:35 ----D---- C:\ProgramData\Skype
2014-02-25 23:58:17 ----RSD---- C:\Windows\assembly
2014-02-25 23:55:16 ----D---- C:\Windows\system32\en-US
2014-02-25 23:54:52 ----SD---- C:\ProgramData\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2011-10-12 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2011-10-12 388096]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\rsdrv.sys [2009-02-12 22312]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2011-10-12 48640]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-09-07 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-25 44544]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-25 38400]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2006-09-19 298496]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver; C:\Windows\system32\DRIVERS\ATSwpWDF.sys [2012-10-18 971752]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-13 1131008]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-10-12 60416]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2009-07-13 43008]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2011-10-12 84992]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2011-10-12 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver; C:\Windows\system32\drivers\Synth3dVsc.sys [2011-10-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2013-11-28 104720]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2013-11-28 84752]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2011-10-12 21504]
R2 uCamMonitor;CamMonitor; C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2011-10-12 21504]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-15 118896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2011-10-12 21504]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2011-10-12 21504]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-20 1343400]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim kontrola logu rsit
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim kontrola logu rsit
Zdravím!
Jak to vypadá s legalitou vašeho oper. systému?
Jak to vypadá s legalitou vašeho oper. systému?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim kontrola logu rsit
malo by to byt OK.
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim kontrola logu rsit
Zkuste tento postup:
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kliknete na ProhledatCREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim kontrola logu rsit
OTL logfile created on: 26. 3. 2014 21:22:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\uzivatel1\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
1,49 Gb Total Physical Memory | 0,50 Gb Available Physical Memory | 33,52% Memory free
2,98 Gb Paging File | 1,91 Gb Available in Paging File | 64,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,70 Gb Total Space | 30,79 Gb Free Space | 44,17% Space Free | Partition Type: NTFS
Computer Name: PC1 | User Name: uzivatel1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/26 21:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
PRC - [2014/02/20 10:08:12 | 001,780,224 | ---- | M] (Evaer Technology) -- C:\Program Files\Evaer\videochannel.exe
PRC - [2014/02/15 09:49:05 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/06/26 12:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012/06/11 10:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/06/11 10:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/06/11 10:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012/06/11 10:33:04 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012/02/28 15:53:36 | 001,141,040 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Software Updater\nsu3ui.exe
PRC - [2011/10/12 12:26:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/15 09:49:05 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/26 12:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012/06/26 12:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012/06/26 12:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012/06/26 12:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012/06/26 12:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012/06/26 12:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2012/02/28 15:25:14 | 000,323,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_lib.dll
MOD - [2011/09/13 13:17:46 | 001,907,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\styles\OviCommonStyle.dll
MOD - [2011/09/13 13:17:04 | 000,593,408 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\WidgetLibrary.dll
MOD - [2011/08/31 09:57:58 | 000,021,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\imageformats\qsvg4.dll
MOD - [2011/08/31 09:33:54 | 000,280,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\QtSvg4.dll
MOD - [2011/08/31 09:31:24 | 008,288,256 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\qtgui4.dll
MOD - [2011/08/31 09:28:08 | 001,002,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\qtnetwork4.dll
MOD - [2011/08/31 09:27:42 | 000,357,888 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\qtxml4.dll
MOD - [2011/08/31 09:27:34 | 002,302,464 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\qtcore4.dll
MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2014/03/01 04:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/02/15 09:49:05 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/20 21:24:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/06/11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013/11/28 19:28:22 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013/11/28 19:27:22 | 000,084,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2012/10/18 10:12:06 | 000,971,752 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2012/06/11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 16:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012/01/09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 16:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/10/12 12:32:39 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/07 08:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/06/25 06:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 06:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008/04/24 13:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.webisawsome.info/?pid= ... K&unqvl=49
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.webisawsome.info/?l=1& ... K&unqvl=49
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 90 B6 B3 94 55 CE 01 [binary data]
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=591
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.webisawsome.info/?l=1& ... K&unqvl=49
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.webisawsome.info/?pid= ... =49&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "google.sk"
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.4.5
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.2.1072
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://websearch.webisawsome.info/?pid= ... =49&l=1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/05/20 21:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Extensions
[2014/03/25 21:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions
[2013/10/01 22:50:42 | 000,000,000 | ---D | M] (Block site) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2014/03/01 22:59:57 | 000,000,000 | ---D | M] (YoutubeAdblocker) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\aux0nwk@rv-.edu
[2014/03/13 22:35:43 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\donottrackplus@abine.com
[2014/01/04 10:43:34 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\https-everywhere@eff.org
[2014/03/05 21:48:52 | 001,393,079 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\firefox@ghostery.com.xpi
[2014/02/11 15:56:26 | 000,081,960 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2014/03/25 21:46:44 | 000,537,316 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/02/26 16:14:02 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/01 23:43:44 | 000,000,647 | ---- | M] () -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\searchplugins\WebSearch.xml
[2013/09/08 08:37:14 | 000,001,502 | ---- | M] () -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\searchplugins\zonealarm.xml
[2014/03/01 23:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 09:49:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (webSave) - {00D80CC2-26D6-97BC-B025-BD2F3992BEC8} - C:\Program Files\webSave\wlS.dll ()
O2 - BHO: (SNT) - {14E14886-58C2-A320-47DE-CC7357648A84} - C:\Program Files\SNT\YNcHKooM.dll ()
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (SNT) - {2DD2A8A6-A78D-28EE-8F34-3A1F37ED4990} - C:\Program Files\SNT\2_ryuRcAL.dll ()
O2 - BHO: (YoutubeAdblocker) - {54B82E5B-6830-736E-6949-AA9E153BD3A3} - C:\Program Files\YoutubeAdblocker\Gx4xCSv_.dll ()
O2 - BHO: (SNT) - {884CC8DA-3251-1F1A-1311-FF4B1B4C71C6} - C:\Program Files\SNT\_GECv.dll ()
O2 - BHO: (weebSave) - {96537513-EA85-5BC1-52B0-101C195DCB21} - C:\Program Files\weebSave\6X.dll ()
O2 - BHO: (websaavve) - {F732E6D2-7436-2CB0-3E7D-1D72903D1A54} - C:\Program Files\websaavve\FQn14rR.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1707592230-9377432-2897197462-1000..\Run: [avichannel] C:\Program Files\Evaer\videochannel.exe (Evaer Technology)
O4 - HKU\S-1-5-21-1707592230-9377432-2897197462-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\System32\MPG4ds32.ax (Microcrap Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.151.222.34 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BF1FA07-2778-4AB2-AAFC-D65B47D5A9D0}: DhcpNameServer = 213.151.222.34 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F615A143-678D-44E1-A0C8-1C1575F76037}: DhcpNameServer = 213.151.222.34 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014/03/26 21:21:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
[2014/03/24 16:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/03/11 22:31:37 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/11 22:31:34 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/11 22:31:34 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/03/11 22:31:34 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/03/11 22:31:34 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/03/11 22:31:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/11 22:31:34 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/11 22:31:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/03/11 22:31:33 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/03/11 22:31:31 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/11 22:31:30 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/11 22:31:28 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/11 22:31:22 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/11 22:31:21 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/11 22:31:18 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/11 22:31:17 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/11 22:31:17 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/11 22:31:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/11 22:30:15 | 002,357,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/11 22:30:13 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/03/08 14:31:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/03/08 13:59:56 | 000,188,176 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2014/03/08 13:59:46 | 000,093,968 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2014/03/08 12:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2014/03/08 12:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2014/03/08 11:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Console
[2014/03/08 11:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Console
[2014/03/03 20:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
[2014/03/01 23:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\webbsaavve
[2014/03/01 23:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\webbsaavve
[2014/03/01 23:38:51 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Roaming\EZDownloader
[2014/03/01 23:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\weebSave
[2014/03/01 23:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\weebSave
[2014/03/01 23:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2014/03/01 23:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\websaavve
[2014/03/01 23:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\websaavve
[2014/03/01 23:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Wuebbing
[2014/03/01 23:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Wuebbing
[2014/03/01 23:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NextCouP
[2014/03/01 23:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\NextCouP
[2014/03/01 23:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\wEbsaevE
[2014/03/01 23:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\wEbsaevE
[2014/03/01 23:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SNT
[2014/03/01 23:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\SNT
[2014/03/01 22:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeSoft
[2014/03/01 22:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker
[2014/03/01 22:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeAdblocker
[2014/03/01 22:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\webSave
[2014/03/01 22:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\webSave
[2014/03/01 22:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\de3b06d2133bef33
[2014/03/01 22:58:16 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Local\Torch
[2014/03/01 22:58:16 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Local\Google
[2014/03/01 22:58:16 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Local\Comodo
[2014/03/01 22:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\PartitionGuru Free
[2014/03/01 22:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Jotzey
[2014/03/01 22:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/03/01 22:19:22 | 000,000,000 | ---D | C] -- C:\Log
[2014/03/01 21:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2014/03/01 21:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2014/03/01 20:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2014/03/01 20:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/03/01 20:47:05 | 000,022,312 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\rsdrv.sys
[2014/03/01 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\Documents\Downloads
[2014/03/01 20:45:37 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Roaming\GetRightToGo
[2014/03/01 11:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2014/02/26 17:20:57 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Local\Skype
[2014/02/26 17:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/02/26 17:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/02/25 23:54:52 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2001/12/19 10:45:00 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\Users\uzivatel1\VCdRom.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/03/26 21:25:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/03/26 21:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
[2014/03/26 20:59:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/26 19:45:12 | 000,660,750 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014/03/26 19:45:12 | 000,654,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/26 19:45:12 | 000,141,400 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014/03/26 19:45:12 | 000,122,118 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/26 19:40:27 | 1200,234,496 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/25 23:07:43 | 000,003,096 | ---- | M] () -- C:\Windows\WDICT32.INI
[2014/03/24 16:54:30 | 000,016,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/24 16:54:29 | 000,016,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/24 16:23:16 | 000,345,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/14 23:02:15 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/14 23:02:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/08 12:09:25 | 000,000,903 | ---- | M] () -- C:\Users\uzivatel1\Desktop\HD Tune.lnk
[2014/03/08 11:29:16 | 000,002,631 | ---- | M] () -- C:\Users\Public\Desktop\Flash Drive Tester v1.14.lnk
[2014/03/02 00:22:14 | 000,001,075 | ---- | M] () -- C:\Users\uzivatel1\Desktop\GetDataBack for FAT.lnk
[2014/03/01 05:11:20 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/01 05:10:48 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/03/01 04:52:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/01 04:51:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/03/01 04:43:55 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/01 04:43:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/01 04:40:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/01 04:38:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/01 04:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/03/01 04:37:35 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/03/01 04:31:30 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/01 04:25:29 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/01 04:16:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/01 04:14:15 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/01 04:03:49 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/01 04:00:08 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/01 03:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/02/26 17:20:38 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/03/26 21:25:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/03/24 16:22:48 | 000,345,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/08 13:36:10 | 000,001,075 | ---- | C] () -- C:\Users\uzivatel1\Desktop\GetDataBack for FAT.lnk
[2014/03/08 12:09:25 | 000,000,903 | ---- | C] () -- C:\Users\uzivatel1\Desktop\HD Tune.lnk
[2014/03/08 11:29:16 | 000,002,631 | ---- | C] () -- C:\Users\Public\Desktop\Flash Drive Tester v1.14.lnk
[2014/03/02 11:49:23 | 000,003,096 | ---- | C] () -- C:\Windows\WDICT32.INI
[2014/02/26 17:20:38 | 000,002,685 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/08 14:31:24 | 000,001,129 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2001/12/19 10:45:04 | 000,023,552 | ---- | C] () -- C:\Users\uzivatel1\VCdControlTool.exe
========== ZeroAccess Check ==========
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/02/24 21:17:38 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Evaer
[2014/03/01 23:38:51 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\EZDownloader
[2014/03/01 20:47:21 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\GetRightToGo
[2014/03/13 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Nokia
[2013/10/22 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\PC Suite
[2013/05/21 18:37:23 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Sound Drivers For Windows XP Utility
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 05:53:46 | 000,032,512 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
< >
< MD5 for: AGP440.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_0df88df672b38012\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_302c3064e8a4daa5\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_7f45ba754b7ae099\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17686_none_bbd0aa2d1d29e5f1\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.21772_none_bc6115bc3643046e\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.21812_none_bca1f72a361259ef\AGP440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2004/08/04 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\I386\AUTOCHK.EXE
[2010/11/20 22:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 22:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys
[2010/11/20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2012/06/02 05:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2013/05/10 05:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013/05/13 05:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013/07/09 14:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2010/11/20 22:29:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 05:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2013/05/10 06:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013/10/05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\System32\cryptsvc.dll
[2013/10/05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2011/10/12 12:26:19 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/10/12 12:26:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/10/12 12:26:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: HAL.DLL >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:hal.dll
[2010/11/20 22:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2011/10/12 13:04:14 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=5D8C314EEC58BC1A90FCE302CEAC3BF5 -- C:\Windows\System32\hal.dll
[2011/10/12 13:04:14 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=5D8C314EEC58BC1A90FCE302CEAC3BF5 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17614_none_ad305e75b7ec4d87\hal.dll
[2011/10/12 13:04:13 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=A954AC031585E6152CA48596942BF356 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.21725_none_adb02b9ed1112299\hal.dll
< MD5 for: CHANGER.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:Changer.sys
< MD5 for: IASTORV.SYS >
[2011/10/12 15:05:49 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/10/12 15:05:49 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/10/12 15:05:49 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/10/12 15:05:49 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_0df88df672b38012\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_302c3064e8a4daa5\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_7f45ba754b7ae099\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17686_none_bbd0aa2d1d29e5f1\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.21772_none_bc6115bc3643046e\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.21812_none_bca1f72a361259ef\isapnp.sys
< MD5 for: LSASS.EXE >
[2011/10/12 13:01:56 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=3ABDB971E97A59E6749B160E17335D7A -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21728_none_a8d4c49ad42f6f7f\lsass.exe
[2013/09/25 01:54:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=559C7769B397F07E12725EE55337D4C6 -- C:\Windows\System32\lsass.exe
[2013/09/25 01:54:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=559C7769B397F07E12725EE55337D4C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_a8a66792d452b56a\lsass.exe
[2013/09/25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_a80cf783bb41b5b7\lsass.exe
[2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2011/11/17 06:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
< MD5 for: NDIS.SYS >
[2012/08/22 18:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2012/08/22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys
[2012/08/22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2010/11/20 22:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
< MD5 for: NETLOGON.DLL >
[2011/10/12 13:41:00 | 000,564,224 | ---- | M] (Microsoft Corporation) MD5=1A632357783D393BCAC09A07DD57CF51 -- C:\Windows\System32\netlogon.dll
[2011/10/12 13:41:00 | 000,564,224 | ---- | M] (Microsoft Corporation) MD5=1A632357783D393BCAC09A07DD57CF51 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.21772_none_0005dfc3af8c134b\netlogon.dll
[2010/11/20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
< MD5 for: NVRAID.SYS >
[2010/11/20 22:29:03 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 22:29:03 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011/10/12 15:05:49 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\drivers\nvraid.sys
[2011/10/12 15:05:49 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/10/12 15:05:49 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011/10/12 15:05:48 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2011/10/12 15:05:48 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/10/12 15:05:48 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/10/12 15:05:48 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/10/12 15:05:48 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010/11/20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SMSS.EXE >
[2013/03/19 03:43:41 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0294CC751D7FAEB13621EEFB8A749429 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe
[2009/07/14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2004/08/04 14:00:00 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=9A98937A980831729D21343754FF9D59 -- C:\I386\SYSTEM32\SMSS.EXE
[2013/08/29 01:51:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\System32\smss.exe
[2013/08/29 01:51:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_aeb7f4db909fe272\smss.exe
[2013/03/19 03:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/10/12 12:22:15 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2011/10/12 12:22:15 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\System32\svchost.exe
[2011/10/12 12:22:15 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe
< MD5 for: TCPIP.SYS >
[2010/11/20 22:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/10/12 11:54:53 | 001,299,328 | ---- | M] (Microsoft Corporation) MD5=4AA93F6ACA15ABCDA686FE3D8A008298 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21645_none_b58fa98edddd66f5\tcpip.sys
[2013/09/07 03:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2013/09/08 03:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012/10/03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013/11/26 12:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\System32\drivers\tcpip.sys
[2013/11/26 12:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2011/10/12 11:49:03 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=DEB39B9561044164A1F40449CE95F361 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21789_none_b5686cecddfa393c\tcpip.sys
[2012/10/03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2011/10/12 12:52:16 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=F99E3D57EE87286AE9BFAFC157F53616 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21732_none_b5977a82ddd7fc26\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
< MD5 for: WINLOGON.EXE >
[2011/10/12 13:24:01 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=58AACDEE236690C090A86B5A34EC4B77 -- C:\Windows\System32\winlogon.exe
[2011/10/12 13:24:01 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=58AACDEE236690C090A86B5A34EC4B77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.21756_none_722aca974c6fd463\winlogon.exe
[2010/11/20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010/11/20 22:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010/11/20 22:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[13 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Installer\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}\*.tmp files -> C:\Windows\Installer\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b24986397a62319c872849186a7e0970\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b24986397a62319c872849186a7e0970\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013/05/20 21:30:15 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Adobe
[2013/12/31 23:10:01 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\ArcSoft
[2014/02/24 21:17:38 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Evaer
[2014/03/01 23:38:51 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\EZDownloader
[2014/03/01 20:47:21 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\GetRightToGo
[2013/05/20 20:04:27 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Identities
[2013/05/21 19:23:57 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\InstallShield
[2013/05/20 21:30:15 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Macromedia
[2011/04/12 07:45:45 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Media Center Programs
[2014/03/01 23:39:03 | 000,000,000 | --SD | M] -- C:\Users\uzivatel1\AppData\Roaming\Microsoft
[2013/05/20 21:21:25 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Mozilla
[2014/03/13 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Nokia
[2013/10/22 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\PC Suite
[2014/03/26 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Skype
[2013/05/21 18:37:23 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Sound Drivers For Windows XP Utility
[2013/05/21 18:46:38 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2014/01/02 17:16:36 | 000,053,248 | R--- | M] (Flexera Software, Inc.) -- C:\Users\uzivatel1\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
[2014/01/02 17:16:36 | 000,049,152 | R--- | M] (Flexera Software, Inc.) -- C:\Users\uzivatel1\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
[2014/01/02 17:16:36 | 000,073,728 | R--- | M] (Flexera Software, Inc.) -- C:\Users\uzivatel1\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
[2014/01/02 17:16:36 | 000,073,728 | R--- | M] (Flexera Software, Inc.) -- C:\Users\uzivatel1\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
[2014/01/02 17:16:36 | 000,049,152 | R--- | M] (Flexera Software, Inc.) -- C:\Users\uzivatel1\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/03/24 16:54:29 | 000,016,864 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/24 16:54:30 | 000,016,864 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/24 16:23:16 | 000,345,200 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2014/03/26 19:45:12 | 000,141,400 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2014/03/26 19:45:12 | 000,122,118 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014/03/26 19:45:12 | 000,660,750 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2014/03/26 19:45:12 | 000,654,246 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014/03/26 19:45:12 | 001,583,678 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2014/03/26 21:29:07 | 000,001,498 | ---- | M] () -- C:\Windows\system32\sun_debug.txt
[2014/03/26 21:29:06 | 000,000,021 | ---- | M] () -- C:\Windows\system32\sun_debug1.txt
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"PC Suite Tray" = "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2012/06/26 12:10:30 | 001,516,632 | ---- | M] (Nokia)
"avichannel" = "C:\Program Files\Evaer\videochannel.exe" -- [2014/02/20 10:08:12 | 001,780,224 | ---- | M] (Evaer Technology)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/03/26 21:25:42 | 000,000,512 | ---- | M] () MD5=D80361C1F2F9B480230EC47A516C9D8A -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2004/08/04 14:00:00 | 000,017,423 | ---- | M] () -- \I386\DMLOADER.DL_
[2004/08/04 14:00:00 | 000,114,717 | ---- | M] () -- \I386\OSLOADER.EX_
[2004/08/04 14:00:00 | 000,132,317 | ---- | M] () -- \I386\OSLOADER.NT_
[2005/03/12 19:39:26 | 000,104,032 | ---- | M] () -- \IBMTOOLS\apps\NORTONIS\SETUP\ASCORE\COMMON\SYMSHARE\ANTISPAM\ASLOADER.DLL
[2006/10/26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2012/02/03 04:32:08 | 000,112,128 | ---- | M] () -- \Program Files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2009/01/08 07:11:26 | 000,077,824 | ---- | M] () -- \Program Files\Hama\Hama Webcam Suite\WebCam Companion 3\ASDownloader.exe
[2012/06/26 11:36:38 | 000,002,560 | ---- | M] () -- \Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_eng.NLR
[2014/03/24 22:40:50 | 000,001,870 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79THPEEC\AdLoader[1].htm
[2014/03/24 22:40:50 | 000,112,122 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F62ZOXRB\AdLoader-7b473315d0084c71df83cdee72aab144.min[1].js
[2014/01/28 19:35:56 | 000,072,638 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Skype\Apps\login\images\loader.gif
[2014/01/28 19:35:56 | 000,003,032 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Skype\Apps\login\images\loader.png
[2014/01/28 19:35:56 | 000,006,012 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014/01/28 19:35:56 | 000,021,956 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014/01/28 19:35:56 | 000,009,772 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014/03/13 22:26:16 | 000,000,673 | ---- | M] () -- \Users\uzivatel1\AppData\Roaming\Mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\donottrackplus@abine.com\pages\images\ajax_loader.gif
[2013/08/02 06:53:29 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2014/03/26 19:43:47 | 000,003,424 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
[2009/07/14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2011/10/12 12:28:53 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_359e67f47490d51d.manifest
[2011/10/12 12:28:53 | 000,034,688 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_359e67f47490d51d_winload.exe.mui_3bc5b827
[2011/10/12 12:28:53 | 000,030,592 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_359e67f47490d51d_winresume.exe.mui_ff8b5358
[2011/10/12 12:28:54 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_78f4b3505b8b317b.manifest
[2011/10/12 12:28:54 | 000,033,152 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_78f4b3505b8b317b_winload.exe.mui_3bc5b827
[2011/10/12 12:28:54 | 000,030,080 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_78f4b3505b8b317b_winresume.exe.mui_ff8b5358
[2011/10/12 12:28:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_5d77e1aae4365a1a.manifest
[2011/10/12 12:28:55 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_5d77e1aae4365a1a_winload.exe_75835076
[2011/10/12 12:28:56 | 000,443,744 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_5d77e1aae4365a1a_winresume.exe_85cd1215
[2009/07/14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2011/10/12 10:56:03 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2011/04/12 07:36:14 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2011/10/12 12:28:35 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_359e67f47490d51d.manifest
[2011/10/12 12:28:35 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_78f4b3505b8b317b.manifest
[2010/11/20 22:23:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2011/10/12 12:28:35 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_5d77e1aae4365a1a.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_43913ee0afad8a79.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_da-dk_e0cb1f07a5f38678.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_el-gr_868ce1d696df43a0.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_fi-fi_25cdebcd8be8caa6.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_hu-hu_70dadd676e00bdfa.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_ko-kr_5921af28465ead4d.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_nb-no_41b4305d1e83d909.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pl-pl_862fd61d04d25092.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pt-br_8883c0c1035be476.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pt-pt_8965902d02cb5452.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_ru-ru_d008a1f0e7ace27e.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_sv-se_6c038c65ded5ecd9.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_tr-tr_1510d6accd91eeca.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-cn_e66df4aa7dc9c0e9.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-hk_e518ed387ea53379.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-tw_ea6a32007b3a9d59.manifest
[2009/07/14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 02:48:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/10/12 13:11:34 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21773_none_0d0118c0f3613787\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 06:53:29 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2004/08/04 14:00:00 | 000,024,869 | ---- | M] () -- \I386\DPSERIAL.DL_
[2004/08/04 14:00:00 | 000,030,067 | ---- | M] () -- \I386\SERIAL.SY_
[2004/08/04 14:00:00 | 000,006,409 | ---- | M] () -- \I386\SERIALUI.DL_
[2006/01/06 22:49:16 | 000,001,030 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution.xml
[2006/01/06 22:49:16 | 000,002,853 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_de_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_es_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_fr_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_it_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_ja_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_ko_lenovo.p5p
[2006/01/06 22:49:16 | 000,005,930 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_nl_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_pt_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_zh-cn_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_zh-tw_lenovo.p5p
[2006/01/06 22:49:38 | 000,004,672 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\a30serial.gif
[2006/01/06 22:49:38 | 000,000,932 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution.xml
[2006/01/06 22:49:38 | 000,001,792 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_de_lenovo.p5p
[2006/01/06 22:49:38 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_es_lenovo.p5p
[2006/01/06 22:49:38 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_fr_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_it_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_ja_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_ko_lenovo.p5p
[2006/01/06 22:49:40 | 000,005,094 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_nl_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_pt_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_zh-cn_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_zh-tw_lenovo.p5p
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011/10/12 11:02:41 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2014/03/02 00:21:10 | 002,554,035 | ---- | M] () -- \Users\uzivatel1\Downloads\GetDataBack-for-FAT-v4.0.0.1+Serial-Key.rar
[2011/06/08 13:59:39 | 000,000,275 | ---- | M] () -- \Users\uzivatel1\Downloads\GetDataBack-for-FAT-v4.0.0.1+Serial-Key\GetDataBack for FAT v4.0.0.1+Serial Key\FAT Serial.txt
[2011/10/12 11:00:13 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2011/10/12 13:52:02 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014/02/13 10:15:53 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\90e320b6ff84382fe16b0991b2efb991\System.Runtime.Serialization.ni.dll
[2014/02/13 09:24:34 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\cadf4ad3f9671ad31ebc3388bce3fc53\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/26 21:53:57 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/26 21:53:57 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014/02/26 21:53:38 | 002,825,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
[2014/02/26 21:53:38 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll.aux
[2014/02/27 18:52:21 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll
[2014/02/27 18:52:21 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll.aux
[2013/09/11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013/09/11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013/09/11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013/09/11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013/09/11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011/10/12 10:57:18 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/10/05 11:56:07 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/09/11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013/09/11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013/09/11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013/09/11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013/09/11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2011/10/12 10:58:12 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009/07/14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2011/10/12 11:01:07 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2011/04/12 07:36:43 | 000,010,240 | ---- | M] () -- \Windows\System32\drivers\en-US\serial.sys.mui
[2009/07/13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009/07/14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009/07/13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2011/04/12 07:36:39 | 000,005,120 | ---- | M] () -- \Windows\System32\sk-SK\serialui.dll.mui
[2009/07/14 03:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 03:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2011/10/12 11:04:47 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2011/04/12 07:36:56 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c_serialui.dll.mui_7d29d2a3
[2009/07/14 03:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2010/11/20 22:24:56 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012/10/05 18:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2011/10/12 13:51:56 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21812_none_8fb1a8a08e81acb2.manifest
[2012/10/05 18:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2011/10/12 10:55:41 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2011/04/12 07:36:21 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012/10/05 20:04:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012/10/05 18:12:04 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2011/10/12 13:51:55 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21812_cs-cz_1d5cef599dcdcccc.manifest
[2011/10/12 13:51:55 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21812_en-us_7879696fd97917de.manifest
[2012/10/05 20:02:24 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2012/10/05 18:12:20 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2010/11/20 22:24:56 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012/10/05 18:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2011/10/12 13:51:56 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21812_none_bff4de3ab628ade5.manifest
[2012/10/05 18:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009/07/14 02:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 02:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2010/11/20 22:24:56 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012/10/05 18:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2011/10/12 13:51:56 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_c4cf8a07f6ff4827.manifest
[2012/10/05 18:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2011/10/12 11:00:13 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/11/20 22:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012/10/05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2011/10/12 13:52:04 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21812_none_8fb1a8a08e81acb2\System.Runtime.Serialization.dll
[2012/10/05 11:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2011/10/12 11:02:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2011/10/12 13:52:02 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2011/10/12 13:52:02 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21812_cs-cz_1d5cef599dcdcccc\System.RunTime.Serialization.Resources.dll
[2011/10/12 13:52:02 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2010/11/20 22:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2011/10/12 13:52:04 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21812_none_bff4de3ab628ade5\System.Runtime.Serialization.dll
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009/07/13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2011/10/12 10:57:18 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_c233d4df09982c29\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011/10/12 10:58:12 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2011/04/12 07:36:39 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c\serialui.dll.mui
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2011/10/12 11:02:41 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2011/10/12 11:01:07 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2011/04/12 07:36:43 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07e2c405948a55f4\serial.sys.mui
[2009/07/14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009/07/13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2010/11/20 22:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2011/10/12 13:52:03 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_c4cf8a07f6ff4827\System.Runtime.Serialization.dll
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll
< *w7lxe* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:6DDED7D9
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\uzivatel1\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
1,49 Gb Total Physical Memory | 0,50 Gb Available Physical Memory | 33,52% Memory free
2,98 Gb Paging File | 1,91 Gb Available in Paging File | 64,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,70 Gb Total Space | 30,79 Gb Free Space | 44,17% Space Free | Partition Type: NTFS
Computer Name: PC1 | User Name: uzivatel1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/26 21:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
PRC - [2014/02/20 10:08:12 | 001,780,224 | ---- | M] (Evaer Technology) -- C:\Program Files\Evaer\videochannel.exe
PRC - [2014/02/15 09:49:05 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/06/26 12:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012/06/11 10:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/06/11 10:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/06/11 10:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012/06/11 10:33:04 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012/02/28 15:53:36 | 001,141,040 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Software Updater\nsu3ui.exe
PRC - [2011/10/12 12:26:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/15 09:49:05 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/26 12:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012/06/26 12:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012/06/26 12:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012/06/26 12:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012/06/26 12:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012/06/26 12:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2012/02/28 15:25:14 | 000,323,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_lib.dll
MOD - [2011/09/13 13:17:46 | 001,907,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\styles\OviCommonStyle.dll
MOD - [2011/09/13 13:17:04 | 000,593,408 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\WidgetLibrary.dll
MOD - [2011/08/31 09:57:58 | 000,021,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\imageformats\qsvg4.dll
MOD - [2011/08/31 09:33:54 | 000,280,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\QtSvg4.dll
MOD - [2011/08/31 09:31:24 | 008,288,256 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\qtgui4.dll
MOD - [2011/08/31 09:28:08 | 001,002,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\qtnetwork4.dll
MOD - [2011/08/31 09:27:42 | 000,357,888 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\qtxml4.dll
MOD - [2011/08/31 09:27:34 | 002,302,464 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Updater\qtcore4.dll
MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2014/03/01 04:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/02/15 09:49:05 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/20 21:24:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/06/11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013/11/28 19:28:22 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013/11/28 19:27:22 | 000,084,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2012/10/18 10:12:06 | 000,971,752 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2012/06/11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 16:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012/01/09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 16:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/10/12 12:32:39 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/07 08:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/06/25 06:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 06:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008/04/24 13:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.webisawsome.info/?pid= ... K&unqvl=49
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.webisawsome.info/?l=1& ... K&unqvl=49
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 90 B6 B3 94 55 CE 01 [binary data]
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=591
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.webisawsome.info/?l=1& ... K&unqvl=49
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.webisawsome.info/?pid= ... =49&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "google.sk"
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.4.5
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.2.1072
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://websearch.webisawsome.info/?pid= ... =49&l=1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/05/20 21:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Extensions
[2014/03/25 21:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions
[2013/10/01 22:50:42 | 000,000,000 | ---D | M] (Block site) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2014/03/01 22:59:57 | 000,000,000 | ---D | M] (YoutubeAdblocker) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\aux0nwk@rv-.edu
[2014/03/13 22:35:43 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\donottrackplus@abine.com
[2014/01/04 10:43:34 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\https-everywhere@eff.org
[2014/03/05 21:48:52 | 001,393,079 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\firefox@ghostery.com.xpi
[2014/02/11 15:56:26 | 000,081,960 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2014/03/25 21:46:44 | 000,537,316 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/02/26 16:14:02 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/01 23:43:44 | 000,000,647 | ---- | M] () -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\searchplugins\WebSearch.xml
[2013/09/08 08:37:14 | 000,001,502 | ---- | M] () -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\searchplugins\zonealarm.xml
[2014/03/01 23:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 09:49:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (webSave) - {00D80CC2-26D6-97BC-B025-BD2F3992BEC8} - C:\Program Files\webSave\wlS.dll ()
O2 - BHO: (SNT) - {14E14886-58C2-A320-47DE-CC7357648A84} - C:\Program Files\SNT\YNcHKooM.dll ()
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (SNT) - {2DD2A8A6-A78D-28EE-8F34-3A1F37ED4990} - C:\Program Files\SNT\2_ryuRcAL.dll ()
O2 - BHO: (YoutubeAdblocker) - {54B82E5B-6830-736E-6949-AA9E153BD3A3} - C:\Program Files\YoutubeAdblocker\Gx4xCSv_.dll ()
O2 - BHO: (SNT) - {884CC8DA-3251-1F1A-1311-FF4B1B4C71C6} - C:\Program Files\SNT\_GECv.dll ()
O2 - BHO: (weebSave) - {96537513-EA85-5BC1-52B0-101C195DCB21} - C:\Program Files\weebSave\6X.dll ()
O2 - BHO: (websaavve) - {F732E6D2-7436-2CB0-3E7D-1D72903D1A54} - C:\Program Files\websaavve\FQn14rR.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1707592230-9377432-2897197462-1000..\Run: [avichannel] C:\Program Files\Evaer\videochannel.exe (Evaer Technology)
O4 - HKU\S-1-5-21-1707592230-9377432-2897197462-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\System32\MPG4ds32.ax (Microcrap Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.151.222.34 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BF1FA07-2778-4AB2-AAFC-D65B47D5A9D0}: DhcpNameServer = 213.151.222.34 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F615A143-678D-44E1-A0C8-1C1575F76037}: DhcpNameServer = 213.151.222.34 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014/03/26 21:21:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
[2014/03/24 16:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/03/11 22:31:37 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/11 22:31:34 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/11 22:31:34 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/03/11 22:31:34 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/03/11 22:31:34 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/03/11 22:31:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/11 22:31:34 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/11 22:31:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/03/11 22:31:33 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/03/11 22:31:31 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/11 22:31:30 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/11 22:31:28 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/11 22:31:22 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/11 22:31:21 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/11 22:31:18 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/11 22:31:17 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/11 22:31:17 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/11 22:31:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/11 22:30:15 | 002,357,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/11 22:30:13 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/03/08 14:31:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/03/08 13:59:56 | 000,188,176 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2014/03/08 13:59:46 | 000,093,968 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2014/03/08 12:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2014/03/08 12:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2014/03/08 11:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Console
[2014/03/08 11:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Console
[2014/03/03 20:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
[2014/03/01 23:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\webbsaavve
[2014/03/01 23:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\webbsaavve
[2014/03/01 23:38:51 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Roaming\EZDownloader
[2014/03/01 23:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\weebSave
[2014/03/01 23:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\weebSave
[2014/03/01 23:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2014/03/01 23:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\websaavve
[2014/03/01 23:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\websaavve
[2014/03/01 23:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Wuebbing
[2014/03/01 23:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Wuebbing
[2014/03/01 23:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NextCouP
[2014/03/01 23:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\NextCouP
[2014/03/01 23:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\wEbsaevE
[2014/03/01 23:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\wEbsaevE
[2014/03/01 23:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SNT
[2014/03/01 23:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\SNT
[2014/03/01 22:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeSoft
[2014/03/01 22:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker
[2014/03/01 22:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeAdblocker
[2014/03/01 22:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\webSave
[2014/03/01 22:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\webSave
[2014/03/01 22:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\de3b06d2133bef33
[2014/03/01 22:58:16 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Local\Torch
[2014/03/01 22:58:16 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Local\Google
[2014/03/01 22:58:16 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Local\Comodo
[2014/03/01 22:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\PartitionGuru Free
[2014/03/01 22:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Jotzey
[2014/03/01 22:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/03/01 22:19:22 | 000,000,000 | ---D | C] -- C:\Log
[2014/03/01 21:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2014/03/01 21:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2014/03/01 20:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2014/03/01 20:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/03/01 20:47:05 | 000,022,312 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\rsdrv.sys
[2014/03/01 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\Documents\Downloads
[2014/03/01 20:45:37 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Roaming\GetRightToGo
[2014/03/01 11:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2014/02/26 17:20:57 | 000,000,000 | ---D | C] -- C:\Users\uzivatel1\AppData\Local\Skype
[2014/02/26 17:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/02/26 17:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/02/25 23:54:52 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2001/12/19 10:45:00 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\Users\uzivatel1\VCdRom.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/03/26 21:25:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/03/26 21:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
[2014/03/26 20:59:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/26 19:45:12 | 000,660,750 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014/03/26 19:45:12 | 000,654,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/26 19:45:12 | 000,141,400 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014/03/26 19:45:12 | 000,122,118 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/26 19:40:27 | 1200,234,496 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/25 23:07:43 | 000,003,096 | ---- | M] () -- C:\Windows\WDICT32.INI
[2014/03/24 16:54:30 | 000,016,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/24 16:54:29 | 000,016,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/24 16:23:16 | 000,345,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/14 23:02:15 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/14 23:02:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/08 12:09:25 | 000,000,903 | ---- | M] () -- C:\Users\uzivatel1\Desktop\HD Tune.lnk
[2014/03/08 11:29:16 | 000,002,631 | ---- | M] () -- C:\Users\Public\Desktop\Flash Drive Tester v1.14.lnk
[2014/03/02 00:22:14 | 000,001,075 | ---- | M] () -- C:\Users\uzivatel1\Desktop\GetDataBack for FAT.lnk
[2014/03/01 05:11:20 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/01 05:10:48 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/03/01 04:52:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/01 04:51:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/03/01 04:43:55 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/01 04:43:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/01 04:40:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/01 04:38:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/01 04:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/03/01 04:37:35 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/03/01 04:31:30 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/01 04:25:29 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/01 04:16:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/01 04:14:15 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/01 04:03:49 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/01 04:00:08 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/01 03:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/02/26 17:20:38 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/03/26 21:25:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/03/24 16:22:48 | 000,345,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/08 13:36:10 | 000,001,075 | ---- | C] () -- C:\Users\uzivatel1\Desktop\GetDataBack for FAT.lnk
[2014/03/08 12:09:25 | 000,000,903 | ---- | C] () -- C:\Users\uzivatel1\Desktop\HD Tune.lnk
[2014/03/08 11:29:16 | 000,002,631 | ---- | C] () -- C:\Users\Public\Desktop\Flash Drive Tester v1.14.lnk
[2014/03/02 11:49:23 | 000,003,096 | ---- | C] () -- C:\Windows\WDICT32.INI
[2014/02/26 17:20:38 | 000,002,685 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/08 14:31:24 | 000,001,129 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2001/12/19 10:45:04 | 000,023,552 | ---- | C] () -- C:\Users\uzivatel1\VCdControlTool.exe
========== ZeroAccess Check ==========
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/02/24 21:17:38 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Evaer
[2014/03/01 23:38:51 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\EZDownloader
[2014/03/01 20:47:21 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\GetRightToGo
[2014/03/13 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Nokia
[2013/10/22 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\PC Suite
[2013/05/21 18:37:23 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Sound Drivers For Windows XP Utility
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 05:53:46 | 000,032,512 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
< >
< MD5 for: AGP440.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_0df88df672b38012\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_302c3064e8a4daa5\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_7f45ba754b7ae099\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17686_none_bbd0aa2d1d29e5f1\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.21772_none_bc6115bc3643046e\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.21812_none_bca1f72a361259ef\AGP440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2004/08/04 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\I386\AUTOCHK.EXE
[2010/11/20 22:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 22:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys
[2010/11/20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2012/06/02 05:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2013/05/10 05:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013/05/13 05:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013/07/09 14:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2010/11/20 22:29:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 05:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2013/05/10 06:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013/10/05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\System32\cryptsvc.dll
[2013/10/05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2011/10/12 12:26:19 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/10/12 12:26:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/10/12 12:26:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: HAL.DLL >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:hal.dll
[2010/11/20 22:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2011/10/12 13:04:14 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=5D8C314EEC58BC1A90FCE302CEAC3BF5 -- C:\Windows\System32\hal.dll
[2011/10/12 13:04:14 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=5D8C314EEC58BC1A90FCE302CEAC3BF5 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17614_none_ad305e75b7ec4d87\hal.dll
[2011/10/12 13:04:13 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=A954AC031585E6152CA48596942BF356 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.21725_none_adb02b9ed1112299\hal.dll
< MD5 for: CHANGER.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:Changer.sys
< MD5 for: IASTORV.SYS >
[2011/10/12 15:05:49 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/10/12 15:05:49 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/10/12 15:05:49 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/10/12 15:05:49 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_0df88df672b38012\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_302c3064e8a4daa5\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_7f45ba754b7ae099\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17686_none_bbd0aa2d1d29e5f1\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.21772_none_bc6115bc3643046e\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.21812_none_bca1f72a361259ef\isapnp.sys
< MD5 for: LSASS.EXE >
[2011/10/12 13:01:56 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=3ABDB971E97A59E6749B160E17335D7A -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21728_none_a8d4c49ad42f6f7f\lsass.exe
[2013/09/25 01:54:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=559C7769B397F07E12725EE55337D4C6 -- C:\Windows\System32\lsass.exe
[2013/09/25 01:54:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=559C7769B397F07E12725EE55337D4C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_a8a66792d452b56a\lsass.exe
[2013/09/25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_a80cf783bb41b5b7\lsass.exe
[2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2011/11/17 06:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
< MD5 for: NDIS.SYS >
[2012/08/22 18:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2012/08/22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys
[2012/08/22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2010/11/20 22:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
< MD5 for: NETLOGON.DLL >
[2011/10/12 13:41:00 | 000,564,224 | ---- | M] (Microsoft Corporation) MD5=1A632357783D393BCAC09A07DD57CF51 -- C:\Windows\System32\netlogon.dll
[2011/10/12 13:41:00 | 000,564,224 | ---- | M] (Microsoft Corporation) MD5=1A632357783D393BCAC09A07DD57CF51 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.21772_none_0005dfc3af8c134b\netlogon.dll
[2010/11/20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
< MD5 for: NVRAID.SYS >
[2010/11/20 22:29:03 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 22:29:03 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011/10/12 15:05:49 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\drivers\nvraid.sys
[2011/10/12 15:05:49 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/10/12 15:05:49 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011/10/12 15:05:48 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2011/10/12 15:05:48 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/10/12 15:05:48 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/10/12 15:05:48 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/10/12 15:05:48 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010/11/20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SMSS.EXE >
[2013/03/19 03:43:41 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0294CC751D7FAEB13621EEFB8A749429 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe
[2009/07/14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2004/08/04 14:00:00 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=9A98937A980831729D21343754FF9D59 -- C:\I386\SYSTEM32\SMSS.EXE
[2013/08/29 01:51:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\System32\smss.exe
[2013/08/29 01:51:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_aeb7f4db909fe272\smss.exe
[2013/03/19 03:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/10/12 12:22:15 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2011/10/12 12:22:15 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\System32\svchost.exe
[2011/10/12 12:22:15 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe
< MD5 for: TCPIP.SYS >
[2010/11/20 22:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/10/12 11:54:53 | 001,299,328 | ---- | M] (Microsoft Corporation) MD5=4AA93F6ACA15ABCDA686FE3D8A008298 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21645_none_b58fa98edddd66f5\tcpip.sys
[2013/09/07 03:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2013/09/08 03:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012/10/03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013/11/26 12:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\System32\drivers\tcpip.sys
[2013/11/26 12:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2011/10/12 11:49:03 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=DEB39B9561044164A1F40449CE95F361 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21789_none_b5686cecddfa393c\tcpip.sys
[2012/10/03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2011/10/12 12:52:16 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=F99E3D57EE87286AE9BFAFC157F53616 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21732_none_b5977a82ddd7fc26\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
< MD5 for: WINLOGON.EXE >
[2011/10/12 13:24:01 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=58AACDEE236690C090A86B5A34EC4B77 -- C:\Windows\System32\winlogon.exe
[2011/10/12 13:24:01 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=58AACDEE236690C090A86B5A34EC4B77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.21756_none_722aca974c6fd463\winlogon.exe
[2010/11/20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010/11/20 22:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010/11/20 22:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[13 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Installer\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}\*.tmp files -> C:\Windows\Installer\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b24986397a62319c872849186a7e0970\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b24986397a62319c872849186a7e0970\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013/05/20 21:30:15 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Adobe
[2013/12/31 23:10:01 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\ArcSoft
[2014/02/24 21:17:38 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Evaer
[2014/03/01 23:38:51 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\EZDownloader
[2014/03/01 20:47:21 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\GetRightToGo
[2013/05/20 20:04:27 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Identities
[2013/05/21 19:23:57 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\InstallShield
[2013/05/20 21:30:15 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Macromedia
[2011/04/12 07:45:45 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Media Center Programs
[2014/03/01 23:39:03 | 000,000,000 | --SD | M] -- C:\Users\uzivatel1\AppData\Roaming\Microsoft
[2013/05/20 21:21:25 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Mozilla
[2014/03/13 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Nokia
[2013/10/22 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\PC Suite
[2014/03/26 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Skype
[2013/05/21 18:37:23 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\Sound Drivers For Windows XP Utility
[2013/05/21 18:46:38 | 000,000,000 | ---D | M] -- C:\Users\uzivatel1\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2014/01/02 17:16:36 | 000,053,248 | R--- | M] (Flexera Software, Inc.) -- C:\Users\uzivatel1\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
[2014/01/02 17:16:36 | 000,049,152 | R--- | M] (Flexera Software, Inc.) -- C:\Users\uzivatel1\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
[2014/01/02 17:16:36 | 000,073,728 | R--- | M] (Flexera Software, Inc.) -- C:\Users\uzivatel1\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
[2014/01/02 17:16:36 | 000,073,728 | R--- | M] (Flexera Software, Inc.) -- C:\Users\uzivatel1\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
[2014/01/02 17:16:36 | 000,049,152 | R--- | M] (Flexera Software, Inc.) -- C:\Users\uzivatel1\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/03/24 16:54:29 | 000,016,864 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/24 16:54:30 | 000,016,864 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/24 16:23:16 | 000,345,200 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2014/03/26 19:45:12 | 000,141,400 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2014/03/26 19:45:12 | 000,122,118 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014/03/26 19:45:12 | 000,660,750 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2014/03/26 19:45:12 | 000,654,246 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014/03/26 19:45:12 | 001,583,678 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2014/03/26 21:29:07 | 000,001,498 | ---- | M] () -- C:\Windows\system32\sun_debug.txt
[2014/03/26 21:29:06 | 000,000,021 | ---- | M] () -- C:\Windows\system32\sun_debug1.txt
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"PC Suite Tray" = "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2012/06/26 12:10:30 | 001,516,632 | ---- | M] (Nokia)
"avichannel" = "C:\Program Files\Evaer\videochannel.exe" -- [2014/02/20 10:08:12 | 001,780,224 | ---- | M] (Evaer Technology)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/03/26 21:25:42 | 000,000,512 | ---- | M] () MD5=D80361C1F2F9B480230EC47A516C9D8A -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2004/08/04 14:00:00 | 000,017,423 | ---- | M] () -- \I386\DMLOADER.DL_
[2004/08/04 14:00:00 | 000,114,717 | ---- | M] () -- \I386\OSLOADER.EX_
[2004/08/04 14:00:00 | 000,132,317 | ---- | M] () -- \I386\OSLOADER.NT_
[2005/03/12 19:39:26 | 000,104,032 | ---- | M] () -- \IBMTOOLS\apps\NORTONIS\SETUP\ASCORE\COMMON\SYMSHARE\ANTISPAM\ASLOADER.DLL
[2006/10/26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2012/02/03 04:32:08 | 000,112,128 | ---- | M] () -- \Program Files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2009/01/08 07:11:26 | 000,077,824 | ---- | M] () -- \Program Files\Hama\Hama Webcam Suite\WebCam Companion 3\ASDownloader.exe
[2012/06/26 11:36:38 | 000,002,560 | ---- | M] () -- \Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_eng.NLR
[2014/03/24 22:40:50 | 000,001,870 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79THPEEC\AdLoader[1].htm
[2014/03/24 22:40:50 | 000,112,122 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F62ZOXRB\AdLoader-7b473315d0084c71df83cdee72aab144.min[1].js
[2014/01/28 19:35:56 | 000,072,638 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Skype\Apps\login\images\loader.gif
[2014/01/28 19:35:56 | 000,003,032 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Skype\Apps\login\images\loader.png
[2014/01/28 19:35:56 | 000,006,012 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014/01/28 19:35:56 | 000,021,956 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014/01/28 19:35:56 | 000,009,772 | ---- | M] () -- \Users\uzivatel1\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014/03/13 22:26:16 | 000,000,673 | ---- | M] () -- \Users\uzivatel1\AppData\Roaming\Mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\donottrackplus@abine.com\pages\images\ajax_loader.gif
[2013/08/02 06:53:29 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2014/03/26 19:43:47 | 000,003,424 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
[2009/07/14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2011/10/12 12:28:53 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_359e67f47490d51d.manifest
[2011/10/12 12:28:53 | 000,034,688 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_359e67f47490d51d_winload.exe.mui_3bc5b827
[2011/10/12 12:28:53 | 000,030,592 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_359e67f47490d51d_winresume.exe.mui_ff8b5358
[2011/10/12 12:28:54 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_78f4b3505b8b317b.manifest
[2011/10/12 12:28:54 | 000,033,152 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_78f4b3505b8b317b_winload.exe.mui_3bc5b827
[2011/10/12 12:28:54 | 000,030,080 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_78f4b3505b8b317b_winresume.exe.mui_ff8b5358
[2011/10/12 12:28:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_5d77e1aae4365a1a.manifest
[2011/10/12 12:28:55 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_5d77e1aae4365a1a_winload.exe_75835076
[2011/10/12 12:28:56 | 000,443,744 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_5d77e1aae4365a1a_winresume.exe_85cd1215
[2009/07/14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2011/10/12 10:56:03 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2011/04/12 07:36:14 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2011/10/12 12:28:35 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_359e67f47490d51d.manifest
[2011/10/12 12:28:35 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_78f4b3505b8b317b.manifest
[2010/11/20 22:23:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2011/10/12 12:28:35 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_5d77e1aae4365a1a.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_43913ee0afad8a79.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_da-dk_e0cb1f07a5f38678.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_el-gr_868ce1d696df43a0.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_fi-fi_25cdebcd8be8caa6.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_hu-hu_70dadd676e00bdfa.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_ko-kr_5921af28465ead4d.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_nb-no_41b4305d1e83d909.manifest
[2011/10/12 12:28:35 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pl-pl_862fd61d04d25092.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pt-br_8883c0c1035be476.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pt-pt_8965902d02cb5452.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_ru-ru_d008a1f0e7ace27e.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_sv-se_6c038c65ded5ecd9.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_tr-tr_1510d6accd91eeca.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-cn_e66df4aa7dc9c0e9.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-hk_e518ed387ea53379.manifest
[2011/10/12 12:28:36 | 000,002,886 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-tw_ea6a32007b3a9d59.manifest
[2009/07/14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 02:48:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/10/12 13:11:34 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21773_none_0d0118c0f3613787\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 06:53:29 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2004/08/04 14:00:00 | 000,024,869 | ---- | M] () -- \I386\DPSERIAL.DL_
[2004/08/04 14:00:00 | 000,030,067 | ---- | M] () -- \I386\SERIAL.SY_
[2004/08/04 14:00:00 | 000,006,409 | ---- | M] () -- \I386\SERIALUI.DL_
[2006/01/06 22:49:16 | 000,001,030 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution.xml
[2006/01/06 22:49:16 | 000,002,853 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_de_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_es_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_fr_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_it_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_ja_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_ko_lenovo.p5p
[2006/01/06 22:49:16 | 000,005,930 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_nl_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_pt_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_zh-cn_lenovo.p5p
[2006/01/06 22:49:16 | 000,001,321 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\serialportSolution\serialportSolution_zh-tw_lenovo.p5p
[2006/01/06 22:49:38 | 000,004,672 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\a30serial.gif
[2006/01/06 22:49:38 | 000,000,932 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution.xml
[2006/01/06 22:49:38 | 000,001,792 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_de_lenovo.p5p
[2006/01/06 22:49:38 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_es_lenovo.p5p
[2006/01/06 22:49:38 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_fr_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_it_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_ja_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_ko_lenovo.p5p
[2006/01/06 22:49:40 | 000,005,094 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_nl_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_pt_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_zh-cn_lenovo.p5p
[2006/01/06 22:49:40 | 000,001,228 | ---- | M] () -- \IBMTOOLS\apps\PCDRWIN\Custom\solution\TPserialportSolution\TPserialportSolution_zh-tw_lenovo.p5p
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011/10/12 11:02:41 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2014/03/02 00:21:10 | 002,554,035 | ---- | M] () -- \Users\uzivatel1\Downloads\GetDataBack-for-FAT-v4.0.0.1+Serial-Key.rar
[2011/06/08 13:59:39 | 000,000,275 | ---- | M] () -- \Users\uzivatel1\Downloads\GetDataBack-for-FAT-v4.0.0.1+Serial-Key\GetDataBack for FAT v4.0.0.1+Serial Key\FAT Serial.txt
[2011/10/12 11:00:13 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2011/10/12 13:52:02 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014/02/13 10:15:53 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\90e320b6ff84382fe16b0991b2efb991\System.Runtime.Serialization.ni.dll
[2014/02/13 09:24:34 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\cadf4ad3f9671ad31ebc3388bce3fc53\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/26 21:53:57 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/26 21:53:57 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014/02/26 21:53:38 | 002,825,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
[2014/02/26 21:53:38 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll.aux
[2014/02/27 18:52:21 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll
[2014/02/27 18:52:21 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll.aux
[2013/09/11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013/09/11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013/09/11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013/09/11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013/09/11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011/10/12 10:57:18 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/10/05 11:56:07 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/09/11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013/09/11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013/09/11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013/09/11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013/09/11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2011/10/12 10:58:12 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009/07/14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2011/10/12 11:01:07 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2011/04/12 07:36:43 | 000,010,240 | ---- | M] () -- \Windows\System32\drivers\en-US\serial.sys.mui
[2009/07/13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009/07/14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009/07/13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2011/04/12 07:36:39 | 000,005,120 | ---- | M] () -- \Windows\System32\sk-SK\serialui.dll.mui
[2009/07/14 03:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 03:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2011/10/12 11:04:47 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2011/04/12 07:36:56 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c_serialui.dll.mui_7d29d2a3
[2009/07/14 03:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2010/11/20 22:24:56 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012/10/05 18:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2011/10/12 13:51:56 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21812_none_8fb1a8a08e81acb2.manifest
[2012/10/05 18:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2011/10/12 10:55:41 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2011/04/12 07:36:21 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012/10/05 20:04:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012/10/05 18:12:04 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2011/10/12 13:51:55 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21812_cs-cz_1d5cef599dcdcccc.manifest
[2011/10/12 13:51:55 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21812_en-us_7879696fd97917de.manifest
[2012/10/05 20:02:24 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2012/10/05 18:12:20 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2010/11/20 22:24:56 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012/10/05 18:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2011/10/12 13:51:56 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21812_none_bff4de3ab628ade5.manifest
[2012/10/05 18:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009/07/14 02:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 02:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2010/11/20 22:24:56 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012/10/05 18:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2011/10/12 13:51:56 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_c4cf8a07f6ff4827.manifest
[2012/10/05 18:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2011/10/12 11:00:13 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/11/20 22:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012/10/05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2011/10/12 13:52:04 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21812_none_8fb1a8a08e81acb2\System.Runtime.Serialization.dll
[2012/10/05 11:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2011/10/12 11:02:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2011/10/12 13:52:02 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2011/10/12 13:52:02 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21812_cs-cz_1d5cef599dcdcccc\System.RunTime.Serialization.Resources.dll
[2011/10/12 13:52:02 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2010/11/20 22:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2011/10/12 13:52:04 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21812_none_bff4de3ab628ade5\System.Runtime.Serialization.dll
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009/07/13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2011/10/12 10:57:18 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_c233d4df09982c29\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011/10/12 10:58:12 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2011/04/12 07:36:39 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c\serialui.dll.mui
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2011/10/12 11:02:41 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2011/10/12 11:01:07 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2011/04/12 07:36:43 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07e2c405948a55f4\serial.sys.mui
[2009/07/14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009/07/13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2010/11/20 22:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2011/10/12 13:52:03 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_c4cf8a07f6ff4827\System.Runtime.Serialization.dll
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll
< *w7lxe* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:6DDED7D9
< End of report >
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim kontrola logu rsit
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:
Po restartu se objevi novy log, ten sem dejte.
Do spodniho okna vlozte nasledujici text:
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.webisawsome.info/?pid= ... K&unqvl=49
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.webisawsome.info/?l=1& ... K&unqvl=49
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=591
IE - HKU\S-1-5-21-1707592230-9377432-2897197462-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.webisawsome.info/?l=1& ... K&unqvl=49
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.webisawsome.info/?pid= ... =49&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
O2 - BHO: (webSave) - {00D80CC2-26D6-97BC-B025-BD2F3992BEC8} - C:\Program Files\webSave\wlS.dll ()
O2 - BHO: (SNT) - {14E14886-58C2-A320-47DE-CC7357648A84} - C:\Program Files\SNT\YNcHKooM.dll ()
O2 - BHO: (weebSave) - {96537513-EA85-5BC1-52B0-101C195DCB21} - C:\Program Files\weebSave\6X.dll ()
O2 - BHO: (websaavve) - {F732E6D2-7436-2CB0-3E7D-1D72903D1A54} - C:\Program Files\websaavve\FQn14rR.dll ()
O13 - gopher Prefix: missing
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:6DDED7D9
:files
c:\Program Files\webSave
C:\Program Files\SNT
C:\Program Files\websaavve
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]
Po restartu se objevi novy log, ten sem dejte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim kontrola logu rsit
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKEY_USERS\S-1-5-21-1707592230-9377432-2897197462-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1707592230-9377432-2897197462-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1707592230-9377432-2897197462-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Prefs.js: "WebSearch" removed from browser.search.defaultenginename
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: "http://websearch.webisawsome.info/?pid= ... =49&l=1&q=" removed from browser.search.defaulturl
Prefs.js: "WebSearch" removed from browser.search.order.1
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: "WebSearch" removed from browser.search.selectedEngine
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D80CC2-26D6-97BC-B025-BD2F3992BEC8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00D80CC2-26D6-97BC-B025-BD2F3992BEC8}\ deleted successfully.
C:\Program Files\webSave\wlS.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14E14886-58C2-A320-47DE-CC7357648A84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14E14886-58C2-A320-47DE-CC7357648A84}\ deleted successfully.
C:\Program Files\SNT\YNcHKooM.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96537513-EA85-5BC1-52B0-101C195DCB21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96537513-EA85-5BC1-52B0-101C195DCB21}\ deleted successfully.
C:\Program Files\weebSave\6X.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F732E6D2-7436-2CB0-3E7D-1D72903D1A54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F732E6D2-7436-2CB0-3E7D-1D72903D1A54}\ deleted successfully.
C:\Program Files\websaavve\FQn14rR.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
ADS C:\ProgramData\TEMP:6DDED7D9 deleted successfully.
========== FILES ==========
c:\Program Files\webSave folder moved successfully.
C:\Program Files\SNT folder moved successfully.
C:\Program Files\websaavve folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
User: Public
User: uzivatel1
->Temp folder emptied: 4665384 bytes
->Temporary Internet Files folder emptied: 4743223 bytes
->FireFox cache emptied: 5104986 bytes
->Flash cache emptied: 707 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4802 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 14,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Guest
User: Public
User: uzivatel1
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 03272014_210032
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKEY_USERS\S-1-5-21-1707592230-9377432-2897197462-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1707592230-9377432-2897197462-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1707592230-9377432-2897197462-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Prefs.js: "WebSearch" removed from browser.search.defaultenginename
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: "http://websearch.webisawsome.info/?pid= ... =49&l=1&q=" removed from browser.search.defaulturl
Prefs.js: "WebSearch" removed from browser.search.order.1
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: "WebSearch" removed from browser.search.selectedEngine
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D80CC2-26D6-97BC-B025-BD2F3992BEC8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00D80CC2-26D6-97BC-B025-BD2F3992BEC8}\ deleted successfully.
C:\Program Files\webSave\wlS.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14E14886-58C2-A320-47DE-CC7357648A84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14E14886-58C2-A320-47DE-CC7357648A84}\ deleted successfully.
C:\Program Files\SNT\YNcHKooM.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96537513-EA85-5BC1-52B0-101C195DCB21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96537513-EA85-5BC1-52B0-101C195DCB21}\ deleted successfully.
C:\Program Files\weebSave\6X.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F732E6D2-7436-2CB0-3E7D-1D72903D1A54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F732E6D2-7436-2CB0-3E7D-1D72903D1A54}\ deleted successfully.
C:\Program Files\websaavve\FQn14rR.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
ADS C:\ProgramData\TEMP:6DDED7D9 deleted successfully.
========== FILES ==========
c:\Program Files\webSave folder moved successfully.
C:\Program Files\SNT folder moved successfully.
C:\Program Files\websaavve folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
User: Public
User: uzivatel1
->Temp folder emptied: 4665384 bytes
->Temporary Internet Files folder emptied: 4743223 bytes
->FireFox cache emptied: 5104986 bytes
->Flash cache emptied: 707 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4802 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 14,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Guest
User: Public
User: uzivatel1
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 03272014_210032
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim kontrola logu rsit
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim kontrola logu rsit
dakujem, uz to nemrzne.
mohli by ste vysvetlit, co to bola za haved?
mohli by ste vysvetlit, co to bola za haved?
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim kontrola logu rsit
AdWary a zbytečnosti v prohlížeči webu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim kontrola logu rsit
prosim znovu o kontrolu OTL, znova sa spomaluje pocitac...
OTL logfile created on: 16. 4. 2014 21:23:52 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\uzivatel1\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
1,49 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 47,48% Memory free
2,98 Gb Paging File | 2,10 Gb Available in Paging File | 70,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,70 Gb Total Space | 29,93 Gb Free Space | 42,95% Space Free | Partition Type: NTFS
Computer Name: PC1 | User Name: uzivatel1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/30 17:39:22 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/03/28 18:46:28 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/03/26 22:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/06/26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/06/11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/06/11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012/06/11 11:33:04 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/10/12 13:26:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 23:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/30 17:39:20 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/28 18:46:28 | 016,276,872 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2012/06/26 13:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012/06/26 13:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012/06/26 13:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012/06/26 13:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012/06/26 13:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012/06/26 13:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
========== Services (SafeList) ==========
SRV - [2014/03/30 17:39:20 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/06 09:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/20 22:24:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013/11/28 20:28:22 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013/11/28 20:27:22 | 000,084,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2012/10/18 11:12:06 | 000,971,752 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2012/06/11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/10/12 13:32:39 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/07 09:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/06/25 07:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 07:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/02/12 16:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008/04/24 14:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 90 B6 B3 94 55 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "google.sk"
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.4.5
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.2.1072
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/05/20 22:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Extensions
[2014/04/13 10:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions
[2013/10/01 23:50:42 | 000,000,000 | ---D | M] (Block site) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2014/03/01 23:59:57 | 000,000,000 | ---D | M] (YoutubeAdblocker) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\aux0nwk@rv-.edu
[2014/03/13 23:35:43 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\donottrackplus@abine.com
[2014/01/04 11:43:34 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\https-everywhere@eff.org
[2014/04/13 10:37:14 | 001,539,038 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\firefox@ghostery.com.xpi
[2014/02/11 16:56:26 | 000,081,960 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2014/03/25 22:46:44 | 000,537,316 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/02/26 17:14:02 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/30 17:41:04 | 000,007,855 | ---- | M] () -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\searchplugins\WebSearch.xml
[2013/09/08 09:37:14 | 000,001,502 | ---- | M] () -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\searchplugins\zonealarm.xml
[2014/03/30 17:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/30 17:39:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (YoutubeAdblocker) - {54B82E5B-6830-736E-6949-AA9E153BD3A3} - C:\Program Files\YoutubeAdblocker\Gx4xCSv_.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\System32\MPG4ds32.ax (Microcrap Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.151.222.34 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BF1FA07-2778-4AB2-AAFC-D65B47D5A9D0}: DhcpNameServer = 213.151.222.34 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F615A143-678D-44E1-A0C8-1C1575F76037}: DhcpNameServer = 213.151.222.34 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/11 22:06:12 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/04/11 22:06:08 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/11 22:06:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/04/11 22:06:05 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/04/11 22:06:04 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/04/11 22:06:04 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/04/11 22:06:04 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/04/11 22:06:03 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/04/11 22:06:02 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/04/11 22:06:02 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/04/11 22:06:01 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/04/11 22:06:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/04/11 22:06:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/04/11 22:06:01 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/04/11 22:06:00 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/04/11 22:06:00 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/04/11 22:06:00 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/04/11 22:06:00 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/04/11 22:05:53 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/04/11 22:05:44 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/04/10 21:05:28 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/04/10 21:05:28 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/04/10 21:05:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll
[2014/04/10 21:05:23 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2014/04/10 21:05:23 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2014/04/10 21:05:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2014/04/10 21:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/04/10 21:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2014/04/10 21:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2014/04/10 21:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/04/10 21:05:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2014/04/10 21:05:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2014/04/10 21:05:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2014/04/10 21:05:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2014/04/05 11:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
[2014/04/05 11:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Phone
[2014/04/05 11:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2014/04/05 11:46:31 | 000,000,000 | -HSD | C] -- C:\Users\uzivatel1\Phone Browser
[2014/03/30 17:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/28 18:45:31 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/28 18:45:31 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/27 22:00:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/26 22:21:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
[2014/03/24 17:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2001/12/19 11:45:00 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\Users\uzivatel1\VCdRom.sys
========== Files - Modified Within 30 Days ==========
[2014/04/16 21:03:55 | 000,660,750 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014/04/16 21:03:55 | 000,654,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/16 21:03:55 | 000,141,400 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014/04/16 21:03:55 | 000,122,118 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/16 20:59:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/16 20:59:21 | 1200,234,496 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/15 19:49:21 | 000,016,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/15 19:49:20 | 000,016,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/13 18:26:17 | 000,345,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/05 21:02:22 | 000,003,146 | ---- | M] () -- C:\Windows\WDICT32.INI
[2014/04/05 11:43:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/03/28 18:46:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/28 18:46:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/26 22:25:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/03/26 22:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
========== Files Created - No Company Name ==========
[2014/04/13 18:24:56 | 000,345,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/05 11:43:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/03/26 22:25:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/03/02 12:49:23 | 000,003,146 | ---- | C] () -- C:\Windows\WDICT32.INI
[2013/09/08 15:31:24 | 000,001,129 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2001/12/19 11:45:04 | 000,023,552 | ---- | C] () -- C:\Users\uzivatel1\VCdControlTool.exe
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
OTL logfile created on: 16. 4. 2014 21:23:52 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\uzivatel1\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
1,49 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 47,48% Memory free
2,98 Gb Paging File | 2,10 Gb Available in Paging File | 70,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,70 Gb Total Space | 29,93 Gb Free Space | 42,95% Space Free | Partition Type: NTFS
Computer Name: PC1 | User Name: uzivatel1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/30 17:39:22 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/03/28 18:46:28 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/03/26 22:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/06/26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/06/11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/06/11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012/06/11 11:33:04 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/10/12 13:26:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 23:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/30 17:39:20 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/28 18:46:28 | 016,276,872 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2012/06/26 13:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012/06/26 13:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012/06/26 13:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012/06/26 13:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012/06/26 13:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012/06/26 13:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
========== Services (SafeList) ==========
SRV - [2014/03/30 17:39:20 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/06 09:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/20 22:24:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013/11/28 20:28:22 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013/11/28 20:27:22 | 000,084,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2012/10/18 11:12:06 | 000,971,752 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2012/06/11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/10/12 13:32:39 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/07 09:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/06/25 07:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 07:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/02/12 16:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008/04/24 14:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 90 B6 B3 94 55 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "google.sk"
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.4.5
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.2.1072
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/05/20 22:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Extensions
[2014/04/13 10:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions
[2013/10/01 23:50:42 | 000,000,000 | ---D | M] (Block site) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2014/03/01 23:59:57 | 000,000,000 | ---D | M] (YoutubeAdblocker) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\aux0nwk@rv-.edu
[2014/03/13 23:35:43 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\donottrackplus@abine.com
[2014/01/04 11:43:34 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\Firefox\Profiles\1nwjnv6x.default\extensions\https-everywhere@eff.org
[2014/04/13 10:37:14 | 001,539,038 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\firefox@ghostery.com.xpi
[2014/02/11 16:56:26 | 000,081,960 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2014/03/25 22:46:44 | 000,537,316 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/02/26 17:14:02 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/30 17:41:04 | 000,007,855 | ---- | M] () -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\searchplugins\WebSearch.xml
[2013/09/08 09:37:14 | 000,001,502 | ---- | M] () -- C:\Users\uzivatel1\AppData\Roaming\mozilla\firefox\profiles\1nwjnv6x.default\searchplugins\zonealarm.xml
[2014/03/30 17:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/30 17:39:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (YoutubeAdblocker) - {54B82E5B-6830-736E-6949-AA9E153BD3A3} - C:\Program Files\YoutubeAdblocker\Gx4xCSv_.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\System32\MPG4ds32.ax (Microcrap Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.151.222.34 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BF1FA07-2778-4AB2-AAFC-D65B47D5A9D0}: DhcpNameServer = 213.151.222.34 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F615A143-678D-44E1-A0C8-1C1575F76037}: DhcpNameServer = 213.151.222.34 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/11 22:06:12 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/04/11 22:06:08 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/11 22:06:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/04/11 22:06:05 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/04/11 22:06:04 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/04/11 22:06:04 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/04/11 22:06:04 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/04/11 22:06:03 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/04/11 22:06:02 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/04/11 22:06:02 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/04/11 22:06:01 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/04/11 22:06:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/04/11 22:06:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/04/11 22:06:01 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/04/11 22:06:00 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/04/11 22:06:00 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/04/11 22:06:00 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/04/11 22:06:00 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/04/11 22:05:53 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/04/11 22:05:44 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/04/10 21:05:28 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/04/10 21:05:28 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/04/10 21:05:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll
[2014/04/10 21:05:23 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2014/04/10 21:05:23 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2014/04/10 21:05:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2014/04/10 21:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/04/10 21:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2014/04/10 21:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2014/04/10 21:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2014/04/10 21:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/04/10 21:05:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2014/04/10 21:05:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2014/04/10 21:05:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2014/04/10 21:05:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2014/04/10 21:05:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2014/04/05 11:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
[2014/04/05 11:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Phone
[2014/04/05 11:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2014/04/05 11:46:31 | 000,000,000 | -HSD | C] -- C:\Users\uzivatel1\Phone Browser
[2014/03/30 17:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/28 18:45:31 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/28 18:45:31 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/27 22:00:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/26 22:21:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
[2014/03/24 17:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2001/12/19 11:45:00 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\Users\uzivatel1\VCdRom.sys
========== Files - Modified Within 30 Days ==========
[2014/04/16 21:03:55 | 000,660,750 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014/04/16 21:03:55 | 000,654,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/16 21:03:55 | 000,141,400 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014/04/16 21:03:55 | 000,122,118 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/16 20:59:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/16 20:59:21 | 1200,234,496 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/15 19:49:21 | 000,016,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/15 19:49:20 | 000,016,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/13 18:26:17 | 000,345,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/05 21:02:22 | 000,003,146 | ---- | M] () -- C:\Windows\WDICT32.INI
[2014/04/05 11:43:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/03/28 18:46:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/28 18:46:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/26 22:25:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/03/26 22:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\uzivatel1\Desktop\OTL.exe
========== Files Created - No Company Name ==========
[2014/04/13 18:24:56 | 000,345,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/05 11:43:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/03/26 22:25:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/03/02 12:49:23 | 000,003,146 | ---- | C] () -- C:\Windows\WDICT32.INI
[2013/09/08 15:31:24 | 000,001,129 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2001/12/19 11:45:04 | 000,023,552 | ---- | C] () -- C:\Users\uzivatel1\VCdControlTool.exe
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim kontrola logu rsit
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim kontrola logu rsit
ComboFix 14-04-12.01 - uzivatel1 . 04. 2014 13:53:21.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.1526.701 [GMT 2:00]
Running from: c:\users\uzivatel1\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\YoutubeAdblocker
c:\program files\YoutubeAdblocker\Gx4xCSv_.dat
c:\program files\YoutubeAdblocker\Gx4xCSv_.dll
c:\program files\YoutubeAdblocker\Gx4xCSv_.tlb
c:\program files\YoutubeAdblocker\Gx4xCSv_.x64.dll
c:\users\uzivatel1\AppData\Roaming\Evaer
c:\users\uzivatel1\AppData\Roaming\Evaer\record.xml
.
.
((((((((((((((((((((((((( Files Created from 2014-03-18 to 2014-04-18 )))))))))))))))))))))))))))))))
.
.
2014-04-18 12:02 . 2014-04-18 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-15 17:25 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31E91776-CC92-4BB2-A3FB-4B6098304271}\mpengine.dll
2014-04-11 20:05 . 2014-03-06 07:34 1398784 ----a-w- c:\program files\Internet Explorer\MemoryAnalyzer.dll
2014-04-10 19:05 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-05 09:50 . 2014-04-05 09:50 -------- d-----w- c:\program files\Windows Phone
2014-04-05 09:49 . 2014-04-05 09:49 -------- d-----w- c:\programdata\Applications
2014-04-05 09:46 . 2014-04-06 18:58 -------- d-sh--w- c:\users\uzivatel1\Phone Browser
2014-03-28 16:45 . 2014-03-28 16:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-28 16:45 . 2014-03-28 16:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-27 20:00 . 2014-03-27 20:00 -------- d-----w- C:\_OTL
2014-03-26 20:25 . 2014-03-26 20:25 512 ----a-w- C:\PhysicalMBR.bin
2014-03-24 15:33 . 2014-03-24 15:33 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-07 01:09 . 2014-03-11 21:30 2357760 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-11 21:30 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-11 21:31 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06 . 2014-03-11 21:30 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07 . 2014-03-11 21:30 185344 ----a-w- c:\windows\system32\wwansvc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-06-03 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 17:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 14:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-10-12 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-11-28 104720]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2013-11-28 84752]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-20 1343400]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2009-02-12 22312]
S2 uCamMonitor;CamMonitor;c:\program files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2012-10-18 971752]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.151.222.34 192.168.0.1
FF - ProfilePath - c:\users\uzivatel1\AppData\Roaming\Mozilla\Firefox\Profiles\1nwjnv6x.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - user.js: extensions.zonealarm.hpOld0 - www.google.sk
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 2442211b0000000000000016cee12ac9
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15956
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.09:37
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN119664995617125-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=en&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{54B82E5B-6830-736E-6949-AA9E153BD3A3} - c:\program files\YoutubeAdblocker\Gx4xCSv_.dll
MSConfigStartUp-avichannel - c:\program files\Evaer\videochannel.exe
MSConfigStartUp-Driver Pro - c:\program files\Driver Pro\DPLauncher.exe
MSConfigStartUp-Eraser - c:\progra~1\Eraser\Eraser.exe
MSConfigStartUp-LiveSupport - c:\program files\LiveSupport\LiveSupport.exe
MSConfigStartUp-Optimizer Pro - c:\program files\Optimizer Pro\OptProLauncher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-18 14:05:19
ComboFix-quarantined-files.txt 2014-04-18 12:05
.
Pre-Run: 31 996 887 040 bytes free
Post-Run: 31 875 178 496 bytes free
.
- - End Of File - - BDBA67779D5A22A3AC1739F84C6AD406
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.1526.701 [GMT 2:00]
Running from: c:\users\uzivatel1\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\YoutubeAdblocker
c:\program files\YoutubeAdblocker\Gx4xCSv_.dat
c:\program files\YoutubeAdblocker\Gx4xCSv_.dll
c:\program files\YoutubeAdblocker\Gx4xCSv_.tlb
c:\program files\YoutubeAdblocker\Gx4xCSv_.x64.dll
c:\users\uzivatel1\AppData\Roaming\Evaer
c:\users\uzivatel1\AppData\Roaming\Evaer\record.xml
.
.
((((((((((((((((((((((((( Files Created from 2014-03-18 to 2014-04-18 )))))))))))))))))))))))))))))))
.
.
2014-04-18 12:02 . 2014-04-18 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-15 17:25 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31E91776-CC92-4BB2-A3FB-4B6098304271}\mpengine.dll
2014-04-11 20:05 . 2014-03-06 07:34 1398784 ----a-w- c:\program files\Internet Explorer\MemoryAnalyzer.dll
2014-04-10 19:05 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-05 09:50 . 2014-04-05 09:50 -------- d-----w- c:\program files\Windows Phone
2014-04-05 09:49 . 2014-04-05 09:49 -------- d-----w- c:\programdata\Applications
2014-04-05 09:46 . 2014-04-06 18:58 -------- d-sh--w- c:\users\uzivatel1\Phone Browser
2014-03-28 16:45 . 2014-03-28 16:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-28 16:45 . 2014-03-28 16:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-27 20:00 . 2014-03-27 20:00 -------- d-----w- C:\_OTL
2014-03-26 20:25 . 2014-03-26 20:25 512 ----a-w- C:\PhysicalMBR.bin
2014-03-24 15:33 . 2014-03-24 15:33 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-07 01:09 . 2014-03-11 21:30 2357760 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-11 21:30 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-11 21:31 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06 . 2014-03-11 21:30 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07 . 2014-03-11 21:30 185344 ----a-w- c:\windows\system32\wwansvc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-06-03 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 17:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 14:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-10-12 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-11-28 104720]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2013-11-28 84752]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-20 1343400]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2009-02-12 22312]
S2 uCamMonitor;CamMonitor;c:\program files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2012-10-18 971752]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.151.222.34 192.168.0.1
FF - ProfilePath - c:\users\uzivatel1\AppData\Roaming\Mozilla\Firefox\Profiles\1nwjnv6x.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - user.js: extensions.zonealarm.hpOld0 - www.google.sk
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 2442211b0000000000000016cee12ac9
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15956
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.09:37
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN119664995617125-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=en&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{54B82E5B-6830-736E-6949-AA9E153BD3A3} - c:\program files\YoutubeAdblocker\Gx4xCSv_.dll
MSConfigStartUp-avichannel - c:\program files\Evaer\videochannel.exe
MSConfigStartUp-Driver Pro - c:\program files\Driver Pro\DPLauncher.exe
MSConfigStartUp-Eraser - c:\progra~1\Eraser\Eraser.exe
MSConfigStartUp-LiveSupport - c:\program files\LiveSupport\LiveSupport.exe
MSConfigStartUp-Optimizer Pro - c:\program files\Optimizer Pro\OptProLauncher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-18 14:05:19
ComboFix-quarantined-files.txt 2014-04-18 12:05
.
Pre-Run: 31 996 887 040 bytes free
Post-Run: 31 875 178 496 bytes free
.
- - End Of File - - BDBA67779D5A22A3AC1739F84C6AD406
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim kontrola logu rsit
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim kontrola logu rsit
vkladam, no stale spomaluje pri prihlaseni sa na niektore stranky.
ComboFix 14-04-12.01 - uzivatel1 . 04. 2014 21:46:21.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.1526.1037 [GMT 2:00]
Running from: c:\users\uzivatel1\Desktop\ComboFix.exe
Command switches used :: c:\users\uzivatel1\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-18 to 2014-04-18 )))))))))))))))))))))))))))))))
.
.
2014-04-18 19:54 . 2014-04-18 19:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-04-18 19:54 . 2014-04-18 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-18 19:54 . 2014-04-18 19:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-04-18 18:56 . 2014-04-17 03:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C545BA8-AD4D-459B-8BE2-089A84CF00BD}\mpengine.dll
2014-04-11 20:05 . 2014-03-06 07:34 1398784 ----a-w- c:\program files\Internet Explorer\MemoryAnalyzer.dll
2014-04-10 19:05 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-05 09:50 . 2014-04-05 09:50 -------- d-----w- c:\program files\Windows Phone
2014-04-05 09:49 . 2014-04-05 09:49 -------- d-----w- c:\programdata\Applications
2014-04-05 09:46 . 2014-04-06 18:58 -------- d-sh--w- c:\users\uzivatel1\Phone Browser
2014-03-28 16:45 . 2014-03-28 16:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-28 16:45 . 2014-03-28 16:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-27 20:00 . 2014-03-27 20:00 -------- d-----w- C:\_OTL
2014-03-26 20:25 . 2014-03-26 20:25 512 ----a-w- C:\PhysicalMBR.bin
2014-03-24 15:33 . 2014-03-24 15:33 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-31 07:35 . 2013-05-20 20:18 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-02-07 01:09 . 2014-03-11 21:30 2357760 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-11 21:30 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-11 21:31 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06 . 2014-03-11 21:30 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07 . 2014-03-11 21:30 185344 ----a-w- c:\windows\system32\wwansvc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-06-03 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 17:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 14:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-10-12 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-11-28 104720]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2013-11-28 84752]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-20 1343400]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2009-02-12 22312]
S2 uCamMonitor;CamMonitor;c:\program files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2012-10-18 971752]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.151.222.34 192.168.0.1
FF - ProfilePath - c:\users\uzivatel1\AppData\Roaming\Mozilla\Firefox\Profiles\1nwjnv6x.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - user.js: extensions.zonealarm.hpOld0 - www.google.sk
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 2442211b0000000000000016cee12ac9
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15956
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.09:37
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN119664995617125-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=en&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1348)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2014-04-18 22:01:05 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-18 20:01
ComboFix2.txt 2014-04-18 12:05
.
Pre-Run: 31 844 663 296 bytes free
Post-Run: 31 705 980 928 bytes free
.
- - End Of File - - 7AD3FEBF1599FC1931FFDD01BC7778A6
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-04-12.01 - uzivatel1 . 04. 2014 21:46:21.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.1526.1037 [GMT 2:00]
Running from: c:\users\uzivatel1\Desktop\ComboFix.exe
Command switches used :: c:\users\uzivatel1\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-18 to 2014-04-18 )))))))))))))))))))))))))))))))
.
.
2014-04-18 19:54 . 2014-04-18 19:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-04-18 19:54 . 2014-04-18 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-18 19:54 . 2014-04-18 19:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-04-18 18:56 . 2014-04-17 03:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C545BA8-AD4D-459B-8BE2-089A84CF00BD}\mpengine.dll
2014-04-11 20:05 . 2014-03-06 07:34 1398784 ----a-w- c:\program files\Internet Explorer\MemoryAnalyzer.dll
2014-04-10 19:05 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-05 09:50 . 2014-04-05 09:50 -------- d-----w- c:\program files\Windows Phone
2014-04-05 09:49 . 2014-04-05 09:49 -------- d-----w- c:\programdata\Applications
2014-04-05 09:46 . 2014-04-06 18:58 -------- d-sh--w- c:\users\uzivatel1\Phone Browser
2014-03-28 16:45 . 2014-03-28 16:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-28 16:45 . 2014-03-28 16:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-27 20:00 . 2014-03-27 20:00 -------- d-----w- C:\_OTL
2014-03-26 20:25 . 2014-03-26 20:25 512 ----a-w- C:\PhysicalMBR.bin
2014-03-24 15:33 . 2014-03-24 15:33 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-31 07:35 . 2013-05-20 20:18 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-02-07 01:09 . 2014-03-11 21:30 2357760 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-11 21:30 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-11 21:31 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06 . 2014-03-11 21:30 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07 . 2014-03-11 21:30 185344 ----a-w- c:\windows\system32\wwansvc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-06-03 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 17:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 14:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-10-12 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-11-28 104720]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2013-11-28 84752]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-20 1343400]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2009-02-12 22312]
S2 uCamMonitor;CamMonitor;c:\program files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2012-10-18 971752]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.151.222.34 192.168.0.1
FF - ProfilePath - c:\users\uzivatel1\AppData\Roaming\Mozilla\Firefox\Profiles\1nwjnv6x.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - user.js: extensions.zonealarm.hpOld0 - www.google.sk
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 2442211b0000000000000016cee12ac9
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15956
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.09:37
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN119664995617125-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=en&gu=71e15a58c9f2405e8f21dd606953e736&tu=10G9z009w2B0Ca0&sku=&tstsId=&ver=&
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1348)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2014-04-18 22:01:05 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-18 20:01
ComboFix2.txt 2014-04-18 12:05
.
Pre-Run: 31 844 663 296 bytes free
Post-Run: 31 705 980 928 bytes free
.
- - End Of File - - 7AD3FEBF1599FC1931FFDD01BC7778A6
A36C5E4F47E84449FF07ED3517B43A31
Přispějete na provoz fóra?
